c088d03f7de445220e7b1b6b831d1c8b96d1b32c9395cd614d4dfb39ad3b16d33ec304a2e37e93092300c6a9f27aebf4e64968d3261a186548c45d17c342f8d3b4b9aabefe6e4c5986c3a65bbc69d02fd25a277147f65ccb42533302a65d4fa27dcf5480bf7677f8e625b978a0fa36a5d2ae301fb637c8353bb6819f67f87447601c0075dd5ca06b00c20fa33a2752c2b6de40450be619a7d820b9d0076e4e11374842dfbae02514db4f43f8447a85d7a9b433ce5e3504b0f18cbe3f4fd490c10926a777070517eb7bf4f669236a2d9cbda273092e026c606b1ca81382654c2e0b9d69e7a04cc2efa0c5477c7960605bcafb06aa7523ed09e41ca9ed452872f9bba44b120a018da8e3abc6a96b9bbfd3da5a2682baccb44274250a6eea30cb8d5caef9f94983150460ada4786285507e17c4bd595898c81893b13af38622657b912d03658b405c3ff3baf539fe156a01cec4c102e9f91b165a00c302538893674bed3da67a479049c7ef69f91f9a76777b2cc5051a8c9a640bd8cfcfe82dd26eb3762346b8c97c8c6df530d39d6f7bd2e18f2a232cfaeed89dd1742183e727fd1aea947eea39ef274026317629db8b7e8d0a9e8162b649eb7b2a38baeb022120c66370129c99dfad6f62d97525289a98e6946336054019c7bdff780ac4f28a83f64637d7d1044b1762db078ae38a274b7c1556ec392d772284c13d958861b0d585719568b6f1f7d2448f0a80c9473a27b9afe766ca202f7297c36aa31e0f8b573236a2240ea86d3106215970cf851c26ddf06a1b0086f4d3bc65593a54da5c54ef4d3dd781d71658d4d87e134d5e01ce5381157259dac1167aa06e573f12712a8a9e043fe62f1b2a92766b461f70132938ff19d03c47a9dd97c2291735366db53b80cfa883ae96bd65d282c149d322b9b71b4a4960d12ec551ca0df41695422f8b8b4e28917853749c432c308a5316f957425bdb744605327b7428d7d3787e094ee18a5ef8d9ae301035a2d9b522a7f4cef682264a64ce1b63f001416d996ffab5e60a4092a5ac1989cca3b33217b54062378b43bdebac23381bac0ef8329c5f93bff510cd5e415271c8b9820f0d395989b83ff39ebba2e85f03cf5a555a08444e6027ee6be10baa678e2c8e0d4cac48f9a640d0267a09d94eae35dbd61cb328c447d80a68c375949804e1d39bb536264ff6f7b3fb6fe1fa747dc6c43bc058bc739e931f73e782a5c2414ad9f2ffe54b85b021be0c9b718f4f9de45576eafd70d732f86354514c098a3b3b8c9c85b5857af8d927414bc62a6fa0c608e4af4fb4e6bb80d68abc10228046030b09809710f44d8d3721ad8fae745f4680b91dbb62e695e8d6230590cc22e46e487149f0f93613e7a4eb923eba08e0058b0687905b6af23d3bf0c7f13b1194c49fb0e96b5189df0a373a817e49ebfeed269a5914cf2af6b5767cad13ed496991d6ea84b02969324057c71649bd7daa82a584312dffbdf9cadb8c7e68114b3978f483eff2eed8b1962d2e84a8c8aadf98f18097d0a28e317d11d572926bb455391866fd67303e1a341237dfe5fa56d6996a354b8abb97e45faea4f24225897ffe900b76e8116c5a045d40a2591a682de469e87e57188127d52f6779cc77b1a80db4db9311db61414df9e94825096ee4768f66f9d9a5d2b7d05bff57a49a02edb31466e67da235fb2ddab04cd38bc3ee9e431d7bab21aff98c74673dd82224dfa665f0cc46f4610066241ecde2278f4bfca37edfff2b7a05bc6b528150a48c8aa24f5e29414876b53b9d0c1e8c42061e88db35f319f7dcd8089cb08ef51b8d182e777ab0536c1286d22abc81df8e617241654e698dfe0bf390383175465af3208337c72c25fbf63f2015405b99cc024d7ae58ef3eaa7d5e3f129d2db9e32944e93ca0836d732d91a743bfd8195ca876164314b035dfbef332b0170793256c20f59a9776fa51373d7d7fd6946dba22859da53ea13ba36729348703f4b4dc0a894bbf1b594c651bec1f8fbaa70531b26e684e3d08fbbd5223a4cb5bc5fddbe0d50b811449c1f289cca6bcbcae1511918c8b2efd4bfa2f041c91ba1c133f196cc0dc7904303c731d2d0b7980fd9cd28bf09351c50ee3d1e265a63ba766ad66d63cad7982834657924532dfdb719abbf44529287feaddd2703f78cc65a1d410d890a2a915ccc040d446a0f2949403d697ad398e79535123901fb5cf52f4d4e0173cfbab2af3f63c412f3987bcb702f4f3bf8ab8abf588890ed337a10dc3197ab60c7ec2bcef9447487df1a2caa5124893081742e241d0602288e90f1e8106edf3319374fb6fb2dc72d2f8af217ba37af0144b5dddba46e620d3eb2647cd25826dba04e5d42dd0293e709c076f5e813f8a040863c88863655823cd3ce6e3cdc07705fffebe138bff9f0564c8495a2593394a7baed5dce57b70cfb7810be0d06db991658be66bcd10e4a45275b441a4d59c3b077b00e9a1b4958a7ff1e12dc517fd1ccbd11b061c99e6073544d029c744552da593e9102d93730f4ae2d555bb4aeadf867f96d7b50132331d13c122da805fb274d480d07eeb307d1de776722626249213889b4dc29743a671f7ac21175dd4c6f723992ae6bddc9ce5eeafd1b14bcd9dd4809b300a0fe4529d1862f69749dc9e8a2211fe8f0204c8f7bcabba06db1a25ef9efde77891889fbb84d72c79ed052747e86b844fa38babe68bc685e152acf847c7c0a00a065a12d54f3c0159e5b735686dc502d85d776d9339352931aa847340b8f7260b81070f777d14f04066469d4914aee3f33af2c1b57bcfec7f91c43ed51325d02e1cb8ee4f9e2569ab02f34736943d121f344a292b666a792dbf6ee7fa22c45d5ebda0b51a3a98f65f7776555b08ea06b36ecd9ad2911ace05a81960aeb9ddab12b75029bc0790ea675cc775fe83bb90f6c91dc3fd3927003c37513c3b8914bd439c083be69ee50354a216b7f3e8878f2fa4fcf9e2196e5997fd8a724089b6df7278f30f7cc1503a9da580f6c6446b79128a4f5d1ef2ba47176fda8f47afeee23f6358b5cb9c50af909e8843a468e24f1b18b13e5f0e79ac0c9129f0d272ec51b080c2b523a332c98ad50237b0f3bd492908e991c3e302457c0ff23608255d694a20cb69106dee5761d4a2abc622fac7863e19e00e860e2bee33a7da02448461b0660dfb70d6f773577fa60f8cb2cd7cb65ee0a414875b4afc08cd083d0ac20d4b4da4d6309ab4eba8b7c3674bb2bb27c2b6e16df1f11e66b6d68d7654192c7606527422531beb30613ee2950f8486c326838707bab7f8715810ee2d01d4ef88a1eb6d7039b17adbe5d86258a73c62b671d926783dd7ccba1b41bee2990eeea42905bc323eb243259dfd1b30162999e472f5884df242171b75787517665d1c207a54bd5c70e01584d767125f53c8706dcd7fd066ad320e76c5b5309bdc4fb6b4e66ebf23360b3f90f9e16811247badc30f8d2db8a3d374f4154872d6c84c33c7591d6b76aa36e9999f58ae8c682a13dc7b5ee9b325bc27e5228bfa923ab41a73691ecdc564e5b28818e36affc27dc8c4154c01f477475cd8c60477fdd74d62c7731071c5f34098a530b34e2575f21d9a5ab2bb381f75b3e6863d2b042032e8b6b8c9b658eb06f15eccfd63d69b02fd1fa0f92429ae22f86ac2256dc7a82554b4efef61c695d02193744b6814c13ef6febcfc1498d6942aa88b44b06c8b7b99c174129e30a2d6de2c31919719eb73059212e6908ec3498048cdb75db9e9e3d4bc9bc32f4455833c7e684cee739b21fe12e99818ba9597f051cc28935dd87875c409d5bbb70582356318dc7d247463ded659e358914c9464d79e8453a89aeb4b203c029c9a79f41e1299a64f392b23c54641987a7a79547df10979d7e62c571c533fc404b55f765bb883aadfaf0b2d03358c1a4d2cd3ee81bf1932e43d72aecf7944e8013597ba10d7bdd84c28e194969bd06ca235b8f59614b532e9565ac36b67bb162bcba5fdcd25cb38d8e1371b0a7ef4d2a9c4eee922df9274d7761b1f64bd75bee4a50095965fea7834ea8a65a21b03d093765df12b2dac3153951f833c324c61c245238b8fd3505ebc0c1f36a35c7865808021c13d94f2cf07fb2317f90bf48718f3aabe89e187b04c5d4e70b6fb3012dada0c4df4849f4679e0588aaa9ffe5708426c1063e63a3e714a9a4b2ef7ad204de99ed24c50a4d7cf06235307f7ec161587539fc9f2c4a9b469c234cfbe25c4408edc910f939b1ebda59637544f9b0ef4eb6a9ee945681bc93bbeacb4d9c3003aa1e76ded217db436abfeb1d1f9944b4d7338137f8b90714408b91071df067290a5091cae262020af0475155befa93be35c6c929f257d63bf51706eafd6b6a4d94177cdd2ffa1b5cb13a5419e638db2a81eaa91713bc2fd64a9e3e3e389f987a36bec6d7e6c5452660c37ed3d152b759686c6e6a66bd0fa66c9973d2d96f4f7a9d1bae76216008b62dc4f07fd5c162ebe6b8713100a926695a2fe20279a0518a0b71693294c06e587e482932596daa1e970aa2dd178d0075b3b2f4f89678c12efdee696b8ff2aea9b0cb6240ca30a3b50f0b06cfe8de24be1ba8938f51aee8c94e8d0d3d897ba1263ae5d9", 0x1000, 0x7, 0x0, 0x2}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0x8, r4, &(0x7f0000000180)="83bdcecec8a179cfb0e1ff429def3f440bdd1930d1aa9272f47cc6f69ca383a6bad8813b65cb0ea83989f4559eba89cb1df9acb6a28b7d37656aa7164c630a8772a8dcaef8bfd3c408a6eb73ad758b36d38620acd4b25fd452c34907b47a0de790d81ddbb4f7c5d0b5b9eca40b18cf294e8bd10c34fdf881d3d4ed97c99f74986e23ecfe39d54b9f2a27f69ecb0b262edad58e9bda15cbce303c43bd0025a24ae39676e284761d55b7daa23ac7abe5b81c5d95e58135a766a195de6f6ba33597085089abb82b1fdf1f14cea3714c28244e9a1f7803fa75ab56", 0xd9, 0x6, 0x0, 0x2, r5}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x1, 0x2, r2, &(0x7f00000002c0)="54c08100785e5cb2b911770135d9d123317a1189dfdc6ecd7eeaa1a574d840bb0b2eb5aead5d0f6eea228eb2f193601762e781fee24f9833b57518427a372ca3892bf79747115334924d91186cc168265ce948a4ce60472310c9282ee81ce751a0337f0d02c840c847d4a77cb59b7512f8630f7710355bd1abee22f3cca0b65c98e40b74316e5262e91fe0e5a15eab468c0d43b22a1c4a51f772c6d8493d34b4f676a7e390210d38b46476929f9ace6971efa5b7fd5cd409c8bd7cff515ec63ea0288e1ed4e510c1a80d2126910ecb9e3dcc72121c5827ae66b5", 0xda, 0x8, 0x0, 0x2, r6}, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x6, r0, &(0x7f0000001440)="21ce2cb7ed8d551319ff5fa8d16e3f720790b76bf7b613ac08cdb5b3a204bdcd6c51ef780c49d071464a33176af2c2f70ed014cf25016ed1d52e35ff00d096fd180bf099ef756184de65b4636ee2e174b276e2564882067f7c7a2b52ade88f828036e0eacf7c001ada936d4a8a72ff7bfbec195edb45b37b6a7f3b7d6d5e08de15dbefc3f50de3813674395c589877918b422245", 0x94, 0x943, 0x0, 0x1, r0}, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x8, 0x1, r0, &(0x7f0000001540)="2bcd9962ad63036a1efa288d9014cdb6341f9aa8c923416a67b4e5220725eaa511c060575cf40a551ab1d86e8b26a95ba800ce2d05c843c9", 0x38, 0x1f, 0x0, 0x1, r0}, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x8, 0x80e2, r0, &(0x7f00000015c0)="8ba5dd565ffd8ffc707db5661c8abb1efa982a5564644a995db22bd13273e6c1584e2ecb5f330df843eb74a16f523c142999438258dc00d12feb8544b20b5ac0062f1479b6d3ae54db3ba8e174e7c8f34b1aa3fb79bb1f11808d8ddfc4c29aab077904a15ddd917f26e1700a30f9d9fb202c311651028b8fa82f9b5d310049371d3ee1c462ed0f383dc899388d2389dc7402d37ef88a", 0x96, 0x6, 0x0, 0x2, r7}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, 0x1, r8, &(0x7f00000016c0)="a3394401292b55ef7ee7c700e87cb188b2a37ca8e5e34c98bdc2bc8db921a3a0c3e34f5420a8a46fe51de841e7f0f4b6b41319e08f61f40cadb5d939f4ab26b7b00ffc5465188fc1434129445d13ad7efaae", 0x52, 0x0, 0x0, 0x2, r0}, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x2, 0x81, 0xffffffffffffffff, &(0x7f0000001780)="1408757c3b95", 0x6, 0x6, 0x0, 0x1, r9}, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x2, 0xba57, r2, &(0x7f0000001800)="0c0a2c793f36c2bcb3245f4c77fb889ea71641770db805006c2a0a98d938f84c33ff45e01fa027e123a13628819a904f0a67d28351a406b6268a9ad8ce69ec025d528bc39c8e509cd1376bc0f9cfe0a0864f4d0e3fc5274368c50492e4faa0ded4169b061b", 0x65, 0xcba1, 0x0, 0x0, r0}, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x3, 0x5800, r2, &(0x7f00000018c0)="dda39d4b251936f4f7cd3e5d5ec427ea24dd72e26ac63811540ea72e64a780d0a7bd18a8b1ca33e816cd6552f1c8ac9c9775c0d58c5416bee55d4a55f7ea8e4c299eea706c50ae2b0289cd95364f52629408ccd4a484c3697c3fdf03f36b6b61fb256dd1", 0x64, 0x100, 0x0, 0x0, r0}])

18:11:55 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x527f, &(0x7f0000000000))

[ 1655.043390][T15105] FAULT_INJECTION: forcing a failure.
[ 1655.043390][T15105] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1655.060683][T15105] CPU: 2 PID: 15105 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1655.071100][T15105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1655.081167][T15105] Call Trace:
[ 1655.084864][T15105]  <TASK>
[ 1655.088190][T15105]  dump_stack_lvl+0xcd/0x134
[ 1655.094391][T15105]  should_fail.cold+0x5/0xa
[ 1655.100164][T15105]  prepare_alloc_pages+0x17b/0x570
[ 1655.105925][T15105]  __alloc_pages+0x12f/0x500
[ 1655.112362][T15105]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1655.119893][T15105]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1655.126804][T15105]  alloc_pages_vma+0xf3/0x7d0
[ 1655.131793][T15105]  shmem_alloc_page+0x11f/0x1f0
[ 1655.137775][T15105]  ? shmem_link+0x360/0x360
[ 1655.142883][T15105]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1655.149564][T15105]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1655.156766][T15105]  ? percpu_counter_add_batch+0xbd/0x180
[ 1655.163368][T15105]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1655.170651][T15105]  ? __vm_enough_memory+0x184/0x360
[ 1655.177299][T15105]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1655.184423][T15105]  shmem_getpage_gfp+0x643/0x22d0
[ 1655.190637][T15105]  ? shmem_is_huge+0x2f0/0x2f0
[ 1655.198036][T15105]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1655.207878][T15105]  ? shmem_fault+0x750/0x750
[ 1655.213740][T15105]  ? __kasan_kmalloc+0xa6/0xd0
[ 1655.219561][T15105]  drm_gem_get_pages+0x291/0x5d0
[ 1655.225906][T15105]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1655.232621][T15105]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1655.240253][T15105]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1655.247968][T15105]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1655.255538][T15105]  drm_gem_pin+0x64/0x90
[ 1655.261353][T15105]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1655.267888][T15105]  dma_buf_dynamic_attach+0x206/0xb40
[ 1655.274720][T15105]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1655.282632][T15105]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1655.289807][T15105]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1655.297047][T15105]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1655.303993][T15105]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1655.311375][T15105]  drm_ioctl_kernel+0x27d/0x4e0
[ 1655.318535][T15105]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1655.327158][T15105]  ? drm_setversion+0x8b0/0x8b0
[ 1655.333237][T15105]  drm_ioctl+0x51e/0x9d0
[ 1655.339782][T15105]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1655.347727][T15105]  ? drm_version+0x3d0/0x3d0
[ 1655.353894][T15105]  ? __fget_files+0x23d/0x3e0
[ 1655.360664][T15105]  ? security_file_ioctl+0x5c/0xb0
[ 1655.367664][T15105]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1655.376127][T15105]  ? drm_version+0x3d0/0x3d0
[ 1655.383855][T15105]  __x64_sys_ioctl+0x193/0x200
[ 1655.391480][T15105]  do_syscall_64+0x35/0xb0
[ 1655.398128][T15105]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1655.406462][T15105] RIP: 0033:0x7f3352e67ae9
[ 1655.413116][T15105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1655.444172][T15105] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1655.453099][T15105] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1655.461416][T15105] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1655.469863][T15105] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1655.478251][T15105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1655.489829][T15105] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1655.500964][T15105]  </TASK>
18:11:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 34)

18:11:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={0x8f3, 0x10001, 0x1, 0x7c, 0x3})

[ 1655.692440][T15117] FAULT_INJECTION: forcing a failure.
[ 1655.692440][T15117] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:11:56 executing program 3:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000003c0)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r4 = signalfd(r0, &(0x7f0000000300)={[0x5]}, 0x8)
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="d6ff030090adc07f93e52412a78600000010000000000000000000920181700426e67c8afbe5e4c967a4137759c05847243362b0642c5f745c69b0e2c6a6a9d20e32f501fc3183307be8aadf009f41199f00718bfd2b515e00ecc0ab146d0270a9ba88da428961173a064efcf3e24eba6fb32d6ae24c63d5b86bd5e5c5f6343ca6b7ce4636e33f2a79f8f47bbc454ec006000000000000005b1bb74d14cf87d9704a64b661b7853bf3e619d1c06b860d436a7bfadea7c404712988595d0f792d399b25c8"], 0x10}}, 0x0)
r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0)
io_submit(r1, 0x4, &(0x7f00000005c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x9, r0, &(0x7f0000000140)="e8eb115b7de5cbc87dad3f82dc3155f923d8fec0f95fd7c70a89792b8977383fd24647386aa4976e61f09710d25e492a7879ec7e07b4656693eb1549e399bd200f3adfa9e02423edb91d2e822cb0828b29fab9ea4ffaa9ec4dca26459832ec10d7c898e0f94ce5e4afaedcb913929a22083d3506a57b99e07e703c650d8e0e0e0990220b6319ac23f26199e09d9254beccff90af91fce1c5bf2b6fa1315999348d6be797530a9ae87d11", 0xaa, 0x10001, 0x0, 0x0, r3}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1000, r0, &(0x7f0000000200)="2a100c68f73e9022ead698a9eaaef44fe3eb9a12dcfc9a6cde91f5a9c2a043e890fec57d24e26bdb1c64300331e730d7cb3e1ce8c8a336e3202ac7ef0095b7d98c5dccd4b78f3f145d4565503dee1b4fd8b15c1685d1a68aac9cf8feb3b0f2f95ef51a5302662c982bca5ce4b2da010f27710d769c6b5eb5fac2c050d2c239f1658f671058e0c3c5c572fe636070ce01d27bc5210e5adc637cfb60966ae5e04274904d23f5a8a7b10e6e2a7a24731908a54735e399a7c9eac31979a8a3159f2cbf5dd27be68b28da3a5d406aaa3e8f6eabf5b9affcf3ac41efdec6afe2c67cb579fb12bca1", 0xe5, 0xfff, 0x0, 0x2, r4}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x8, 0x400, r0, &(0x7f0000000400)="c09b72b9194a4c4246419773993f80c5ca3927fd0aa7dd9f71d47d77ce7a71b15212d09e0db18e3d6e86f4bc4ca034bb1be1fb97b51177d5e79cef23ba138720ab1e262efece3c267129afbaa4e898fcc735c3cb1b22ec797c07edd7ea2773bdb30172361ac5a7b00ac10e26291ceae20b19066a58c19cc62acf222e0b403715edfc83e84bc3652bc83444a98f628625215720e35d88b2746f7b6ce62f7bafd6d3cc0f1b1720254aa42a9ee9e80fafc34e175186806da57f109e256c9a63962ea3d1356a9d3a7436bdfc0b8853d6cbcaebfccfc14733003a64bd90cecfb37bd805ea2d2d017ecb", 0xe7, 0x236, 0x0, 0x0, r0}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x3, 0xa8, r5, &(0x7f0000000500)="bde902435b1eefe5db1f69318a51c9544957f2edbcf52d03514aeb70e472cf89efd88b", 0x23, 0x594387, 0x0, 0x3, r6}])
io_submit(r1, 0x2, &(0x7f0000000100)=[&(0x7f00000000c0)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0, 0x2}])

[ 1655.741700][T15117] CPU: 0 PID: 15117 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1655.753346][T15117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1655.765619][T15117] Call Trace:
[ 1655.769820][T15117]  <TASK>
[ 1655.773544][T15117]  dump_stack_lvl+0xcd/0x134
[ 1655.779405][T15117]  should_fail.cold+0x5/0xa
[ 1655.785820][T15117]  prepare_alloc_pages+0x17b/0x570
[ 1655.792813][T15117]  __alloc_pages+0x12f/0x500
[ 1655.798536][T15117]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1655.806772][T15117]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1655.813650][T15117]  alloc_pages_vma+0xf3/0x7d0
[ 1655.818459][T15117]  shmem_alloc_page+0x11f/0x1f0
[ 1655.823510][T15117]  ? shmem_link+0x360/0x360
[ 1655.828022][T15117]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1655.835021][T15117]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1655.843191][T15117]  ? percpu_counter_add_batch+0xbd/0x180
[ 1655.852245][T15117]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1655.857804][T15117]  ? __vm_enough_memory+0x184/0x360
[ 1655.863066][T15117]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1655.868783][T15117]  shmem_getpage_gfp+0x643/0x22d0
[ 1655.873515][T15117]  ? shmem_is_huge+0x2f0/0x2f0
[ 1655.878010][T15117]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1655.883321][T15117]  ? shmem_fault+0x750/0x750
[ 1655.887442][T15117]  ? __kasan_kmalloc+0xa6/0xd0
[ 1655.891712][T15117]  drm_gem_get_pages+0x291/0x5d0
[ 1655.896210][T15117]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1655.901018][T15117]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1655.906219][T15117]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1655.910987][T15117]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1655.916766][T15117]  drm_gem_pin+0x64/0x90
[ 1655.920885][T15117]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1655.925733][T15117]  dma_buf_dynamic_attach+0x206/0xb40
[ 1655.930891][T15117]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1655.937515][T15117]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1655.944042][T15117]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1655.950510][T15117]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1655.956254][T15117]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1655.962922][T15117]  drm_ioctl_kernel+0x27d/0x4e0
[ 1655.967628][T15117]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1655.974355][T15117]  ? drm_setversion+0x8b0/0x8b0
[ 1655.979734][T15117]  drm_ioctl+0x51e/0x9d0
[ 1655.984342][T15117]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1655.991240][T15117]  ? drm_version+0x3d0/0x3d0
[ 1655.998772][T15117]  ? __fget_files+0x23d/0x3e0
[ 1656.004834][T15117]  ? security_file_ioctl+0x5c/0xb0
[ 1656.011139][T15117]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1656.019265][T15117]  ? drm_version+0x3d0/0x3d0
[ 1656.025221][T15117]  __x64_sys_ioctl+0x193/0x200
[ 1656.031543][T15117]  do_syscall_64+0x35/0xb0
[ 1656.037755][T15117]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1656.046198][T15117] RIP: 0033:0x7f3352e67ae9
[ 1656.051542][T15117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1656.078418][T15117] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1656.090369][T15117] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1656.100933][T15117] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1656.111204][T15117] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1656.121168][T15117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1656.130988][T15117] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1656.140833][T15117]  </TASK>
18:11:56 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x537f, &(0x7f0000000000))

18:11:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE(r0, 0xc01064c2, &(0x7f0000000040))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:11:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 35)

18:11:56 executing program 3:
r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x2}}, './bus\x00'})
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f00000001c0)=0x719d)
getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f0000000140), &(0x7f0000000180)=0x4)
io_setup(0x4, &(0x7f00000003c0)=<r3=>0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
io_submit(r3, 0x2, &(0x7f0000000040)=[&(0x7f0000000080)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, 0x0}, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x5, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])

[ 1656.297136][T15129] FAULT_INJECTION: forcing a failure.
[ 1656.297136][T15129] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1656.319237][T15129] CPU: 0 PID: 15129 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1656.328260][T15129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1656.337140][T15129] Call Trace:
[ 1656.340348][T15129]  <TASK>
[ 1656.343605][T15129]  dump_stack_lvl+0xcd/0x134
[ 1656.348423][T15129]  should_fail.cold+0x5/0xa
[ 1656.352704][T15129]  prepare_alloc_pages+0x17b/0x570
[ 1656.358311][T15129]  __alloc_pages+0x12f/0x500
[ 1656.364160][T15129]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1656.385398][T15129]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1656.391178][T15129]  alloc_pages_vma+0xf3/0x7d0
[ 1656.397904][T15129]  shmem_alloc_page+0x11f/0x1f0
[ 1656.404634][T15129]  ? shmem_link+0x360/0x360
[ 1656.410270][T15129]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1656.418719][T15129]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1656.427668][T15129]  ? percpu_counter_add_batch+0xbd/0x180
[ 1656.435999][T15129]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1656.444103][T15129]  ? __vm_enough_memory+0x184/0x360
[ 1656.450630][T15129]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1656.457671][T15129]  shmem_getpage_gfp+0x643/0x22d0
[ 1656.463592][T15129]  ? shmem_is_huge+0x2f0/0x2f0
[ 1656.469817][T15129]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1656.477540][T15129]  ? shmem_fault+0x750/0x750
[ 1656.482956][T15129]  ? __kasan_kmalloc+0xa6/0xd0
[ 1656.489965][T15129]  drm_gem_get_pages+0x291/0x5d0
[ 1656.497447][T15129]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1656.504058][T15129]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1656.511006][T15129]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1656.518013][T15129]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1656.524956][T15129]  drm_gem_pin+0x64/0x90
[ 1656.530097][T15129]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1656.537228][T15129]  dma_buf_dynamic_attach+0x206/0xb40
[ 1656.545221][T15129]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1656.552712][T15129]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1656.559788][T15129]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1656.567419][T15129]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1656.575269][T15129]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1656.583616][T15129]  drm_ioctl_kernel+0x27d/0x4e0
[ 1656.591176][T15129]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1656.598386][T15129]  ? drm_setversion+0x8b0/0x8b0
[ 1656.604699][T15129]  drm_ioctl+0x51e/0x9d0
[ 1656.609797][T15129]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1656.616954][T15129]  ? drm_version+0x3d0/0x3d0
18:11:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_MODE_ADDFB(r0, 0xc01c64ae, &(0x7f0000000040)={0x9, 0x3f000000, 0x5, 0x20000000, 0x6b, 0x9, 0xffff})
fremovexattr(r1, &(0x7f00000001c0)=@known='trusted.overlay.origin\x00')
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1656.622767][T15129]  ? __fget_files+0x23d/0x3e0
[ 1656.629160][T15129]  ? security_file_ioctl+0x5c/0xb0
[ 1656.635664][T15129]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1656.644051][T15129]  ? drm_version+0x3d0/0x3d0
[ 1656.649606][T15129]  __x64_sys_ioctl+0x193/0x200
[ 1656.655339][T15129]  do_syscall_64+0x35/0xb0
[ 1656.660009][T15129]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1656.666627][T15129] RIP: 0033:0x7f3352e67ae9
[ 1656.672563][T15129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1656.695264][T15129] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1656.704435][T15129] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1656.713712][T15129] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1656.722855][T15129] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1656.732765][T15129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1656.743308][T15129] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1656.754969][T15129]  </TASK>
18:11:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 36)

18:11:57 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x547f, &(0x7f0000000000))

18:11:57 executing program 2:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/bus/input/devices\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'})
r3 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000280), 0x400003, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000200)=[0x5, 0x5, 0x7], 0x3, 0x0, 0x0, <r4=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000040)={0x0, 0x0, r2})
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='wg1\x00', 0x4)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000100)=0x942, 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004d80)=[{{0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0xffffffe0}}], 0x300, 0x4000000)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000500)="e910811aa4007092c11c99e92f5ee3c2a669915a070ae7b672c64ba71b8529dcb74ee15a8af5eb2c2b7e3c90522cabd7fc7349dfc1eb0eda153c1f1fd8c259f16bed9c9dc0de66522254217d3c51467aa9d4bd4e83b003819fad8d5f25019e9b92d6c1df04c941e694f772b90f29859f676282ea58b1f54822f1c21f609529c901c50538ec6ba054bc467aa1efba3dad632b63ff07e31c4702038dc5a5ffca5b35e0421edf6278e91ceb2bfb7c89fdad46d1d52385b298b43c2be54d88346f2fc28a14e0", 0xc4, 0x4000095, 0x0, 0x0)
close(r0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(r5)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:11:57 executing program 3:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000140))
r1 = socket$netlink(0x10, 0x3, 0x0)
io_setup(0xfffffff7, &(0x7f0000000080)=<r2=>0x0)
r3 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
io_submit(r2, 0x3, &(0x7f0000000200)=[&(0x7f00000000c0)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x5, 0x0, r1, 0x0, 0x0, 0x1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x48b1, r1, &(0x7f0000000180)="dde6db72410e090bdf", 0x9, 0x8001, 0x0, 0x2, r3}])

[ 1656.910944][T15140] FAULT_INJECTION: forcing a failure.
[ 1656.910944][T15140] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1656.928705][T15140] CPU: 3 PID: 15140 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1656.939938][T15140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1656.951349][T15140] Call Trace:
[ 1656.955365][T15140]  <TASK>
[ 1656.959699][T15140]  dump_stack_lvl+0xcd/0x134
[ 1656.966429][T15140]  should_fail.cold+0x5/0xa
[ 1656.971485][T15140]  prepare_alloc_pages+0x17b/0x570
[ 1656.977147][T15140]  __alloc_pages+0x12f/0x500
[ 1656.981713][T15140]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1656.989864][T15140]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1656.996584][T15140]  alloc_pages_vma+0xf3/0x7d0
[ 1657.002115][T15140]  shmem_alloc_page+0x11f/0x1f0
[ 1657.008325][T15140]  ? shmem_link+0x360/0x360
[ 1657.012867][T15140]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1657.019761][T15140]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1657.026193][T15140]  ? percpu_counter_add_batch+0xbd/0x180
[ 1657.032212][T15140]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1657.041981][T15140]  ? __vm_enough_memory+0x184/0x360
[ 1657.048178][T15140]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1657.054824][T15140]  shmem_getpage_gfp+0x643/0x22d0
[ 1657.060877][T15140]  ? shmem_is_huge+0x2f0/0x2f0
[ 1657.069113][T15140]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1657.077377][T15140]  ? shmem_fault+0x750/0x750
[ 1657.083148][T15140]  ? __kasan_kmalloc+0xa6/0xd0
[ 1657.090780][T15140]  drm_gem_get_pages+0x291/0x5d0
[ 1657.097220][T15140]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1657.103833][T15140]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1657.111971][T15140]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1657.118586][T15140]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1657.126956][T15140]  drm_gem_pin+0x64/0x90
[ 1657.134607][T15140]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1657.141495][T15140]  dma_buf_dynamic_attach+0x206/0xb40
[ 1657.147411][T15140]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1657.153864][T15140]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1657.159764][T15140]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1657.167523][T15140]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1657.174877][T15140]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1657.182913][T15140]  drm_ioctl_kernel+0x27d/0x4e0
[ 1657.189748][T15140]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1657.196165][T15140]  ? drm_setversion+0x8b0/0x8b0
[ 1657.201141][T15140]  drm_ioctl+0x51e/0x9d0
[ 1657.206334][T15140]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1657.212361][T15140]  ? drm_version+0x3d0/0x3d0
[ 1657.218004][T15140]  ? __fget_files+0x23d/0x3e0
[ 1657.224129][T15140]  ? security_file_ioctl+0x5c/0xb0
[ 1657.232053][T15140]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1657.239481][T15140]  ? drm_version+0x3d0/0x3d0
[ 1657.245073][T15140]  __x64_sys_ioctl+0x193/0x200
[ 1657.251080][T15140]  do_syscall_64+0x35/0xb0
[ 1657.256269][T15140]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1657.263146][T15140] RIP: 0033:0x7f3352e67ae9
[ 1657.268896][T15140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1657.293605][T15140] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1657.303473][T15140] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1657.313126][T15140] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1657.323540][T15140] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1657.336794][T15140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1657.344934][T15140] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1657.355591][T15140]  </TASK>
[ 1657.359559][    C3] vkms_vblank_simulate: vblank timer overrun
18:11:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 37)

[ 1657.443246][T15151] FAULT_INJECTION: forcing a failure.
[ 1657.443246][T15151] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1657.463188][T15151] CPU: 3 PID: 15151 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1657.474870][T15151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1657.487089][T15151] Call Trace:
[ 1657.491414][T15151]  <TASK>
[ 1657.495312][T15151]  dump_stack_lvl+0xcd/0x134
[ 1657.501119][T15151]  should_fail.cold+0x5/0xa
[ 1657.506850][T15151]  prepare_alloc_pages+0x17b/0x570
[ 1657.513928][T15151]  __alloc_pages+0x12f/0x500
[ 1657.520610][T15151]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1657.529854][T15151]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1657.536579][T15151]  alloc_pages_vma+0xf3/0x7d0
18:11:58 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
dup3(r1, r2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r6=>0x0})
close(r4)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00464b4, &(0x7f0000000040)={r6})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00c642d, &(0x7f0000000100)={r6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1657.542517][T15151]  shmem_alloc_page+0x11f/0x1f0
18:11:58 executing program 3:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x8, 0x0, 0x2, "c5530013631e7dd34d428f54a62b4677f4f61f94db698bbd17ddb502d53590c3", 0x41416770})
io_setup(0x202, &(0x7f00000003c0)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x8)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x280, 0x0)
sendmsg$kcm(r3, &(0x7f0000001c40)={&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x0, @private1, 0x2}, 0x80, &(0x7f0000001540)=[{&(0x7f0000000200)="6ce15c05f4dd69f2ec14849f2751faef11ca0436fdc834c8310de7cebbc1905af12ffe246c6abaddbb7763e8d33a6fcbfb087b", 0x33}, {&(0x7f0000000240)="cb17af1d98c28efea90f3d40ec8639ba33fa779152a098ce6a5b6b19b0e7d69067b16c63f19254f5ca6acc03795d1cc03027945b85071596969045c61f5b662e97a886748aa1d6a49235bf801081e006dbae72b73d5d81f82772fe50bdb3b171122896a53f0f6dfcb2df4199d9d80abe795fbec3a5bd34836185f1b39ed1cfa8644241c8114e442d1456978f79", 0x8d}, {&(0x7f0000000300)="a6bbbcf1602132321e7929cbfa2c9a43b2f4aa957076", 0x16}, {&(0x7f0000000340)="fd49ec0c0246cf3f29bb75abcdef06a993d046fea56a7191338a", 0x1a}, {&(0x7f0000000380)="e10efc81754c6fcf6cd6717f92fa50c2787763b482418ee6b291b30959d8c398c30a9e517a", 0x25}, {&(0x7f0000000400)="33f6adbecf597349171ea579aea65c28bb12591387ebc2871584ca54700b51fa21958676a06609e11c164ba1be886b1efd0c93918a9596fb45c1edc959c97a752e9ff02fbd89cc33bdc284d7672e97320e4136b7891fe4e26ba83d5df89fe9d21635822b5ba288ce59e4250bef61427b8b98245d4691b394b334f689ab4d1f759a1c6b45e3c8a840353d79024b349124838060f054f63804d052faaa66b3ffbf4eddc8a684fc54a0a0bcfc6d6907e2b21a273327763ac372a3e8e41ca83c6176c500c5fb2bec54954c87a9fd5de6e5fa1a0077efbebda77021ef1a0db24d1a4ce8f9c6375fd18eeb1b00a3d7ea000a86ad21d946b422bd8e190a948cd1d7a159dae6a439d193feedf6bde17e9af5b03a99c724912b5c44acf532f071216e36171f61be00216889a45335d2cce367324d028f5ae6d57e44ce609849b8831b8d5ffc67ff80a50f35be4c3fb0ff935eff783d6367213da55787f54e1d76076553039cc91ff12eed07b71dda74386573946d60e24d3149f36416cc02f4634bdbe87b36bf929bef98314b631d8f62a35c34f60602ced7a8d45afd35ffa74505c591aee5b4a8f54bdafd4e9b67e23f71860f65eee6854f1b0e9e2a4433f1bbee7989c3b9f6d6a5dfb497456bcb5ae26c66ef12e7d8295ca16bfbc291ff66eb9737bfefb8945f35b2647bdbf382750bc0501eeaf44c3b0700701fd31930573b6663a7bb9d53dd95381544efc13784be58cb043c9c8cda4fce420964bc11ba2b6ba6f7f709d9f1e006d72a33b29fc6c0b82013a188b0944917188d6ab34fb6481953379e24730eece12541bc46c44dccfa110240f1b070595869a7f8c9eb902b7c70f4336eeb21377bb1ee6fa69ac8cc1c638d0e15f6dca7ddf1741c3ce72fe444b66eb602e658ee9852d5802c18a4b2ebb6fae688ca511d318594770d51e6e92b1dd16395f7318b60750818bfbad60f749cf8a0f01b6b31142fbd68f7d8c5dadf5a58259b7112e0f1a3ddf70f6a3ee01c30f4145bdd541d3693494a796155062f8cdb892f531d0c2449ab31000a01b220295b42701985b42beb684c2eed2ddbbfc0106dc7bdf3c0045411c08f159dc0434916c2e2d07b54cffc88e8d8a5542cfab941c93d6287063c23d756eb660e181251a112f781c8af9eae474b22cdac790ed36cfc9a4fe8f41aa504a96b5726a14823d9e5c0fdb9c20f9eb45ac7da511ea49c6adc2695ea42ec57579eb6aa6a2b202cab8efa937c4d94bf5de4a2960bea3a537aad6fd3f6fd0f6695c7520eb4124c760470455ccd2e6cdd20361976d027cd7916f64d874af62c6743e1b6be507a472b960ec6fd186e31b8fdfd67dc30dd74c7a094690f0c9a1f1ce6da436b112b4e73c7b807e9a35bd455b9aafa03cd89bb05ac2bd4ed7943b568dead6809c3f8626482e28cfe2ac5e17f46e130a8500777b1d740f6180ed08f293904b3102d9e61ce25ff544c0c0ecfa27f55f381d08b3acc0cd0b9b9765b086741f3b33388c192e9cc29a166be287237e668555251a64fd1405aa656b77b1319893bce97d86dc92cbd6148d656e86539791ed9c2938d05f0de77399d93f2d8538e76924b99a9e9a8d8076801e5b984f6bb14af71d6d6d21824b467eb748324bef20f836857c40a4ef4035e041d0e169dd149170957cd65831528e45349ae54ae9966fa6642cb39cfb907a6bee0a260d4600ccc47e9ccea3b5e05f9e835941f1f27a39730a94c4002d5b58b46b6ea8b933922c2725055e1bc29ca9f60d73cadaad6e6c29fb5b940b6eb35f5250babc94adfebfe4ef2ef1634c818d9bd8a8b3ae998069b07b7c5a46f52c75b624a23004c9230dd78eb0df9baf4c170662dfdb2ac9a8ec03161edbc2ee168ae0dd6acee52b2bb550939b74e6e73fb7cbe72e3721e68e673560471cfaa14b0732c0be3667c65b829fb73972dda9a841e3c975b3d76fa09337783d6d71cb3c148b4f163ee603c671ce77893632b711569f00821dc5b4ca67abe89e827742a1b362f9b12316c0a15dc2fe16697774a8f5246f837b31b473ca13daa9ff03f69d5259e16584d090960414b84e667a4abdf9c9000cdfab77216b737730af995c959997635c9537d03ca39a31ae3a0bbb045898243c651215b8b3176849ccce62d6f276c8e4419cee0ef5c93c7833257ac39bd3f1c37120c2b96aa4ec9391aad428f15f22cbb4337e6ffe3cce52c8c4404bbd768fc6940e626d59befa33981c173fbaa14c202536b5695928dbb1df2695ab55628518b15cdff1ac419019c1cd051fffaa7845363b9ff998ec35d7c23a6eb0bc982fc9a0c9f8118c85799d56653daeed12b4a66fdbccced8a0402bda2e4ed6c7abe10faca3053ef9aa4a80b7d2f54137c28197a58c2c3a1f8cc64d9ba68ced172edaaae2cbba7d8adb59cab9254d89365a82f5e712d3920ff34cbb090cfb6a272b990eeacdc7f9bacdbf56e8e3fac14e1824984c4b5cc22878d0d46231d4a30440df95a88468d87329167253194be0e4aa6905a63226a72948843ea20e20e11c2701be2f2b235db569f5e0052eb5e53f79de27d0b7219f8de941ab37578b23c774a864cda6bda7d2f8c19262e62fa90018d5387fc7909e947eb4585f6aa8b135b825070ac295219344846fcd3dd9e4fdb61d41ad6f4b9fd69b70818d0e4e92abd8432bf3dfbc09ba0458802ec756e476d13a6fce69ed05f91b46492905a144b55fe29fd12984b8c1fecf1beec834c9b79506bfe4d7ceba9f9d45bf679f12bd1d2ef0c8b98c1a937f8fd3e3484ce1841fd7dd0112b9173d1d3214dca862dd8f7cffc046cd46b366d97820ba2cc4390fe56641c7f4fe8439b83246f589a00551604e9a326df105c46e0107634ba4d398060e0202bc6925b69b714f7fe9d7c23105543de4476aa5f0cb03e28342989b734afd8c968ebfb137726db86c6a5fecbfbe3f86bdc357e88d12f519e13493fd24bb2ad14dac9de3514214a70b9e1dea883124554a4a857043b5fcc88126b2419b380eac7693f8d19aeadfbcb795380165b8ef898e627018a634c32f123c61373fe1dea3f76f623fba36886711546f13145af697ce6e30d736c4e35eee5530355bf5f17017c68692ddd1ada09e4274639a2c4cadc80cb4c96afc2fa7178c7cbf1257857436f45975b37fb567962da6fd9e2c3fa18dcb1acaa3c286df6b31d611ba9231a630129a159c1719a40ad87b9af0bbc675ee7afa2d8de3f2b2fed87ee14d23e1d63fce9a3b2551345ea309c881fab6e0b8f4de66e6b091f54c08a53750f89b984a14f71b0cb5f417befb804df2b2aed40c775446b97c0521c4a14065112ad7d2d7c2f9101a0105f3c98c13194701659ac079c20566568a68870a14d9fedf22aa3a0b7c713c998c4a3b6a8f47935dc239bcdba1c74686f4e0cfc1e65b1d30ef97075a35941fa68f766e5669c784feb49a4361ae1d1a12b3081aca078418133d303f0785fedf6bb5893bae490df17b141af88ada6bb83622661d6ddc1c695150398e5b274854a0067ca13415cb0f6aeaaaa16806b0533fc7d845866d749b646f569f7fe7b810c3bf08dff860d32ac70a84c17759a742d78ad63592c31d355295b2866ac639a4cd1b39b22a9deb3c0e7c14ba9fbbd92daaa5251796efeb5c91c293e1dbade593f3e2a6c1e47b72c6dde85bdf175bba81d63e24c1ebbfc95dd828e09bf165e88071ae4c174e4155b67169620535c40ee488021d571520f6a15d1f77ad7ce2f7cc01c7d9e870d1d71b0423508e81662261f7ad7edd8df32abaee5b5ed04b9b630ec8f4ad4d2a21c30adb606644caa21e21229ba967a2fa66ec402985e7e00f917e6c275a13b8e7f20c5947827a798d064295688e0a52609aa92979c0919c73bbf6a305df1da2a5dd821240d9c7f0cb4ffe8963258edd954d0af1399e9200da366a99b82ef999f57098f66af7150da0cefed5a70de72538a63f10b88a9c980dfc7524753b74780726b7619f438a831f8fa4a0ecc2413ea74cfd9383e04baee9318cad601ccb354ddd8978d16411bce67899668ab211f3ba8d3d691f8e9bf1a1715698ffd22f9a575aba09ae9edf06fb93766464614aefcd22a2ea634fa1c3d00f2435bc50b060eda2e1683dc86c7be3c9b85df703e29db832dfa6ac7d6585ac62d8661f5c6a5dcbf5ed69b257c6248244df03fab94e8d8f42edd2ae48294deabc2f271665258abc316851dafa0fa9e575e7f8d4be542882e6c12ef3818df6eac9afcedf93e899aa03e86b63269c3363ca32fb83d5a0f3fdc30e61a95823fd84dae68dffd18bf8952a4bbf9b8cf0402df4591da1c2f8f12e0d93c6269a0eaafc802aa46ee2bc30232a11533bb10576f3b632978a929940947088079b2d9ea1db643fab1d9e066709b6b7e83e3558425f4c715475a5a338b9d941e8df70d40965073c486f5aba82d6d55447edd105e598f448d17f2564e2b79cbd4fbc24f99540905081ae269be8daf9211eff1def6dacfdb9d96ac3f7905c3a44b40c1f941a6187cd9b04c8f86e007f10b8027b94c1402e39168ad1482a1729ce065a5e593c1d12b68d5011f78fe345b45744b38dfd4ccf3421447d8a46716d8e77c98866e2a1b177bfd2bd3f360fadeaf47f8202f4295cb14d4dad21ebc464e243ca3362379662833798c0ffc2c7089e7ec7fe22c61bb5fd82275784765f816a7535736d0fd19c608077b58bd0f32a56db58a1139ba13f15933269451ccadc539b13cd5d8922ea593876a8354f1e2682c8d1531e69f1c9fda2c0ac7babb404a7e176d0462288c9d629736f4f98a942cfbcefe47e84c853dce356468ff32905f61cd28a6903e21e18ce0ce3ad7c196efe5c9336a81924f5413d53ef653335d89cb50f4accc89f399b19f62609357dd5b326281dcc8a82faee585d16ccb2eb4dd820469e6d463296c738e8aa7baf84d1237ca5295544cf83872afe9b01c4b286202796e6875dfc7104f081f4ee67f962c5bc4025f44abc5a1f7ec3b54ae768df448771e517af56f1b2c0a9b80afdd1a1ce94ab9067f47c75668de0e75e8f05a4eb4cb6f13c0d823aed13e75cd240a7c7d3456f452d5275c995353ecbde1eb7c4595a5ce6a7fe55510df5271b02ef20b347b6b1b000b14365e5dd1e179c33022c883c210550a334d847ed844c9510c5ffc4436e77106426e1d777fc6c606da63d18f646ee9f7b14f3083bd61276a31d4a5921ddd7f15cca14b5a350a62441ec9176997a21e8838d64906edb6a467ee9edc0caea579d2c15108e10bf995eb31ecfce82970c172181cf434da3179993884f95c5f15c84063a8b68365e5d9d233c3220efa1aecea5e5101525518a83dccde3a52f457644244ba64a6fb479953aa24e16c1dbe44065c289f51447bc135b667997470306a657dd90183da1f1e22217afa818f304cc751732f2b69fe87731c4c9fc200034fe78dcc66c219161a353ae363f9ccdc637df03ed8977e27e01edbca2b8c8ec6fdac15b169e5ba25906c74402f701ea23e79713d69d8eae0dea634ba09b503a43db7c69325a6f4508c2f492206509b6db76e20087624f2d784d53880d1861a75a7a30ba3a863aa51b2f318f70d57cff2b612447235d2c4b95e542687f6a57fc988bda4d8b07610b4705fa8391df479b208a15e5eb3a017fff220805de7cae771590ef856eb29994230ac2998e5c68505a5066245349751a0bc9a6923a8eb41649b7f39b265d7914b6cdb9b55a98a46a124ee36de6b03095cdbf131055644eefa86ed350b0d2522b047f0ea94e99ede5704cd8fe94c8f0e81d9166f33b2c5d4", 0x1000}, {&(0x7f0000001400)="c089e6df15191ad39c7f4f193168792eae9e1b6fe267fd99cb673f28fc2c210f429236c4d2d3d656accf13a3aadf40f31c30de73803bd46d86912a7a2925218640c8a547e65fc9cf00826fd525166515db7465641cc17497abc6575d44ed42decaba5bca11b0b870517d15775484f58cf81c82fbd45b80a4fe4c727973cffdca48a2cf06b43e7d8f77ee0bb8b5d5d4bc0a285689bbda057c", 0x98}, {&(0x7f00000014c0)="54dbebb94a107bd63367dd06cc8451ed4c38d0690a5d28daa88bc1ad6281cf2a02a4051b72a8ad9f6aa1b4e4db63808c408d60ecd45582b9528d35b25a7a7762582fbf73e63f3ebf77fc9f470cdd2dee80b4b06d9e09293fe8569c497f74e3f148b3a6976875456db274e7540dda9241acdfc00ee3eac2dc3bf7bd57e7", 0x7d}], 0x8, &(0x7f00000015c0)=ANY=[@ANYBLOB="d0000000000000008c00000009000000cc1db4b8939e5df5e88112b9aa75ed72fa70f30f466ed3e51ba0456fd974fef3e141367e7b36f7af7a0fbf2339a76a331da251daf2f1cf943a7c0aa33d52300a3e62013d2065c7f5e52ebc911bb1486f08b27ab9e793e4b14981a40e5df38c9a5030cf4bd947094e9fc6f419c19359d95286a0c80bebb23f4c56d707c1e07474ad058b64f93db4c5598f26f9f45a1760e4de7f632400080a635a260c09161d91ac06f9ca06fd955a94976bdc0b3761d244f3dfd777efbfc86ac4f7d5f20d0000700000000000000009010000e7000000a9764e59adf9adaaddbe533181bd30837d83117b3f489650996d876399f23c5b6017e59684e19d55174d73926cebac15f1c3576c2d67894508062a8785f321a7e422dbd8e3d4a719acc3396cb5cd299a46e6de2e0eadfce04f090000000000001001000000000000ff00000075e60000b018e578cfc216b937bc4f5bb6adc5536723adc8477b644e1fb5837e454c3b1cd68178f5d24e8610a8e5b63d388937aef96119b162e433b856ca25c208670eb594eb0d4edeb514f623390604712493ae51b179c45b03bd62ce2c8bb76d6c91300060e07ae2b312cb0899c9f2256002b4e434a1a1907ff96e13dbe1ddd228ba038fb4a40c7a54ff12eb47c7c482714e1a2746b57dbc4419581030a55b181c8dcf9dde9ad9e9ca42425c4d7b6acb56a74d157f73370de53ebdc40be3fd4f95cb4fa326a239be13699fb390d6597cc4205ccc14edbb9e4a199b95a673c40b3791c92e5fa37307fad612f097c97341591a14cc21aa8d798f5f6b4626a7ed1100000098000000000000000600000001000100118dc1d5146794a01f8e70eb171dfc81daee90a9cda8b8b65505c1a8d2f3cac83c1269f0d46920d5ebbbd098c9525ba3b033f92bbd3fcfec977e847928303e23b5eaa944330f2104fd59c4d41a5de071388ec7e48843a249589680c7060b7ebbc1abcf926d21c5a86fc8e2ce5d244b11622d127d6eccc78553d9019e7c70cf6e7723590000000000f000000000000000010100007f000000219ed4f8eee3323168bc099af15fd21019d0c5211954971c4f9f4259683c51a893caaf3426b0397f7b41704064c9cd21018ffc9bc419a923389453abd57bbfc7372bc0b7ff344303ac83090f107088b3322a002ce5a25ae6ece61f547f883ef0776def03f7d31f532c4baa13ddee57a1e635a8490945a3ab6172844ea64d94c09165aee2d82387fa008bcca361ae6e8a2ae9643498aff8303da976ada6cbadccad9de42b16b30ed5d5a31455177fa7816951ac144935e6a0115bfce93df00083e2d146e75a5d1888f1c61413fb9169b8971efee22f08360beac4000000000000f80000000000000007010000700500001698f6f5d88ab41462849b9adb0cdf877d296a87925768a132d7d586d8ee755bb7db636f103e2c31b24c453282499f5df78c6b796b681eea8a7d8662f522793411ff02b10e62020544cdf4cd64185b52db0ffb3bde5340ababf42a49ff2b79beb69e8d9365971c42844aa97adbde46e9c0c0f19d611f4015e3cb4eb80900c43c33cfb62862b1cd04a9bccd143c1976465660118967d7e8d255f17b00f7ec2fe8dd6975dc23023624ed3c55860baeec1042994ba5673807223395627a2d62f7526b38387f889d3e95200d06b7f9f8375d9c4f65037f9c3d26959362c1853090fc66e804a132000000c8000000000000000100000010000000a87f36ff2a198dea9386afa7b0d7c1ec60f08665b6944752c7d671ed9b0f34bb0154c78ea2dd10b812b794c5984caf7314a8ee00ba88a7c5e8c27fcb0bfd975fb43428442a9b0da3eadb0d170b8d42a64f23ec4172749ca64b2855f462433fdc80c8e5806c874e17a6fa064bd2e522d82ee9fcd95bc40f19231783d34e94766c10b8a8879044f663221ea168bf1177517dc98b8ec1f2512fb49170d12361e08bd31210919e027598736c013bed52f6c298d152ee31a50ad4d000000000000000880000000600000020b29fc1fe5c19fd0d863ff2f0bdc6a25ab5d8c0bb555d958e60d0bdde3e52578cff11dc2e0c8dfc0aaecd178b8ae7fa78e06ef4de0dca3babcacad33b5dd96d5347802c288eea42526a4083bcf244752298ae98a3b8d3f7ba4757a808ff96d79d2d316460f5efab0287a0aae50a5f15a9de0d495f7a09bfccdefa7fedc0cf10912cf0bb0b89962faada2824868826c94723d59454a5c1e8bd3d2041982d6b0c078dbefcff60af49effb094859d8d376a06f3580e9d2b240d5132a5963000000"], 0x668}, 0x881)
io_submit(r1, 0x2, &(0x7f0000000100)=[&(0x7f00000000c0)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}])
ioctl$AUTOFS_IOC_SETTIMEOUT(r3, 0x80049367, &(0x7f0000001c80)=0x3)

[ 1657.549779][T15151]  ? shmem_link+0x360/0x360
[ 1657.557102][T15151]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1657.564617][T15151]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1657.573242][T15151]  ? percpu_counter_add_batch+0xbd/0x180
[ 1657.583202][T15151]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1657.591963][T15151]  ? __vm_enough_memory+0x184/0x360
[ 1657.599636][T15151]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1657.607345][T15151]  shmem_getpage_gfp+0x643/0x22d0
[ 1657.613359][T15151]  ? shmem_is_huge+0x2f0/0x2f0
[ 1657.618731][T15151]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1657.625469][T15151]  ? shmem_fault+0x750/0x750
[ 1657.630772][T15151]  ? __kasan_kmalloc+0xa6/0xd0
[ 1657.635797][T15151]  drm_gem_get_pages+0x291/0x5d0
[ 1657.641215][T15151]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1657.647350][T15151]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1657.654710][T15151]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1657.662388][T15151]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1657.669993][T15151]  drm_gem_pin+0x64/0x90
[ 1657.675853][T15151]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1657.683415][T15151]  dma_buf_dynamic_attach+0x206/0xb40
[ 1657.689601][T15151]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1657.696765][T15151]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1657.702348][T15151]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1657.709332][T15151]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1657.717844][T15151]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1657.727600][T15151]  drm_ioctl_kernel+0x27d/0x4e0
[ 1657.733639][T15151]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1657.741124][T15151]  ? drm_setversion+0x8b0/0x8b0
[ 1657.749504][T15151]  drm_ioctl+0x51e/0x9d0
[ 1657.749544][T15151]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1657.749577][T15151]  ? drm_version+0x3d0/0x3d0
[ 1657.749603][T15151]  ? __fget_files+0x23d/0x3e0
18:11:58 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x557f, &(0x7f0000000000))

[ 1657.749630][T15151]  ? security_file_ioctl+0x5c/0xb0
[ 1657.749664][T15151]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1657.749697][T15151]  ? drm_version+0x3d0/0x3d0
[ 1657.749725][T15151]  __x64_sys_ioctl+0x193/0x200
[ 1657.749754][T15151]  do_syscall_64+0x35/0xb0
[ 1657.749780][T15151]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1657.749815][T15151] RIP: 0033:0x7f3352e67ae9
[ 1657.749837][T15151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1657.749864][T15151] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1657.749894][T15151] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1657.749915][T15151] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1657.749935][T15151] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1657.749954][T15151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1657.749973][T15151] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1657.749995][T15151]  </TASK>
[ 1657.750157][    C3] vkms_vblank_simulate: vblank timer overrun
18:11:58 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 38)

[ 1657.993479][T15163] FAULT_INJECTION: forcing a failure.
[ 1657.993479][T15163] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1658.008907][T15163] CPU: 0 PID: 15163 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1658.020785][T15163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1658.031944][T15163] Call Trace:
[ 1658.035448][T15163]  <TASK>
[ 1658.038377][T15163]  dump_stack_lvl+0xcd/0x134
[ 1658.042950][T15163]  should_fail.cold+0x5/0xa
[ 1658.049170][T15163]  prepare_alloc_pages+0x17b/0x570
[ 1658.054477][T15163]  __alloc_pages+0x12f/0x500
[ 1658.059205][T15163]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1658.067302][T15163]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1658.074780][T15163]  alloc_pages_vma+0xf3/0x7d0
[ 1658.081024][T15163]  shmem_alloc_page+0x11f/0x1f0
[ 1658.086287][T15163]  ? shmem_link+0x360/0x360
[ 1658.091270][T15163]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1658.099607][T15163]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1658.107271][T15163]  ? percpu_counter_add_batch+0xbd/0x180
[ 1658.113069][T15163]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1658.119060][T15163]  ? __vm_enough_memory+0x184/0x360
[ 1658.124295][T15163]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1658.129911][T15163]  shmem_getpage_gfp+0x643/0x22d0
[ 1658.134680][T15163]  ? shmem_is_huge+0x2f0/0x2f0
[ 1658.139656][T15163]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1658.146629][T15163]  ? shmem_fault+0x750/0x750
[ 1658.152884][T15163]  ? __kasan_kmalloc+0xa6/0xd0
[ 1658.157971][T15163]  drm_gem_get_pages+0x291/0x5d0
[ 1658.162999][T15163]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1658.168632][T15163]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1658.174094][T15163]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1658.179533][T15163]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1658.185333][T15163]  drm_gem_pin+0x64/0x90
[ 1658.189726][T15163]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1658.194861][T15163]  dma_buf_dynamic_attach+0x206/0xb40
[ 1658.200535][T15163]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1658.206696][T15163]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1658.211924][T15163]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1658.217651][T15163]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1658.223374][T15163]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1658.229211][T15163]  drm_ioctl_kernel+0x27d/0x4e0
[ 1658.234159][T15163]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1658.239991][T15163]  ? drm_setversion+0x8b0/0x8b0
[ 1658.244804][T15163]  drm_ioctl+0x51e/0x9d0
[ 1658.249044][T15163]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1658.255233][T15163]  ? drm_version+0x3d0/0x3d0
[ 1658.259659][T15163]  ? __fget_files+0x23d/0x3e0
[ 1658.264149][T15163]  ? security_file_ioctl+0x5c/0xb0
[ 1658.269055][T15163]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1658.275245][T15163]  ? drm_version+0x3d0/0x3d0
[ 1658.279520][T15163]  __x64_sys_ioctl+0x193/0x200
[ 1658.284693][T15163]  do_syscall_64+0x35/0xb0
[ 1658.290135][T15163]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1658.296438][T15163] RIP: 0033:0x7f3352e67ae9
[ 1658.301324][T15163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1658.322120][T15163] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1658.333234][T15163] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1658.343594][T15163] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1658.353672][T15163] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1658.362877][T15163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1658.372162][T15163] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1658.381611][T15163]  </TASK>
18:11:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 39)

18:11:59 executing program 3:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000003c0)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
io_submit(r1, 0x3, &(0x7f0000000200)=[&(0x7f0000000100)={0x25, 0x3a5, 0x2, 0x1, 0x1, r0, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0x200, r2, &(0x7f0000000140)="63047af6eda486a3156558240df0aef57aba3dcc1585ebd9a2392325136eec9c71614fc84049cf88ca3398f9b3b0a5d3b691567ea41a65e3704d005750c6553ee9dd5ba0d1cb381a4e251d3faa144037165f3a6bc6846efca6a5fabffe46346f6295461c34def2dccb44fc6ef7e5d5c570432994ed3fa0f9284ba69d1add2e085dc9713c637fe72b71906d15e12df91df272be22064ec63720368b0a3e035a2c9a04424d4539fc8a47066e5fd9cd", 0xae, 0x3ff, 0x0, 0x1, r0}])

[ 1658.509345][T15166] FAULT_INJECTION: forcing a failure.
[ 1658.509345][T15166] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1658.527165][T15166] CPU: 2 PID: 15166 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1658.538572][T15166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1658.549594][T15166] Call Trace:
[ 1658.553930][T15166]  <TASK>
[ 1658.557941][T15166]  dump_stack_lvl+0xcd/0x134
[ 1658.563604][T15166]  should_fail.cold+0x5/0xa
[ 1658.568288][T15166]  prepare_alloc_pages+0x17b/0x570
[ 1658.573388][T15166]  __alloc_pages+0x12f/0x500
[ 1658.578659][T15166]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1658.585980][T15166]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1658.591818][T15166]  alloc_pages_vma+0xf3/0x7d0
[ 1658.596693][T15166]  shmem_alloc_page+0x11f/0x1f0
[ 1658.601558][T15166]  ? shmem_link+0x360/0x360
[ 1658.607400][T15166]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1658.614663][T15166]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1658.622905][T15166]  ? percpu_counter_add_batch+0xbd/0x180
[ 1658.629648][T15166]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1658.634854][T15166]  ? __vm_enough_memory+0x184/0x360
[ 1658.640024][T15166]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1658.646145][T15166]  shmem_getpage_gfp+0x643/0x22d0
[ 1658.651263][T15166]  ? shmem_is_huge+0x2f0/0x2f0
[ 1658.656168][T15166]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1658.662182][T15166]  ? shmem_fault+0x750/0x750
[ 1658.666762][T15166]  ? __kasan_kmalloc+0xa6/0xd0
[ 1658.671604][T15166]  drm_gem_get_pages+0x291/0x5d0
[ 1658.676530][T15166]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1658.682108][T15166]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1658.687814][T15166]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1658.693381][T15166]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1658.699255][T15166]  drm_gem_pin+0x64/0x90
[ 1658.703776][T15166]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1658.709399][T15166]  dma_buf_dynamic_attach+0x206/0xb40
[ 1658.714932][T15166]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1658.720704][T15166]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1658.726084][T15166]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1658.731234][T15166]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1658.736424][T15166]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1658.741791][T15166]  drm_ioctl_kernel+0x27d/0x4e0
[ 1658.746700][T15166]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1658.752680][T15166]  ? drm_setversion+0x8b0/0x8b0
[ 1658.757762][T15166]  drm_ioctl+0x51e/0x9d0
[ 1658.762449][T15166]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1658.769223][T15166]  ? drm_version+0x3d0/0x3d0
[ 1658.773854][T15166]  ? __fget_files+0x23d/0x3e0
[ 1658.778782][T15166]  ? security_file_ioctl+0x5c/0xb0
[ 1658.784087][T15166]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1658.790441][T15166]  ? drm_version+0x3d0/0x3d0
[ 1658.795128][T15166]  __x64_sys_ioctl+0x193/0x200
[ 1658.799960][T15166]  do_syscall_64+0x35/0xb0
[ 1658.804657][T15166]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1658.810429][T15166] RIP: 0033:0x7f3352e67ae9
[ 1658.814793][T15166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1658.838548][T15166] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1658.849694][T15166] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1658.861396][T15166] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1658.872013][T15166] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1658.881755][T15166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1658.891875][T15166] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1658.900883][T15166]  </TASK>
18:11:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 40)

18:11:59 executing program 3:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000003c0)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
io_submit(r1, 0x2, &(0x7f0000000100)=[&(0x7f00000000c0)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0, 0x2}])
mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='binder\x00', 0x100800, &(0x7f00000001c0)=').\x00')
setsockopt$netlink_NETLINK_CAP_ACK(r2, 0x10e, 0xa, &(0x7f0000000200)=0x6, 0x4)

[ 1659.047525][T15171] FAULT_INJECTION: forcing a failure.
[ 1659.047525][T15171] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1659.071930][T15171] CPU: 0 PID: 15171 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1659.085818][T15171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1659.098373][T15171] Call Trace:
[ 1659.102275][T15171]  <TASK>
18:11:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = syz_io_uring_complete(0x0)
r6 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000040)={0x0, 0x4, r6, 0x9})
close(r2)
r7 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r7, 0xc0709411, &(0x7f00000001c0)={{0x0, 0x38bd6111, 0x800, 0xfa47, 0x5, 0x6, 0x9, 0x2, 0x5, 0x2, 0x8, 0xfffffffffffffffb, 0x401, 0x8000, 0x20}, 0x18, [0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:11:59 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x567f, &(0x7f0000000000))

[ 1659.106634][T15171]  dump_stack_lvl+0xcd/0x134
[ 1659.112791][T15171]  should_fail.cold+0x5/0xa
[ 1659.118457][T15171]  prepare_alloc_pages+0x17b/0x570
[ 1659.124585][T15171]  __alloc_pages+0x12f/0x500
[ 1659.130209][T15171]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1659.138970][T15171]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1659.144607][T15171]  alloc_pages_vma+0xf3/0x7d0
[ 1659.149898][T15171]  shmem_alloc_page+0x11f/0x1f0
[ 1659.157441][T15171]  ? shmem_link+0x360/0x360
[ 1659.163380][T15171]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1659.170916][T15171]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1659.178368][T15171]  ? percpu_counter_add_batch+0xbd/0x180
18:11:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x488002)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
poll(&(0x7f0000000480)=[{r2, 0x10}], 0x1, 0x3)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = syz_mount_image$ufs(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x3ff, 0x3, &(0x7f0000000340)=[{&(0x7f00000001c0)="a5ce29a16c91165e6142820e9f4e940a42886060c059ceb9fd8649a9a361b485f64500f2779b9e64045879c662d675682f779c1af69352ac89802918dc34e9ea98b8aad9233e5cd50a7b5a8b998383220ec9c41c44e3337daf88058c800dd7b838ec9b6041b791a99cb00692e37e761f1c17eca4", 0x74, 0x7ff}, {&(0x7f0000000240)="695a3b7b58706e1859600216703b150c9da8fc13fa54e287f030bcbf62d6a8917445af1dcfe605d2011572da422f5bb103c4012819db5b51dd12d03d548718eb46e4baa199d7c4c096fce89ff2d89479fec12abde3d18814e5628f74c8823a858c66ec0ea65b2f382ec79830c14cb0ca10d2504ede5119f2d8ddaadbe523d997aef4bf3a957f7cbd5471cf", 0x8b, 0xff}, {&(0x7f0000000300)="881b7e2c90708c2db71f1338ecd53a6466ed52a697faf39b62949f294ffb4483aa71671a7cc540b1", 0x28, 0x1f}], 0x100000, &(0x7f00000003c0)={[{}, {':-$\''}, {'+\\'}, {'^}\xe0{-'}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@dont_appraise}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@fsname={'fsname', 0x3d, '/dev/dri/card#\x00'}}, {@seclabel}]})
sendfile(r5, r0, &(0x7f0000000440)=0xc19, 0x6)
ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000640)={0x1, 0x2, {0xffffffffffffffff}, {<r6=>0xee00}, 0x4, 0x9})
r7 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r8 = getpid()
r9 = geteuid()
sendmsg$netlink(r7, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@cred={{0x1c, 0x1, 0x2, {r8, r9}}}], 0x20}, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000007a40)=[{{&(0x7f0000000680), 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000000700)=""/46, 0x2e}, {&(0x7f0000000740)=""/3, 0x3}, {&(0x7f0000000780)=""/186, 0xba}, {&(0x7f0000000840)=""/140, 0x8c}, {&(0x7f0000000900)=""/215, 0xd7}, {&(0x7f0000000a00)=""/114, 0x72}, {&(0x7f0000000a80)=""/48, 0x30}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/205, 0xcd}], 0x9}}, {{&(0x7f0000001c80)=@abs, 0x6e, &(0x7f0000001f80)=[{&(0x7f0000001d00)=""/158, 0x9e}, {&(0x7f0000001dc0)=""/35, 0x23}, {&(0x7f0000001e00)=""/24, 0x18}, {&(0x7f0000001e40)=""/93, 0x5d}, {&(0x7f0000001ec0)=""/181, 0xb5}], 0x5, &(0x7f0000002000)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb8}}, {{0x0, 0x0, &(0x7f0000002100)=[{&(0x7f00000020c0)=""/10, 0xa}], 0x1, &(0x7f0000002140)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}}, {{&(0x7f00000021c0)=@abs, 0x6e, &(0x7f0000003540)=[{&(0x7f0000002240)=""/240, 0xf0}, {&(0x7f0000002340)=""/65, 0x41}, {&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f00000033c0)=""/34, 0x22}, {&(0x7f0000003400)=""/22, 0x16}, {&(0x7f0000003440)=""/208, 0xd0}], 0x6, &(0x7f00000035c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{0x0, 0x0, &(0x7f0000004740)=[{&(0x7f0000003600)=""/162, 0xa2}, {&(0x7f00000036c0)=""/105, 0x69}, {&(0x7f0000003740)=""/4096, 0x1000}], 0x3, &(0x7f0000004780)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r10=>0x0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x140}}, {{&(0x7f00000048c0)=@abs, 0x6e, &(0x7f0000004e40)=[{&(0x7f0000004940)=""/42, 0x2a}, {&(0x7f0000004980)=""/112, 0x70}, {&(0x7f0000004a00)=""/103, 0x67}, {&(0x7f0000004a80)=""/203, 0xcb}, {&(0x7f0000004b80)=""/149, 0x95}, {&(0x7f0000004c40)=""/184, 0xb8}, {&(0x7f0000004d00)=""/158, 0x9e}, {&(0x7f0000004dc0)=""/79, 0x4f}], 0x8, &(0x7f0000004ec0)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000004f00)=@abs, 0x6e, &(0x7f0000005080)=[{&(0x7f0000004f80)=""/223, 0xdf}], 0x1, &(0x7f00000050c0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00cc000000000000000076000001000000020000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x98}}, {{&(0x7f0000005180)=@abs, 0x6e, &(0x7f0000005440)=[{&(0x7f0000005200)=""/92, 0x5c}, {&(0x7f0000005280)=""/88, 0x58}, {&(0x7f0000005300)=""/117, 0x75}, {&(0x7f0000005380)=""/165, 0xa5}], 0x4, &(0x7f0000005480)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}, {{&(0x7f0000005540)=@abs, 0x6e, &(0x7f0000007940)=[{&(0x7f00000055c0)=""/118, 0x76}, {&(0x7f0000005640)=""/34, 0x22}, {&(0x7f0000005680)=""/90, 0x5a}, {&(0x7f0000005700)=""/207, 0xcf}, {&(0x7f0000005800)=""/4096, 0x1000}, {&(0x7f0000006800)=""/222, 0xde}, {&(0x7f0000006900)=""/2, 0x2}, {&(0x7f0000006940)=""/4096, 0x1000}], 0x8, &(0x7f00000079c0)=[@cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}}], 0x9, 0x140, &(0x7f0000007c80)={0x0, 0x989680})
syz_mount_image$minix(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0xfffffffffffffff8, 0x1, &(0x7f0000000600)=[{&(0x7f0000000580)="0cf599bef01a1549843aa21f0a74f9ae51d4a971bf786572dd93f8ce268eb9e5f715596cb7be0861ed548e9b9a9f35afa8c3bd26274d33d7b6e9c0b8cf564d3cd78ad0ec1e447bf98537c0c40abdcacf81063f81cfe86461574e970f88fae5096d1f74a7f6e9", 0x66}], 0x80, &(0x7f0000007cc0)={[{'/dev/dri/card#\x00'}, {}, {'\''}], [{@func={'func', 0x3d, 'POLICY_CHECK'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@euid_lt={'euid<', r6}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@fowner_eq={'fowner', 0x3d, r9}}, {@seclabel}, {@fowner_lt={'fowner<', r10}}, {@pcr={'pcr', 0x3d, 0x29}}]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1659.186577][T15171]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1659.194981][T15171]  ? __vm_enough_memory+0x184/0x360
[ 1659.201063][T15171]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1659.208434][T15171]  shmem_getpage_gfp+0x643/0x22d0
[ 1659.214448][T15171]  ? shmem_is_huge+0x2f0/0x2f0
[ 1659.220099][T15171]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1659.228483][T15171]  ? shmem_fault+0x750/0x750
[ 1659.234704][T15171]  ? __kasan_kmalloc+0xa6/0xd0
[ 1659.240352][T15171]  drm_gem_get_pages+0x291/0x5d0
[ 1659.246254][T15171]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1659.252612][T15171]  ? mutex_lock_io_nested+0x1150/0x1150
18:11:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x1, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f00000008c0)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000140)={r7})
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x433, 0x3, 0x9})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1659.259596][T15171]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1659.266330][T15171]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1659.272945][T15171]  drm_gem_pin+0x64/0x90
[ 1659.278292][T15171]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1659.284627][T15171]  dma_buf_dynamic_attach+0x206/0xb40
[ 1659.291271][T15171]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1659.298889][T15171]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1659.306986][T15171]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1659.315312][T15171]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1659.323185][T15171]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1659.331059][T15171]  drm_ioctl_kernel+0x27d/0x4e0
[ 1659.337280][T15171]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1659.344513][T15171]  ? drm_setversion+0x8b0/0x8b0
[ 1659.350867][T15171]  drm_ioctl+0x51e/0x9d0
18:11:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = syz_mount_image$befs(&(0x7f0000000840), &(0x7f0000000880)='./file0\x00', 0x4, 0x9, &(0x7f0000001d40)=[{&(0x7f00000008c0)="9c6d29b45a2792d7e01d61c090c790763c267007", 0x14, 0x5}, {&(0x7f0000000900)="15ef7466dd2e", 0x6, 0x20}, {&(0x7f0000000940)="292ec1980aa6c331376fcf39103f42d9f29eebe6f505362b62c530959b3e56f70b4910ff493271c2b933dc1ae946874f76d1efc592bf7afb337d6172c2a2452f85e3a49064bfd650962edfb744c57ae7bbfb91773cbdee657561ac02fcdeeb6d21fbb3d29a88935dd242e2d582dc4d43010fb234670c3e5d7130007ee8971223665c2f5d71934598dc369eb3b3e162fa160189a8e289a909dc1371711083b19394cbe5559dcfda", 0xa7, 0x3}, {&(0x7f0000000a00)="c7361bf806fe0eaccc33f70a10efa685be8f3b8b0cb2899522f7f4410fdd52f7832b31b326e514e6df6754657b314f8ad52187ad232255d5308eaaf2aea8d916503aa3e09199e0c1cc6b69624acf6df9f22d9c499a4193e5029e617d2285f3752abddd3518d693db0699f9b90f07c354dc796d9c0f98fd2e6c7bc0b8d9cbffef646da9115e8ccdf0883821eef5e277270668531fed0311666bac9a9c25410725a1213d977c088d35108b89224088fb8a9687346495f6752145eb5511c35a27e159defa605d0825bad1c758f0fe2a830d38b2004148a9a895c3", 0xd9, 0x101}, {&(0x7f0000000b00)="73b37cd9c3774969ebe5e1dfbb57f52e7683a09c6ea3747f0f28bf96f813f96558a0d8fecbf720f11720ab8ec6ecbd56631fdf98bfe8f7ea80e8fd4a474884c3d0c49f6d40a306e1d7912bffaf31d4248d499f321b80cc9c056d8f4a93cb855be0064abd4858c469071e5c08755d88d4bd8eaa093e1480a09c429dd491425e00434da1cf226b34f10b3392a4cebec29321470b00fe7d0bc90ef407d7f13bfcaa788eab0ead999b96301adf6ba3e00dc62d39d9ef020916f83fdb30056f42a20c7d429453e13fa11cbe96c34612ffcdca50fe3086ae506647fb595c51c83d6388251f4a8bfbac4da7b185a75f987ed965280a5fa63b977d8afa350ae7700a5daf83f006db692290f7d3dc5dff53ece4fcc71843e0999ac8df98cb9d26a5353fb02907fadc5a5d09eae0bc2abc74e4811b610b7373875f54f333faf62d6b1330be66165447a5fd45681a8066e5e2596beb1f00211000853be3187545dfe0112bea2517f182bcc489a9b077dfa0cd455e1a27c65ce88d22d0de17a4f870e13d94a3ccc48db9b60b4778abad3243594fd29a8b50ff2a65456329321b10e49c52eaf347472d20e6dee45f2e8a255762c75c84589bb100e4dd284688dec3b982f41ab0a6bed2b9b0cf74805b8aab9dfe616f3e5617832739e4de029ae11cb6bb3cbdaa0069d5c361b5e95f010b6120a6a4b7d02535b847b968280d608a51a64efdec827786972c96c3cf9f79f017810e7772b0ce71f41841d5cf2b93f81d6424f40e21944320d016a9265202d95398b03bbc7314bffd6ffe9f485efba416529ecec37c7bbe14982e5826ade43124793ba4c63000afc0fcdc6953c05357320d9a593ddf9e9cd9e5884aef27c9f9550036d540a16ec6b36026304399d1700dd7b4c7abb7baffc428dfae14e7fec333bf5d9e94f8c3ac5d4ca1adf6c861a8f8798cdd13a35e2abd3fce6c263abb5e1ac0167176773de77a48a0b37ae9ccbed5b922e8223c8ba358f959a8472f64e4e738170ac9d73f51c811cd316f11c2f95e3de05d62b38cf8e7a6936dd5ea362c86ea757dd0def20b69d4406c7ef85408e2535ba24f2f5fd04465e155fe58273ff6f4865bc319bc50769a36acbc0f7baaf587c4b184f0f263c5d558e2f18ec2563f3064f2bf5e20c4c9cf207df021ab5f2a1bd614c3e2935f4af91c4b47f9e4a204aed07734eb87db655030ace321e2ee19958398534a21078a291f6d60279db15685f97f5605f7e27d737f512987f2661ffa36768669a968a20dbd2f1a2455fc2c82bc35e30cc32e734b8734a247e1f4f19ed28d5dfa0e17f3034ae7161049c78ddbd3f8c833a3803bbdc50a4f3eaf003dfbd1415b9c8f2f69360c2a5c2a61ac5ea2fe81024902e78be61b29865fd45d55c875abae959ccc0a7e1d15aa1bbff43db78cb2f7ed038b234debf69607054711223c607118261f2c50b224ccad82795f451ab727a7ca10d12943099b8737eaf978e9a10c6ad88f0a2769ab2c18992747f4e934f0da08768bfeba36e58c6fde0dfb6d219cbfc7f6882b840adcf12c0d7fd0c08ee4e9184ca703614458a784354952acbcfaab721e08fb13ff4b5c11fa70280cf64922bb151fcbffee98f41fba157b7a07a1eb4818b2931ca5a32c6045ffd035f3ea9a29a6d8a1ad068e15c96c4fca517fb25fcbd7c7a1a4aee18679066d2c4398bd5da9cf13d06c9ea86a687bd4283411d867cf7d65c407b4311938050174d112e3c962428f8f6650c32e9a6f83136aa938bd49c70f6b9530118522071cb2670aa47142f919ac2b13dd0bc3b86eca95a0565618c0cbf1b91230516520072794b2d8aeffa167cc032d0e996c5732822d3cf3b24b23092bd18a39006b1e231082b2784bbca1a1d859d9bdef12f76428514be77cd2ef1d1e6c8f201cb8f5c883793e008fcb30cac897030231fa0f60da730fbd44b95db28859609c80e77a2acfae6fd6b6fce8b93fa8d00ec606078134d991e63c8581eb77aef17c5b4b5feb7a6d3965c2af12e7d3110dc74f8b8a61d6e4f9d67efa739ff4ecf40072b8cd1b2042856a393a3128f74d87cfc474939bf1c596e2df6434f9323dcdc5451bbf00cea88b16d0494df0e515313b238058ff38ea577c8c3205504dbf8175192ac7f140494db6fcebbc12979f3777f37913a6ef3fc404b28835fc6493412426d3519342c25ed3f9d6547e90fb0950e052a31cd969ef4e67dd68d774f660577045cbfa31033086f699d60a255458e90d5dc1e799bc30481518c620beed04f47ce44faff1db4939eb07f53d091503972663c91805e3ea5627aef7807ded63b184ab5a557a919ab788548a86f592f4e7d36be0f31370badaaf45060f22ead5e9a8ed4efc6a68c96ceeb31180a5ae947dec39595a599b0af92db8373d6cddedfff35c0a5b2164c9e2eecaa1770139459b85a70120c7dd3c31dc58432c3cf698e3e1bfe5bba8e70eb99ef48400f821d6c1e500303a7ad54a765fe8fce10d8ab85d9c698028352bd5f1a5330ba6fd544d973f86799243bffbac82d4b25db64581bdf1f9e640e987fd22ae829c0569023bab8ca1a77ac8539ac5a2773b1886442c2389e65317edeb4cb9b1a96df83ec5ba8ef2dfc8de64db3cedd0bda9429f5666de0c1579734ea360a28a0e31724cd2ca10b73453194591319f51acd2e7f61b4654fd476bf1acb7bc9955c816c484aafbfc1ddcdedc82b7854d02ac5eb55880ccf453f28ef075c6e9059651e6df69fba7c5fba052764db650463eded030ec35cfb035e101dcd3979b99c45d8300d56fdf1ff903bce5cf30220d9b4b7c2ad062d5c682ffd2d1ce37b4f32ec51182d50c055feae9401a9539cd4a3f1fe0fcafe99e310c44ebaba7b43b0c2672d0cff21a5108e826ca560c2e0153ec18d3ff93f255c04f0da19ad4c92a35e7b3fca9aa3e1546328495d8057f6add87e37bcf4336c881c74ca27522536a6b0eef67202db78050a3e1e58b024467d9ecb6fabbb7bf3ad3b9bad00927b29238d98cd040e1d6cd5a5720bb69b313a8132bc00b95068ef6f0e309c895dca3642b75a52a63e2006c27a7a064445a9c062376be9f8abbe4026b42e8d70fdfb33d7ce7d9b7840ab06ada5215d928ada60fff1d5d72a5cc6def24a94a4f435297ef3c4d341bda45efccf614fff906c0bdedc248bcde00ed392164ca5358367769e8ab6126d272bdc54aa93163f2e6428912633835d5346daaf6ae4d38e5ab835ea5bcfd50a086ab43668a6a669f4546b2ad68c45eb03cade0194564f382ebbbd510f01d8d8fd439d88dda68512d697711fa068d2be038a04321f705173f3ebf143808d10be373f119f8ae81f8861d4b6cc9ca530bd074abe6151cba23091ab7d7360d0cf75df71005567959334c14c8225e150d8bea87866393be543e61a4f0b1355795c7c57498423a83928a8390e9776806a2b1beb1a70f23f60dfbb85130a755b8cde4b6de4f7573f54b0ac73ceb1ca00e3a901b56da718e77efcc8827cc0d489a0d4fd0be77967da758fd6494d4833641e8201b12f68c44ca3e7ff0a6be7c57438a5e8063abe9363e41a82fdbeefcb6eb57c0dc2af389b99e9bc05468ac2c8fa9b51f143e2f146ff14e9faf3362d3a5e49ace808dbb7af39c6b6c4272dce24b71c6475e85ac8dff134920d8511cdde2ac3c99b75f370f9e10d93a22fca12b0429cc9faeb545a6a30be04531d4788c5f7828b208925c8f4a05f26da32ed18679ef3c23dac28efdeefe43847a1649b82b2225e0f7f0e965c6a686fbcd21ddf25746c8093595c59ba9c542e91666245b8ebc3a109709ab61c301cf3400a6e353e277f609d2eb692860c6d7f387bb969880426fc7a06e9d8a492caf1c14eeee7d55799a0bd1fd2da8cbe697ab353c3b7421745a19e5d64c6d8760b02193403838aeabe71383fe1363b3eb6ba2c44a42c59fcd012ae93c47ad55782718b80f8e2c799dc40e45e7db5d640cb374e8010fbc2bad0627c4e0ab1e39193c9ee201ca510ff219b6a9c67c8871079b65730330caa5932ea5484cbecdf1c966a2574fbb048844d30e0c742482b8d073cc206485b38f3d5ea1d31b603b54f044c6f1b5331e495dc8c938b3d6c319b56b91b2e9e07eef3d4ded6087a3a84353f2c57035eb5aa948b0b4b430c9773f2ef7b4654432d7f9e571a942d6d9e793aedd8127d57b5d6360c81e848822a40f44f956514b13ad1e3682c77e7ed17f441aeae10e3e92cda58d39ccbeb074f404a35ffc30dc114d92620585925760c0661f24f84f26ee71cbb63c208e7e1887f119eb33b17cb8a03f515da5c42b0e3659c0e623f4f4f1987d6cb2b80939b1baa3a083ee55a32c2f3ab32ee0651f596ad553d83c9cb40e585639fcd6e63c7729c69117a033b7850092f81335c89f52c152af878b0c327f870d30f2af08f335f40c3371967d454c72efe005b038fffede205490c734cd91145c445c72df0230d02ca290f4f95389d802e32c4956f32eca5f8522ae048ecc2cf0b685ac720c15a2bb8c74ca178d12ce07e5e26714ec3f688719691ab0066f3701c584205f877c7cf373f40f569f62dad58c13d0b0e0186da901b29c8523d28c9c5a5a5d8a0d7bc07d889f64f857f7bdf0cb6d30bda8163a9a8b9e2c1d0dcf68945b6c3b1a58f30986a9093b5f73817d2d06c7d32939dfdc88c14decd995d09a18365a2f902e546efd31b46ede8b8d72daec335327a6c4fae752bc97dd432082a9d5beffde92c824506cfe0d79d82930ccb052e2ad33aafe8a76b3aae16bf034ac7a0b9734db0206adbd524bd64ef71f550f5adceb50a18b6d334c2aa60c72c610b4ee4a98135c62ead3c979c84489bcc1636c21538b2169ea684073f5c3a599cb1c9ad50fd37c9fd2faeb95b1345871c01e5bcdf831da066b222ecb1ad2929b13dbf3eedc396ef838fbe68a7f36bafe745f66583cbfc2d06d3739e5c489bdab389e554b8487a432231593648666a2c2caea48bae52db5be136f4e109ae3b2a006a080226087205569923f047150e5c94e0605ae11f33f86b8642b3111dbd1e5def6244b5c4bddee2082179f38ed42eed09bfdd9ad62ad9889e713c2ac715833ff14b9f2039c9bc89d464eec73ee91b3e4ae5a51573f532f4475654e336749f5e608d0e060c6ba9b1775a964269a0c2f85091fd0c242125cc794e14640c8e7758c08c863159c0a442bf022a1cdd23bac793e95536af17d32b6c30f662dd79ce0f5be3a525dcab4e8fb0109732a7bc43891df5263746294ce4f5986f7c830bb66a1b2ce63c12d26e63addb8ac116644827b188b2cedda188e4cc9c21b58104a1643d1d2465b6c90ef73fd2b33394d62c08f64e7ac3fb25103b745c397f3529292784f96bac7facf704b873a659dacb2b986e907940ea0efa86fd3acf00ae087e68ed32664358d7032faac7381d173b6a671f1c7d52c75b987f0d21e9cc30b79df492af888e629232a21294c0b19a32f48fe6d44769b1ad735533c736cfa4356250f51ea74a94b49d9d84db0c5c2b4e577fbaddbfa1a3fa2435c656283f9f7342566e039b0ff17b10f8d7b02c0d2ce3ac262bf5bf00ad997f197e887ffe5ee54e481383e73e63215ce9fb5d0893e5707689048a0e78507c83f5eaeabebdf1aaf71b29d76863e7768428ca1a45d46c04f1176fc8fb9b463b9931a86075eb8832c54366a6224404a3c036215428b5fe2cc0c7aaff225d27dd67a57b37021f7dee62ddd2a39f77fbb5223fea2db74cc4bc352b1d41d8eeca1013b93795354372f48c59479d7e4ce7d9828a3555d2b26c4dffc46f52b", 0x1000, 0x31f}, {&(0x7f0000001b00)="8f1fee44c73c4b5cd0a7dc", 0xb, 0x7ff}, {&(0x7f0000001b40)="91e5ddb59be7379a6f39e6efcc4435e97e8fa5fdbb7040c89340e4bcdf0ca52b14fffb68e9d2013e037ec1a09399c36d1ff93846f82dc3c574059a713ce505c063b9e712acb03bf7a03dae312a013ad61bb25f8ca5a23438e6d5fbed76a23993db8a96b239615a43040304f0884cee70612900ad3fa3e0b50813d285eb4a357bd16e39c951d330d66ee8e5262d35db193e60a456bfa8e5833c28d531f330a693ccbecd15bd7df2c6727c7063fbc2c2cab40150f08765d27b61279b9cbc17780c2f8dae5a148aa27d84", 0xc9, 0x6}, {&(0x7f0000001c40)="7f38dfbc13", 0x5, 0x8000}, {&(0x7f0000001c80)="c4de20a6c5bee70ce5f16670b63b70db22cd183c87cfb3e7d1da9567cb866d4faf522c737cfeadd35e215f1b2af895f746935f4cacd8850c32bfd4d4d793a185ca1ff1139e45ed63df1474834ac544c59b7851783589d81bcdadb2854f3556390bb434f425adff7f1d96e411c8a5ea1b2f30b8ec9f1036d7d16444ac57526173ffa71a924e7963dbf671ab52cf3e449bb18a7d5033e1fc133aa7f4cac5b9d5ff479c4c5b443f4f82ff45178c0cc9ba10b0", 0xb1, 0x3}], 0x48, &(0x7f0000001e40)={[{'^'}, {}, {'\\'}, {'/dev/nmem0\x00'}, {'/dev/dri/card#\x00'}], [{@pcr={'pcr', 0x3d, 0x21}}, {@dont_measure}, {@audit}, {@context={'context', 0x3d, 'user_u'}}, {@dont_hash}]})
openat(r4, &(0x7f0000001ec0)='./file0\x00', 0x488180, 0xc)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r6 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x0, 0x88)
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r8 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="10fcffff0f0000000000000004000000d94a1d4df0f23958a2ff05418814608e1971bfdf9ceaefd2dedca06118eb0c356be5bd9e182ace627bfb86be7e9d9a2503ee3879736a59cc84718383"], 0x10}}, 0x0)
r9 = socket$qrtr(0x2a, 0x2, 0x0)
io_submit(0x0, 0x7, &(0x7f0000000740)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x8, r6, &(0x7f00000001c0)="06725472241853bdc6f83f61d6e412c7bc6f75ffc7d2859136c7f5115882abc5d9df14614ab241f69aadfa4be7538d0edd7703e516839a2f39f60972596e9123a7d1881054b3fe8d007fc98628bc9164b3e1600bc3f2c7b3a5ae0d840f7d9c1a6fae7107cdff0d725a82488ded0632247eaece1bdf8bc7ad8096555ab1d1", 0x7e, 0xff, 0x0, 0x1, r0}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x8, r3, &(0x7f0000000240)="7aa7e196fd0926f9c9ce8050ff12a320507340f3d9c6c0d1884b5336232e6162a4ba27a72628f4fd9853b9d529d6c64eddb8ee5bf800eef4586223c133e459c8d816229813be37f20280586465afe0df090daf50c71fd5", 0x57, 0x0, 0x0, 0x2, r0}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x6, 0x80, r0, &(0x7f00000002c0)="6f6e664350aa7c13137392426edb74521e8521c1c364957f858af71ccc49ef98985f0b68b5bd39a2d0d1f691d0726c05a9f1f1c36e511490573257d55c8ae750811e4e20334c90f567933fcdbffc67a6bd7b4e79939afa79542a3f04ff9ffd69c8ca821aa449af203ab7154cd0a0412a993da4f8ac9de59dde4f920768efb0e45ebc4b1b35317995aece83c04784ba224a512755e88f472c9b2eca322510b790794bcd023dad5e", 0xa7, 0x2702, 0x0, 0x1, r7}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0xadddd589a2e55921, 0x3, 0xffffffffffffffff, &(0x7f00000003c0)="d707f235a949f16cfb49ffc84d5941dcee46e6948af82ee9b3c3039f34c69d07ee302b7abc6280896edbd79a36250810968d017216c929b0ad88f1a49f0f26252ce540e2ee7cc02c212f01e85b7bb4a34f7f9629ca27b741feac81d109d37a0b11b7b7301b9cebc1b755bc73e09d9399b3", 0x71, 0x5, 0x0, 0x2, r2}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0x0, r8, &(0x7f0000000500)="c17bf96e7f1a405b0d4d866d3d4634ebca49cae16704e05cbe79f062442a52b4867142c660e6bb97acfe97ff9321919f3d5aa03846dbc841fa39903012905683c0e7dd1fa271ffe1fc2cffd9c4196b338458c907ce7c6443f9b5f11c62a61153434415704ae00a8daf9a837243a72f15099dab27a58b8ba6b550ba646aab47eec68d701d04812b42cf85ea616b1d808530807a7c832712b28df65dba806757eed55d32b77e6b77be16c8f1901b3961278ff67d749ef656d359e6b44f17994527d60035b5732a762366a97ffab2aa748312453327ff3837df166bfbfcba", 0xdd, 0xfffffffffffff000, 0x0, 0x1, r0}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x6, r2, &(0x7f0000000600)="f13dc8fa4eb2847859857ed1091830562f43f243152be96562214384", 0x1c, 0x100000001, 0x0, 0x3, r0}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x5, 0x20, r9, &(0x7f0000000680)="532617b206157ccda755c65e34c2065d3dbfe103a91c134cd3ab319f68a8e09563fedb0d119864fcd150b4388c12a84345d00d4ca99a65fee587fdef9b62ad25e57bf38c3e615552204833fb1dbc47ad8b5c65bc4039f6732db6181d790cb128ccdfd1504c20aa6606", 0x69, 0x3ff, 0x0, 0x1, r1}])

[ 1659.356052][T15171]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1659.364340][T15171]  ? drm_version+0x3d0/0x3d0
[ 1659.368953][T15171]  ? __fget_files+0x23d/0x3e0
[ 1659.374155][T15171]  ? security_file_ioctl+0x5c/0xb0
[ 1659.389618][T15171]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1659.397108][T15171]  ? drm_version+0x3d0/0x3d0
[ 1659.402612][T15171]  __x64_sys_ioctl+0x193/0x200
[ 1659.408190][T15171]  do_syscall_64+0x35/0xb0
[ 1659.413263][T15171]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1659.420301][T15171] RIP: 0033:0x7f3352e67ae9
[ 1659.425582][T15171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1659.447659][T15171] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1659.457357][T15171] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1659.467182][T15171] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1659.477022][T15171] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1659.486056][T15171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1659.495456][T15171] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1659.504702][T15171]  </TASK>
18:12:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 41)

18:12:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1659.625213][T15196] FAULT_INJECTION: forcing a failure.
[ 1659.625213][T15196] name failslab, interval 1, probability 0, space 0, times 0
18:12:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x1, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f00000008c0)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000140)={r7})
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x433, 0x3, 0x9})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1659.644664][T15196] CPU: 3 PID: 15196 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1659.656513][T15196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1659.668921][T15196] Call Trace:
[ 1659.673607][T15196]  <TASK>
[ 1659.677435][T15196]  dump_stack_lvl+0xcd/0x134
[ 1659.683360][T15196]  should_fail.cold+0x5/0xa
[ 1659.688676][T15196]  should_failslab+0x5/0x10
[ 1659.694015][T15196]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1659.700396][T15196]  drm_prime_pages_to_sg+0x49/0x130
[ 1659.706559][T15196]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1659.713709][T15196]  drm_gem_map_dma_buf+0xd7/0x1e0
[ 1659.720514][T15196]  dma_buf_map_attachment+0x39a/0x5b0
[ 1659.727605][T15196]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1659.735348][T15196]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1659.741869][T15196]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1659.748821][T15196]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1659.755273][T15196]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
18:12:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE(r0, 0xc01064c2, &(0x7f0000000040))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1659.762459][T15196]  drm_ioctl_kernel+0x27d/0x4e0
[ 1659.769246][T15196]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1659.777567][T15196]  ? drm_setversion+0x8b0/0x8b0
[ 1659.784215][T15196]  drm_ioctl+0x51e/0x9d0
[ 1659.790784][T15196]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1659.799292][T15196]  ? drm_version+0x3d0/0x3d0
[ 1659.805604][T15196]  ? __fget_files+0x23d/0x3e0
[ 1659.811322][T15196]  ? security_file_ioctl+0x5c/0xb0
[ 1659.817704][T15196]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1659.825873][T15196]  ? drm_version+0x3d0/0x3d0
[ 1659.831765][T15196]  __x64_sys_ioctl+0x193/0x200
[ 1659.837678][T15196]  do_syscall_64+0x35/0xb0
[ 1659.843283][T15196]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1659.850487][T15196] RIP: 0033:0x7f3352e67ae9
[ 1659.855151][T15196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1659.875641][T15196] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1659.885764][T15196] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1659.895704][T15196] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1659.905780][T15196] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1659.915715][T15196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1659.924391][T15196] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1659.932593][T15196]  </TASK>
[ 1659.935858][    C3] vkms_vblank_simulate: vblank timer overrun
18:12:00 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x577f, &(0x7f0000000000))

18:12:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r5 = pidfd_open(0xffffffffffffffff, 0x0)
preadv(r5, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/228, 0xe4}, {&(0x7f00000002c0)=""/150, 0x96}], 0x2, 0x3, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000040)=0x10000)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={&(0x7f0000000380)=[0x3, 0x3, 0x4800, 0x6, 0x2, 0x6, 0x2, 0x3], 0x8, 0x0, 0x9, 0xfa, 0x7fe, 0x9, 0x6c, {0x1, 0x7fff, 0xccd, 0x0, 0x3, 0x3f, 0x40, 0x9, 0xfffb, 0x800, 0x4, 0x6, 0x2, 0x7, "e077a455cb5bcb480bd3102e9500"}})

18:12:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 42)

[ 1660.054903][T15208] FAULT_INJECTION: forcing a failure.
[ 1660.054903][T15208] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1660.069843][T15208] CPU: 3 PID: 15208 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1660.081841][T15208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1660.092165][T15208] Call Trace:
[ 1660.095644][T15208]  <TASK>
[ 1660.098800][T15208]  dump_stack_lvl+0xcd/0x134
[ 1660.104011][T15208]  should_fail.cold+0x5/0xa
[ 1660.109567][T15208]  prepare_alloc_pages+0x17b/0x570
[ 1660.115661][T15208]  __alloc_pages+0x12f/0x500
[ 1660.121095][T15208]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1660.128288][T15208]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1660.134322][T15208]  alloc_pages_vma+0xf3/0x7d0
[ 1660.138953][T15208]  shmem_alloc_page+0x11f/0x1f0
[ 1660.143942][T15208]  ? shmem_link+0x360/0x360
[ 1660.149369][T15208]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1660.156404][T15208]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1660.162655][T15208]  ? percpu_counter_add_batch+0xbd/0x180
[ 1660.168369][T15208]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1660.174153][T15208]  ? __vm_enough_memory+0x184/0x360
[ 1660.181013][T15208]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1660.188350][T15208]  shmem_getpage_gfp+0x643/0x22d0
[ 1660.193686][T15208]  ? shmem_is_huge+0x2f0/0x2f0
[ 1660.199652][T15208]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1660.207992][T15208]  ? shmem_fault+0x750/0x750
[ 1660.214024][T15208]  ? __kasan_kmalloc+0xa6/0xd0
[ 1660.221029][T15208]  drm_gem_get_pages+0x291/0x5d0
[ 1660.227219][T15208]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1660.234878][T15208]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1660.242808][T15208]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1660.249348][T15208]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1660.257163][T15208]  drm_gem_pin+0x64/0x90
[ 1660.262548][T15208]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1660.268626][T15208]  dma_buf_dynamic_attach+0x206/0xb40
[ 1660.275591][T15208]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1660.283345][T15208]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1660.290881][T15208]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1660.298152][T15208]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1660.305287][T15208]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1660.313226][T15208]  drm_ioctl_kernel+0x27d/0x4e0
[ 1660.319887][T15208]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1660.327907][T15208]  ? drm_setversion+0x8b0/0x8b0
[ 1660.333933][T15208]  drm_ioctl+0x51e/0x9d0
[ 1660.339693][T15208]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1660.347320][T15208]  ? drm_version+0x3d0/0x3d0
[ 1660.352829][T15208]  ? __fget_files+0x23d/0x3e0
[ 1660.358842][T15208]  ? security_file_ioctl+0x5c/0xb0
[ 1660.364990][T15208]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1660.372197][T15208]  ? drm_version+0x3d0/0x3d0
[ 1660.378158][T15208]  __x64_sys_ioctl+0x193/0x200
[ 1660.383868][T15208]  do_syscall_64+0x35/0xb0
[ 1660.389339][T15208]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1660.396796][T15208] RIP: 0033:0x7f3352e67ae9
[ 1660.402346][T15208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1660.425917][T15208] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1660.436733][T15208] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1660.446494][T15208] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1660.455717][T15208] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1660.465721][T15208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1660.475613][T15208] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1660.485348][T15208]  </TASK>
[ 1660.489672][    C3] vkms_vblank_simulate: vblank timer overrun
18:12:01 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 43)

18:12:01 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
splice(r1, &(0x7f0000000040)=0x100000001, r1, &(0x7f0000000140)=0x7fffffff, 0x9, 0x5)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:01 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x5c7f, &(0x7f0000000000))

[ 1660.620568][T15217] FAULT_INJECTION: forcing a failure.
[ 1660.620568][T15217] name failslab, interval 1, probability 0, space 0, times 0
[ 1660.639835][T15217] CPU: 1 PID: 15217 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1660.662788][T15217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1660.674433][T15217] Call Trace:
[ 1660.678285][T15217]  <TASK>
[ 1660.681105][T15217]  dump_stack_lvl+0xcd/0x134
[ 1660.685807][T15217]  should_fail.cold+0x5/0xa
[ 1660.690275][T15217]  should_failslab+0x5/0x10
[ 1660.694604][T15217]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1660.701008][T15217]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1660.708069][T15217]  ? dma_map_sgtable+0xb3/0xf0
[ 1660.713256][T15217]  __drm_gem_shmem_create+0x3d8/0x470
[ 1660.719353][T15217]  drm_gem_shmem_prime_import_sg_table+0x70/0x100
[ 1660.726828][T15217]  drm_gem_prime_import_dev.part.0+0xf9/0x220
[ 1660.733415][T15217]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1660.739238][T15217]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1660.745929][T15217]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1660.751863][T15217]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1660.758044][T15217]  drm_ioctl_kernel+0x27d/0x4e0
[ 1660.763404][T15217]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1660.770417][T15217]  ? drm_setversion+0x8b0/0x8b0
[ 1660.776558][T15217]  drm_ioctl+0x51e/0x9d0
[ 1660.782907][T15217]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1660.791062][T15217]  ? drm_version+0x3d0/0x3d0
[ 1660.797838][T15217]  ? __fget_files+0x23d/0x3e0
[ 1660.803833][T15217]  ? security_file_ioctl+0x5c/0xb0
[ 1660.810265][T15217]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1660.818068][T15217]  ? drm_version+0x3d0/0x3d0
[ 1660.823925][T15217]  __x64_sys_ioctl+0x193/0x200
[ 1660.829365][T15217]  do_syscall_64+0x35/0xb0
[ 1660.834696][T15217]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1660.841774][T15217] RIP: 0033:0x7f3352e67ae9
[ 1660.847035][T15217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1660.869070][T15217] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1660.878882][T15217] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1660.888390][T15217] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1660.898477][T15217] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1660.908505][T15217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1660.918422][T15217] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1660.927152][T15217]  </TASK>
18:12:01 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 44)

18:12:01 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000040)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1661.067155][T15230] FAULT_INJECTION: forcing a failure.
18:12:01 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f45, &(0x7f0000000000))

[ 1661.067155][T15230] name failslab, interval 1, probability 0, space 0, times 0
[ 1661.085463][T15230] CPU: 3 PID: 15230 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1661.094795][T15230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1661.103172][T15230] Call Trace:
[ 1661.106777][T15230]  <TASK>
[ 1661.110136][T15230]  dump_stack_lvl+0xcd/0x134
[ 1661.115136][T15230]  should_fail.cold+0x5/0xa
[ 1661.120340][T15230]  should_failslab+0x5/0x10
[ 1661.125776][T15230]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1661.131557][T15230]  drm_prime_pages_to_sg+0x49/0x130
[ 1661.137454][T15230]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1661.143746][T15230]  drm_gem_map_dma_buf+0xd7/0x1e0
[ 1661.149300][T15230]  dma_buf_map_attachment+0x39a/0x5b0
[ 1661.155408][T15230]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1661.162331][T15230]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1661.168728][T15230]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1661.174904][T15230]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1661.180877][T15230]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1661.187937][T15230]  drm_ioctl_kernel+0x27d/0x4e0
[ 1661.192366][T15230]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1661.198685][T15230]  ? drm_setversion+0x8b0/0x8b0
[ 1661.203328][T15230]  drm_ioctl+0x51e/0x9d0
[ 1661.207292][T15230]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1661.212927][T15230]  ? drm_version+0x3d0/0x3d0
[ 1661.217651][T15230]  ? __fget_files+0x23d/0x3e0
[ 1661.222713][T15230]  ? security_file_ioctl+0x5c/0xb0
[ 1661.228762][T15230]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1661.237337][T15230]  ? drm_version+0x3d0/0x3d0
[ 1661.242200][T15230]  __x64_sys_ioctl+0x193/0x200
[ 1661.247094][T15230]  do_syscall_64+0x35/0xb0
[ 1661.251623][T15230]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1661.257846][T15230] RIP: 0033:0x7f3352e67ae9
[ 1661.262198][T15230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1661.281834][T15230] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1661.291710][T15230] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1661.300574][T15230] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1661.308764][T15230] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1661.315929][T15230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1661.323236][T15230] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1661.331833][T15230]  </TASK>
[ 1661.335419][    C3] vkms_vblank_simulate: vblank timer overrun
18:12:01 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 45)

18:12:01 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1661.429313][T15240] FAULT_INJECTION: forcing a failure.
[ 1661.429313][T15240] name failslab, interval 1, probability 0, space 0, times 0
[ 1661.457838][T15240] CPU: 1 PID: 15240 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1661.468778][T15240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1661.481292][T15240] Call Trace:
[ 1661.485165][T15240]  <TASK>
[ 1661.488789][T15240]  dump_stack_lvl+0xcd/0x134
[ 1661.494669][T15240]  should_fail.cold+0x5/0xa
[ 1661.500508][T15240]  should_failslab+0x5/0x10
[ 1661.506364][T15240]  __kmalloc+0x7b/0x4d0
[ 1661.511371][T15240]  ? sg_alloc_append_table_from_pages+0x699/0xdb0
[ 1661.520428][T15240]  ? lock_chain_count+0x20/0x20
[ 1661.527051][T15240]  sg_alloc_append_table_from_pages+0x699/0xdb0
[ 1661.535150][T15240]  sg_alloc_table_from_pages_segment+0xc9/0x260
[ 1661.543890][T15240]  ? sg_zero_buffer+0x1a0/0x1a0
[ 1661.550129][T15240]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1661.558776][T15240]  ? dma_get_required_mask+0xbf/0xf0
[ 1661.565721][T15240]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 1661.572520][T15240]  drm_prime_pages_to_sg+0xc7/0x130
[ 1661.578233][T15240]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1661.584399][T15240]  drm_gem_map_dma_buf+0xd7/0x1e0
[ 1661.590251][T15240]  dma_buf_map_attachment+0x39a/0x5b0
[ 1661.595990][T15240]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1661.602017][T15240]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1661.608058][T15240]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1661.615211][T15240]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1661.621305][T15240]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1661.627244][T15240]  drm_ioctl_kernel+0x27d/0x4e0
[ 1661.632941][T15240]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1661.639547][T15240]  ? drm_setversion+0x8b0/0x8b0
[ 1661.644673][T15240]  drm_ioctl+0x51e/0x9d0
[ 1661.648757][T15240]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1661.655181][T15240]  ? drm_version+0x3d0/0x3d0
[ 1661.659662][T15240]  ? __fget_files+0x23d/0x3e0
[ 1661.664747][T15240]  ? security_file_ioctl+0x5c/0xb0
[ 1661.670690][T15240]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1661.678034][T15240]  ? drm_version+0x3d0/0x3d0
[ 1661.683986][T15240]  __x64_sys_ioctl+0x193/0x200
[ 1661.689708][T15240]  do_syscall_64+0x35/0xb0
[ 1661.695172][T15240]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1661.701574][T15240] RIP: 0033:0x7f3352e67ae9
[ 1661.706565][T15240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1661.731251][T15240] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1661.742574][T15240] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1661.751835][T15240] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1661.762143][T15240] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1661.772097][T15240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1661.782105][T15240] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1661.792685][T15240]  </TASK>
18:12:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
fcntl$setstatus(r2, 0x4, 0x40c00)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000040)='./file0\x00', r2}, 0x10)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:02 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 46)

18:12:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:02 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f47, &(0x7f0000000000))

[ 1661.916098][T15248] FAULT_INJECTION: forcing a failure.
[ 1661.916098][T15248] name failslab, interval 1, probability 0, space 0, times 0
[ 1661.934510][T15248] CPU: 3 PID: 15248 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1661.944548][T15248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1661.956066][T15248] Call Trace:
[ 1661.959521][T15248]  <TASK>
[ 1661.963365][T15248]  dump_stack_lvl+0xcd/0x134
[ 1661.969489][T15248]  should_fail.cold+0x5/0xa
[ 1661.975272][T15248]  should_failslab+0x5/0x10
[ 1661.980708][T15248]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1661.987983][T15248]  ? drm_vma_node_allow+0x21a/0x2e0
[ 1661.994174][T15248]  drm_prime_add_buf_handle+0x51/0x4a0
[ 1662.000837][T15248]  drm_gem_prime_fd_to_handle+0x35c/0x550
[ 1662.007835][T15248]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1662.014555][T15248]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1662.021778][T15248]  drm_ioctl_kernel+0x27d/0x4e0
[ 1662.027662][T15248]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1662.035328][T15248]  ? drm_setversion+0x8b0/0x8b0
[ 1662.041085][T15248]  drm_ioctl+0x51e/0x9d0
[ 1662.046300][T15248]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1662.053874][T15248]  ? drm_version+0x3d0/0x3d0
[ 1662.059533][T15248]  ? __fget_files+0x23d/0x3e0
[ 1662.065063][T15248]  ? security_file_ioctl+0x5c/0xb0
[ 1662.070809][T15248]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1662.078008][T15248]  ? drm_version+0x3d0/0x3d0
[ 1662.082655][T15248]  __x64_sys_ioctl+0x193/0x200
[ 1662.087418][T15248]  do_syscall_64+0x35/0xb0
[ 1662.092679][T15248]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1662.099595][T15248] RIP: 0033:0x7f3352e67ae9
[ 1662.104845][T15248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1662.126411][T15248] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1662.135121][T15248] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1662.143645][T15248] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1662.152036][T15248] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1662.161229][T15248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1662.169191][T15248] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1662.178584][T15248]  </TASK>
[ 1662.182140][    C3] vkms_vblank_simulate: vblank timer overrun
18:12:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x8, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7ff, 0xffffffa3, 0xd6, 0x0, <r5=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$binfmt_elf32(r2, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x3, 0x2e, 0x0, 0x4e, 0x2, 0x3e, 0x2, 0x25f, 0x38, 0xbc, 0x7ff, 0x0, 0x20, 0x2, 0x7, 0x5, 0x8000}, [{0x2, 0x7, 0x8, 0xf7ed5a53, 0x0, 0x8, 0x968, 0x5}], "62dc2f287e533ddbd2c8b6de9a5cdf22cd3aa4cfd09bb4fb4ea46d3e91ced37133460f48e8e7d83f6f217d9ba3c3a6ad2274f1e49275fe2ab9b50bfa95807806ccdaede847be82eaee5454410711323f21abb1877dd72d76b69940ca15499e0520a3a9a6376212b9c849637258b5337aa0d5a736c390a0452588229057e6ddd46096bafdec43da537a56c9a85aaec18ca6b2b519ab916e284455ea734dd4c665fab00a0cb1d75d878e14cd6f04c2e5baf9503cd99f4651cc3d437b201f1457d89de770700b00cb40e5c7757f1a0463", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa27)

18:12:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x50, r0, 0xac13c000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x8, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:02 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f50, &(0x7f0000000000))

18:12:02 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 47)

[ 1662.330508][T15260] FAULT_INJECTION: forcing a failure.
[ 1662.330508][T15260] name failslab, interval 1, probability 0, space 0, times 0
[ 1662.350457][T15260] CPU: 2 PID: 15260 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1662.360818][T15260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1662.376269][T15260] Call Trace:
[ 1662.381500][T15260]  <TASK>
[ 1662.385110][T15260]  dump_stack_lvl+0xcd/0x134
[ 1662.392115][T15260]  should_fail.cold+0x5/0xa
[ 1662.398996][T15260]  ? drm_ioctl+0x51e/0x9d0
[ 1662.404171][T15260]  should_failslab+0x5/0x10
[ 1662.409503][T15260]  kmem_cache_alloc+0x5d/0x560
[ 1662.415506][T15260]  ? __lock_acquire+0x162f/0x54a0
[ 1662.421630][T15260]  radix_tree_node_alloc.constprop.0+0x1e4/0x350
[ 1662.429750][T15260]  idr_get_free+0x554/0xa60
[ 1662.435264][T15260]  idr_alloc_u32+0x16c/0x2c0
[ 1662.440743][T15260]  ? __fprop_add_percpu_max+0x1a0/0x1a0
[ 1662.447496][T15260]  ? lock_release+0x720/0x720
[ 1662.453249][T15260]  idr_alloc+0xc2/0x130
[ 1662.458946][T15260]  ? idr_alloc_u32+0x2c0/0x2c0
[ 1662.464843][T15260]  ? rwlock_bug.part.0+0x90/0x90
[ 1662.470711][T15260]  drm_gem_handle_create_tail+0xf6/0x570
[ 1662.477210][T15260]  drm_gem_prime_fd_to_handle+0x29a/0x550
[ 1662.484333][T15260]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1662.491901][T15260]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1662.499870][T15260]  drm_ioctl_kernel+0x27d/0x4e0
[ 1662.506429][T15260]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1662.514323][T15260]  ? drm_setversion+0x8b0/0x8b0
[ 1662.520550][T15260]  drm_ioctl+0x51e/0x9d0
[ 1662.525137][T15260]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1662.532241][T15260]  ? drm_version+0x3d0/0x3d0
[ 1662.539246][T15260]  ? __fget_files+0x23d/0x3e0
[ 1662.546065][T15260]  ? security_file_ioctl+0x5c/0xb0
[ 1662.554819][T15260]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1662.561212][T15260]  ? drm_version+0x3d0/0x3d0
[ 1662.566435][T15260]  __x64_sys_ioctl+0x193/0x200
[ 1662.571989][T15260]  do_syscall_64+0x35/0xb0
[ 1662.577872][T15260]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1662.586144][T15260] RIP: 0033:0x7f3352e67ae9
[ 1662.591278][T15260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1662.613705][T15260] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1662.623223][T15260] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1662.635851][T15260] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1662.646899][T15260] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1662.657981][T15260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1662.669078][T15260] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1662.678217][T15260]  </TASK>
[ 1662.837141][T15272] FAULT_INJECTION: forcing a failure.
18:12:03 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 48)

18:12:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1662.837141][T15272] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1662.853163][T15272] CPU: 0 PID: 15272 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1662.863578][T15272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1662.874097][T15272] Call Trace:
[ 1662.878602][T15272]  <TASK>
18:12:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
recvmmsg$unix(r2, &(0x7f0000002b40)=[{{&(0x7f00000001c0), 0x6e, &(0x7f0000000580)=[{&(0x7f0000000240)=""/102, 0x66}, {&(0x7f00000002c0)=""/7, 0x7}, {&(0x7f0000000300)=""/28, 0x1c}, {&(0x7f0000000340)=""/84, 0x54}, {&(0x7f00000003c0)=""/83, 0x53}, {&(0x7f0000000440)=""/60, 0x3c}, {&(0x7f0000000500)=""/78, 0x4e}], 0x7, &(0x7f0000001340)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000000600)=@abs, 0x6e, &(0x7f0000000b00)=[{&(0x7f0000000680)=""/198, 0xc6}, {&(0x7f0000000780)=""/38, 0x26}, {&(0x7f00000007c0)=""/162, 0xa2}, {&(0x7f0000000880)=""/70, 0x46}, {&(0x7f0000000900)=""/241, 0xf1}, {&(0x7f0000000a00)=""/202, 0xca}], 0x6, &(0x7f0000000b80)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}, {{&(0x7f0000000c40), 0x6e, &(0x7f0000000e40)=[{&(0x7f0000000cc0)=""/182, 0xb6}, {&(0x7f0000000d80)=""/137, 0x89}], 0x2, &(0x7f0000000e80)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r5=>0x0}}}], 0x60}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000f00)=""/81, 0x51}, {&(0x7f0000000f80)=""/78, 0x4e}, {&(0x7f0000001000)=""/183, 0xb7}, {&(0x7f00000010c0)=""/112, 0x70}, {&(0x7f0000001140)=""/206, 0xce}, {&(0x7f0000001240)=""/144, 0x90}, {&(0x7f0000001300)=""/51, 0x33}, {&(0x7f0000001340)}, {&(0x7f0000001380)=""/77, 0x4d}], 0x9}}, {{&(0x7f00000014c0), 0x6e, &(0x7f0000002800)=[{&(0x7f0000001540)=""/186, 0xba}, {&(0x7f0000001600)=""/43, 0x2b}, {&(0x7f0000001640)=""/242, 0xf2}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000002740)=""/6, 0x6}, {&(0x7f0000002780)=""/82, 0x52}], 0x6, &(0x7f0000002880)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc8}}, {{&(0x7f0000002980), 0x6e, &(0x7f0000002a00), 0x0, &(0x7f0000002ec0)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x110}}], 0x6, 0x40, 0x0)
lstat(&(0x7f0000002cc0)='./file0\x00', &(0x7f0000002d00)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140), 0x40001, &(0x7f0000002d80)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0xffffffffffffffff}}, {@allow_other}]}})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1662.882410][T15272]  dump_stack_lvl+0xcd/0x134
[ 1662.888954][T15272]  should_fail.cold+0x5/0xa
[ 1662.895858][T15272]  prepare_alloc_pages+0x17b/0x570
[ 1662.904001][T15272]  __alloc_pages+0x12f/0x500
[ 1662.910372][T15272]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1662.920202][T15272]  ? find_held_lock+0x2d/0x110
[ 1662.925412][T15272]  ? lock_downgrade+0x6e0/0x6e0
[ 1662.930447][T15272]  ? slow_virt_to_phys+0x2d0/0x2d0
[ 1662.935061][T15272]  ? do_raw_spin_lock+0x120/0x2b0
[ 1662.939740][T15272]  ? rwlock_bug.part.0+0x90/0x90
[ 1662.945886][T15272]  alloc_pages+0x1a7/0x300
[ 1662.950999][T15272]  ? do_raw_spin_unlock+0x171/0x230
[ 1662.956624][T15272]  __change_page_attr_set_clr+0x3d8/0x1ec0
[ 1662.964181][T15272]  ? static_protections+0x670/0x670
[ 1662.970480][T15272]  ? __mutex_unlock_slowpath+0x157/0x5e0
[ 1662.977758][T15272]  ? wait_for_completion_io+0x270/0x270
[ 1662.985634][T15272]  ? walk_system_ram_range+0x16b/0x1d0
[ 1662.992630][T15272]  ? _vm_unmap_aliases.part.0+0x41a/0x500
[ 1662.999791][T15272]  change_page_attr_set_clr+0x333/0x500
[ 1663.005743][T15272]  ? __change_page_attr_set_clr+0x1ec0/0x1ec0
[ 1663.014058][T15272]  ? drm_gem_get_pages+0x42c/0x5d0
[ 1663.022550][T15272]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1663.029865][T15272]  ? pat_init+0x3e0/0x3e0
[ 1663.039745][T15272]  _set_pages_array+0x1c4/0x220
[ 1663.046305][T15272]  drm_gem_shmem_get_pages+0x1b9/0x250
[ 1663.052602][T15272]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1663.058447][T15272]  drm_gem_pin+0x64/0x90
[ 1663.063985][T15272]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1663.073936][T15272]  dma_buf_dynamic_attach+0x206/0xb40
[ 1663.082616][T15272]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1663.091497][T15272]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1663.098387][T15272]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1663.104095][T15272]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1663.110497][T15272]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1663.117041][T15272]  drm_ioctl_kernel+0x27d/0x4e0
[ 1663.122479][T15272]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1663.128939][T15272]  ? drm_setversion+0x8b0/0x8b0
[ 1663.134598][T15272]  drm_ioctl+0x51e/0x9d0
[ 1663.139306][T15272]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1663.146466][T15272]  ? drm_version+0x3d0/0x3d0
[ 1663.151089][T15272]  ? __fget_files+0x23d/0x3e0
[ 1663.155645][T15272]  ? security_file_ioctl+0x5c/0xb0
[ 1663.167061][T15272]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1663.173251][T15272]  ? drm_version+0x3d0/0x3d0
[ 1663.178576][T15272]  __x64_sys_ioctl+0x193/0x200
[ 1663.184271][T15272]  do_syscall_64+0x35/0xb0
[ 1663.192291][T15272]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1663.198741][T15272] RIP: 0033:0x7f3352e67ae9
[ 1663.203257][T15272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1663.229275][T15272] RSP: 002b:00007f33503dd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1663.239854][T15272] RAX: ffffffffffffffda RBX: 00007f3352f7af60 RCX: 00007f3352e67ae9
[ 1663.250712][T15272] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1663.261074][T15272] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1663.270825][T15272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1663.280953][T15272] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1663.292108][T15272]  </TASK>
18:12:03 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f51, &(0x7f0000000000))

18:12:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 49)

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f52, &(0x7f0000000000))

[ 1663.720940][T15287] FAULT_INJECTION: forcing a failure.
[ 1663.720940][T15287] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1663.737912][T15287] CPU: 2 PID: 15287 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller #0
[ 1663.748700][T15287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1663.760567][T15287] Call Trace:
[ 1663.770494][T15287]  <TASK>
[ 1663.774112][T15287]  dump_stack_lvl+0xcd/0x134
[ 1663.779858][T15287]  should_fail.cold+0x5/0xa
[ 1663.785606][T15287]  _copy_to_user+0x2c/0x150
18:12:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000800), 0x404000, 0x0)
read$FUSE(r0, &(0x7f0000000840)={0x2020, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
mount$fuse(0x0, &(0x7f0000000480)='./file1\x00', &(0x7f00000007c0), 0x104008, &(0x7f0000002880)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x3000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x3}}, {@max_read={'max_read', 0x3d, 0x400}}, {@blksize}, {@blksize={'blksize', 0x3d, 0x800}}], [{@obj_type}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@measure}, {@permit_directio}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/dri/card#\x00'}}, {@dont_measure}]}})
r5 = syz_mount_image$xfs(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffe1, 0x7, &(0x7f0000000600)=[{&(0x7f0000000200)="4fb35df1863e5629db2edc57c24200ff7c32b99178005261120881153d5ccb2fe4c2a5e78b3e0d7ae3e4659c9ccc2639e532fbcd86aea617039c7f161d4af47b0041a511591f2719a3af48b765d99ead4e0e8c3a7093b036ccf13f9fa18f33c0156ca7d150951adcca90742d93b3dee6adf7a6c125c6a344fde61d2b", 0x7c, 0x8}, {&(0x7f0000000280)="9e5e086c554071d7a026bd4b4f927aa7adf8b0d8dc977ac02fc8055bd894bf59269bb4f85a302c4780", 0x29, 0x9d5}, {&(0x7f00000002c0)="d197250130996b1dd5f4b83399093f1267a372d5532c7d4a9f86ba3675ab555c6bf3e35e13cf0a25dc785c317e6da2f9f932443616bc35f11a2183eb488bec779445a1eebe29b2941172759b4c9abd37adcfe3e92a269c0b0f356e21170618b5c5dc35af3ce01c12e852147bae633eba7b2ff889c27f", 0x76}, {&(0x7f0000000340)="ec8454a426d7eb8db6b8e4a57aa98a86b9c0c24ae46655d9ddddf0f36f76df0e1a1e2088fd3fc7f7eae2bc200dd73f416804b01562d1045b3ad41776092322a46c8801d0a394a5a099a1177e654f0b5510125357f1ef4c9d6d", 0x59, 0x2}, {&(0x7f00000003c0)="bab1aa3c17db121bb7ed9732b9967b1ffd1bb35ca907de44b27a18a9bc7f9ad0097903ff6dcbfbb4da708d9d0f64c2b0cb2d65d697c42ac19d67e4d96193f72d2a340bb39bc05ab85586e21f9e0d146c3413af778af7bb69834e6d5d216b0c9753b0bc0e75997b9089c3585391cadac9fc37a124d13381147fb366e682ed8c8bc23a4c1323a3184073e78ee2e8e846ccbb1e", 0x92, 0x7fffffff}, {&(0x7f0000000500)="5572379e7954c6a109efa11078824a28530863d464db2177734c464525752781de064cf15c502e4d3fb037fe451d5d486d4223d4d09458754a642b1b1fb92de2bc9c4091d1ba685711276b531998979f475accc90930", 0x56, 0x7}, {&(0x7f0000000580)="3d66c85063974bd9dcbeb96a5a8e6e62bab8622b49343cdaecdad9c3dfc623c980918c4580c823b58f90ccea299b467de642aed9bf28276b209f93e0cafd3f2847", 0x41, 0x1f}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB='quota,nodiscard,wsyncd,gqnoenforce,permit_directio,fsuuid=15:0bb93-a5f5-d153-4e54-bW39\x001ca,obj_user=/dev/dri/card#\x00,mask=MAY_APPEND,func=CREDS_CHECK,\x00'])
r6 = openat(r5, &(0x7f0000000780)='./file0/file0\x00', 0x0, 0x0)
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
sendmmsg$unix(r7, &(0x7f0000002a00), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r9=>0x0})
close(r6)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r8, 0xc00c642d, &(0x7f0000000100)={r9})
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, 0x930, 0x0, 0x40010, r2, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1663.791118][T15287]  simple_read_from_buffer+0xcc/0x160
[ 1663.798167][T15287]  proc_fail_nth_read+0x187/0x220
[ 1663.805536][T15287]  ? proc_tid_comm_permission+0x1b0/0x1b0
[ 1663.812831][T15287]  ? security_file_permission+0xab/0xd0
[ 1663.820146][T15287]  ? proc_tid_comm_permission+0x1b0/0x1b0
[ 1663.827489][T15287]  vfs_read+0x1b5/0x600
[ 1663.832882][T15287]  ksys_read+0x12d/0x250
[ 1663.838240][T15287]  ? vfs_write+0xae0/0xae0
[ 1663.843909][T15287]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1663.851341][T15287]  do_syscall_64+0x35/0xb0
[ 1663.857246][T15287]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1663.864732][T15287] RIP: 0033:0x7f3352e1a69c
[ 1663.870108][T15287] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1663.895698][T15287] RSP: 002b:00007f33503dd170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1663.906344][T15287] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3352e1a69c
[ 1663.920925][T15287] RDX: 000000000000000f RSI: 00007f33503dd1e0 RDI: 0000000000000006
[ 1663.930118][T15287] RBP: 00007f33503dd1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1663.940741][T15287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1663.949041][T15287] R13: 00007fff2322d79f R14: 00007f33503dd300 R15: 0000000000022000
[ 1663.957382][T15287]  </TASK>
18:12:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x280300)
close(r0)
r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000200)={&(0x7f0000000140)=[0x6, 0x1bf, 0x6, 0x1, 0x28af, 0x87b, 0xfffffb52, 0x5f8], &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x8, 0x8001, 0xf5f5f5f5})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f53, &(0x7f0000000000))

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 2:
r0 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r1 = socket(0x200000000000011, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x3, 0x7fb)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'tunl0\x00', <r3=>0x0})
bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="747e905520af"}, 0x14)
sendmsg$can_j1939(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r3, 0x2, {0x1, 0x1, 0x3}, 0xff}, 0x18, &(0x7f0000000140)={&(0x7f0000000500)="1be7dc9264154006d7fb5f7c0534e4f3c6f74cc93c1fe88f0ee0b44b51ef7e7d6184dc8be21a537739622cfb8845d5e5d38eb22b64d8c8b6af73ca88f999ef1cb7d4831f1e883064027627ef1f62a888bf67aa7abb9183e09e6857e7fdd0c95f47f5204500bf328cc93f918b88c0bff70f2d3d57c694b7d97e52a37f74e247b94c93fd7ad93e03e2bc69ad2ba1249d3fd1ed3f3f55d02b77c29f285d53e10a15e4a0bf2fc00ed626117fdfb15c3e94668eaf3e956d00c67fe1454b4161f1740d1e32384570b5ad622f543a4e7c283eaf85d4c8d98f0a4b96165894e0ff71a765bd54a3b7d51ecadcd4a3487f47aee8f5c1d998366cfc9bdd576cdd6477659855a70aa3f29e9454af22e70b1ef17cbca26b01f7d65a110720709f2f2455ab08d1af78e9da85f897beea2568239dadbd294c7b882e4458ad645dfc569f699f4114ed147fd9c9399d4726454d6e6fd25f70f8fd8fd92276b3228d396ab72f9ad85bba4d5324a11e702d8efdc2bd95e331c9ce22e28baccdaaff6474eb9f42f12e2e40bc90c8bc703601449ea91f635f176221ed08b38805d397f8b41df3e99e2b546b1fca975287bd1e64969ecf9108abd2b66314d2c8bc887eb877b47334aa0149abebdfc34e7c1cba52d4a38b7ac510b66bedf76202314677944eb8f79463f0fedd75816ac7200af5377b5b75f0a30fd333e967215da6b1207e979121bcc96b0a057f0f2472dc50026b3d0058e368e5cb5d7a81f46d7f7bb2510df0c6f57b1788d1c31e6b81a552ad124000b51c9c7fc599436f6eeb4dc8d3656815fc0c5de076be0781e484883280a42efa3ff6f68ef266935e78a23dba95339cc0e72131ae7b58d590f4ef637c8a1dedb670ec138d9f5207178f4389ae7f0e424814ac1360934daaaec5a5ff44e462907074e518d701bcf3e7f4a18427e6740e26a2b9537bce37a50d263cb869d50e20a33c559227ebbb15998628d5685c86bb7d9c9f5a67f2c8d7a81591fb4951be4a033d34f4a21077e843a65705569a0cf653176ec17f5d4a6867d1a1061402e041795a1b32a3c1eb1db5d63af398cd9460d8ae56fab8f373f219273033cdc3a05d48ee605130f9b943157d24395c3248b77e6249587604fe95c0f2a91ae1aa078b5c6cef332b9d5d999cae76cc3b6906a621ff26c4023c1a3dfa448db62a9d77aee85dabf452a150563eede0206589ed829271a58f4b35fd0986fc0df6ecdc7d3ebab263ddd4197d4fabea06f784ed294c120c1bf5e43d173ce19c87db4899a47666e6c2693dac0ed6d9f21d5264a1e1b830da14262cc4163ccdb02d3ecc4d2bc17d967419c474ccc77e309defdaf70f79d8d2d72eede1380f393ba59903f6594978137fd1233515ab6254e23cfbadc6a9ea452f6322e2cc07b1ff168e069a38b516b7778524a14b521cefd6749e0cb7fe3563f847870ee1b6b4075ef711fd63333069b601cd6f5688c4e2e4b8b1863a55d17d99619bdbe5990763fa41f3ae06ec43f8285a0fe1f1f5f8c223f09175f8c082f1d0df320812de0364cf81c173e4611b11a235973526815e57eb3fd7a93408cfa52716ff5721607ab0ca3123d1c7eeda75d98a5aa8b07ffdf37b88a93eea6d05b02d7b65a5dc9cbb2d8f58a4962e2a012ea89aba7e8086abcde950aead02ba737243a2e0fcb490ba5e7a50d309cfdbf826d0a219925774b46fede7d400e9eca99ec822951c495cbb6d931a7af7e4c5e9c4e664cd40e8509e7dc553181139a25e2527e06471e0c370075327215d3e361ecf5e0665dfd5b4fc53843d747ba85f57cf0bf3535c46597959a84049ac2c5b3b8bf5203242237b3cdcddc65398b8e1cfd0c41ef39546fe9d56dd2d0a6fd03d9206713b7212c4283f5f6850dbffa55903b1baa8b7594958c799c938f272b7721a9e2473a11d26c8b53d57674e56d3bd10720c5b290a273fa88f8bb90277067cf730f6570fb99b36dd9fe926636b88465124ce508f583e7071a70d5d33b0c946d9f4e35918c23e794a32f9cbc2aa3c4f2928f2abd7d5bb7acb388414ed255bea181e6795443052f37e9b7ee0dac18b624d9db51bd8169bde71c266dac4513ea39e0c7c9c3c126cf547c1641807a444f6d205bacaa2e57ccaec26580decbc88a088208f648c7347b9b58d5ab8c802166e1032f68aca7b1ba2642991518aa03d26f5cbe9cf672023c589164882375926042e12b9e2016b515db6e175e0bdade131f44ea1e8540941a8528093d8dad019ba83c16a941d3f1a752856ed6eea14b4bb117b37de4903ab66489d0e6744aa70ecd513e5ab8183d4dacf13356964b2890327c673d9ca8093ec218c487d3f3dccd8f990929232f452a29ad7e0ddd56957cb3f797edd31804e373395979fd32c714c38aad415622aa142de1ab3bb3ea70b5860cc5d89e0fd561ad2b7785bbd212e2b8f3f3467ed6690cda448cca1b1a1af66d8272810c4889599d1ed4a1018aebe4354cb87e24119ae2822d71a09ae35ce46247ba07549226c2898d67606bbef77fb12ccc370604103021730de2ec198de0f94e0d40f1d21f0cf1252116552748ce6c5beee7eecb17cdf331d31c27a1c1f0fc914778722eabbf0db7b358df1f64f3f571b2e055a34ccb1b0a6a7b4361907378ae1c7cf73f3f316c8ad9462ea93740c8b1c6e8a3a905c25bff0de58147006ab77cb3318eea5fe10b7acd989011d9458d4ebe5676f117e3043feb952ad0f7a5fdf6acb04a5f71c92010228bcdc7ac35b7cf92136367bd915d0fccd8a118a9f8beb5c1d763388f356803682021112641bca6d278794083dfeaa5e707bd3c49d265b86974420889d6e6d8d6e2f0c3ae7008aa677b76902f90741df4a7ec1e2f5983837259fa48093f95a1ca2ddb3eb84f76e1626774a059d38601cea632c17da901a7a6107a1b334829d9610b8ef4dfa2bac4afbac26b9006192782dd6b790182af2415a2b9059a6c3a198353867bf12f11483df196d9fb4a7163389224a7996d860e780bb79a2ee813f0b5e70b74c871869806c914a8e9658405aff1e0227ba6ad874ecd6ab5e55e63b087316b13a7434be31ad35834003b5f22d8d9637e34f89a675d43970b0bad1b1d6d79423c6cafe2149fee943bf6c45e9ef7112d19135d4d6b3d86b39e2e122b3df6412358277749fd0089ff90763c269b59fe6b59a168be23e46f20727f45e8bf29bb0b89f9d97b6ee18c938732b37454e6a43996305277a0983a938b83a2d9dd87e1eab322f2e420c4d87ca45c271130dd7e184be43e5c4cca00675a11f70efd977a8845b4269d04ee14e6e3181d8ca6937c2599fb3d353d55bc035bb53d14edc88468575d46cf67a239b453f81c99bbba1e46e3507376cb5f8283cd9c74d7d8d3a4411c275a9a42357e1fd7da406b11d392009955c1cf83e908ab33a5ea8aa52c051938e0d7f28c6f3d887273d88046ccbee32d04a3e4935b9d01f3e30de3128ba7e8d8623a7a5d57b2e6e3d616b78588b0dae2bfe54dfe81971dd36d635f27d525ba6459dc1f1453e13fb9607a013913778823b2eef3fd2e8f644f8181a6f423fa10449f3ea77c8a6b6048658375d454548bf32ff7c0182f2bdc155062d396e0a47be5cbf82209c3fba2412ce0b296b6390a94abe1a8a6082810fbd9c42a79510e9f3e8da0e52ec53340fb2a0c9ce60544a6c22819ef0679302d70ba0ef66399844fc419f3e79ca8dc4c32fc394b1995b49287a0e0ca41b1ac81cd839dbe53d9854cff32d734e922c432eda12286968f0675ceb528f24052af89432ff419cc2d5296d04c10967f4ebb644b49cf020d82877e1abb900c182f284322eebde2039a532ad45c15ec1284f266fd4e64711ba4b05f8245e838e2591f4d05cbea176d6c9425a354368d44c7a6300738e1790f19c548260b07536dd1be971517c43a886a7e8b2f76fec21ed086c3648ad0b47fcd8768454d39a5f4b011767be57090e34da690f8a3020c6006c357d2d9aef1cab80dbd8f3319535f907799c063581ea8d7d981320be5deb93ff7b88728005f8477cc6840974bd4d99df5a5c03102bbc69100cea09b9388c0931cb750243e63dd17d32a801681948fc73c57cfd5c606d30b7067c58a85018f1a2e50ede4a4ce9bd1e1d1313d8f13fee99a1e44d4a0101e11075c29e5522de0654992a160acaaad4842fc820d714dec2b521729785eacda91eadedb518af7ae41e37c3b3f8869ac21d1367b27c2e13ba518b00372163d44cff5dc86dce03a6e5078e72746270beb0f6d2d8b6523ca665d62e9e5e1b396951422fe38fdfd83c29b6a311afda80af7374dab9fc35b822dabd28aa6726df33027b66fda7fb786fda796f54c929cf62994288940dde1009df72496c54638c6c6e06262176b522db740d030fa4a648132106ffd34110fe30d3894373a18def4737e8811077f3ec85f350e3e1b43b6d7101b2d03fea86bbba7fc7f2217b2f7d5448193b8e678389b587b698d84a0885cbd1c160503a7233b09a73b1a3aa21f2e2faa71205ed222bdd9223a85384171862552b7c97433d468a71082ba5ca05710343198170675f50de6b867850352c368428f34728fbc1bccb94ad3a10fc8fddc43216ed079425cbc140fd7f65125f8bcbc4b35b491afdf208d1de9bc071b5ff3293d964d699c0b931911b1be23b4e3c1292c923db9c8fa05b2eade8d1fd8dfbba55a5221f7a5bf7e171012dfc90ae389a7e08738a5c2a8a9e00cf4acb126aa0a62bdc9cbed875b35d834372bcfb6bf47e09c38887d2ebeb00f65e7e558ce74fcfbb09b8f7432e31ec383fc08c21acd4ec20ad6cd5e3125337860ab7a238be4aa24b6ac15a700a4cbc27b54420bc6b4c28d424f12fc0fdb983bd00539e0dccf2134969d4810f975dc7af16fc2423b019395fc02b1b7aab6fc5bced80ac64afd48273621686517bca4fbb3d7e2de8b043438075c183d981a74c52310375ac969a673b2f6fa0d14cdaae6d79bb195a49789be34f2900e08665ba5ae2e1cdaf14616cdb3976fa9e3ddbf95d6a08b2cb3c60d4b7c2a184adad9e7be6b38db268251be5313fb6d9f34c0a857a66709bc98427bdd8680dd49ba96fb133fd02641ef4828499dbd0e1585fd06fa58f41be2e8328509dfeb45310141c1833b2e1d1d835d445c038a61866ab2814b6996f2d2f0d97c34495c2b52dfc500baa60ea27b200e0d76786aa13d15b812eb1f65f81cc0820e4e4d3ffcf3880132b2f7021988348d7ba2ffb4567e4e2d82e90c110f74556df1319483d16910ec73151f38a9db113f75022e0d0a30f66306315a0cf34e8d220d53443a1010c0c364916ad5ef95d66058b5cbc04280763372f03ea0a4d7d32626b289c7fa91205fc75211f1c663a4d2b7342f65517220b63f8dd033566e5c877b79858d1b938e5c74d02880fd3b83c3fa4ed383309e4fd8c0a025e03c3df9fa944d97868b29baf179e32b5766d2aa7495ad4c56fa1fa676aafafb36214c4a9c04738f524ebde4b68a14d414fb3742eb5bc2a01d44e13ca46ae334f951d1f1447660ee41443a8070656c19e6b6cbb2ac7ec6966b43d1024dec10dd75d7bd5ea9b5fdfdb11063e5bfa82fdfcc272eb6caf4cc08192d745ecde976ea12d1c0478c7e17eb7821753cfe2cf8c0f169cde94259a1dd2408044c2fa0071117fac4a860018fe8eb6b3b5639eb76ecd4208f232746c40f69e110b59c85eff5bcd1a64a98fdaaf4debc426c1e7f530578818197046abd4fc1d8f4170ccac8b1d443f1653878a336e12d0c392d020e65daf9a15b94aea19aede22350334838a80b6f884", 0x1000}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r4)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r8=>0x0})
ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000200))
close(r6)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r7, 0xc00c642d, &(0x7f0000000100)={r8})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r4})

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x2, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x1, 0x301840)
dup3(r2, r0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
preadv(r2, &(0x7f0000000500)=[{&(0x7f00000001c0)=""/175, 0xaf}, {&(0x7f0000000280)=""/102, 0x66}, {&(0x7f0000000300)=""/159, 0x9f}, {&(0x7f00000003c0)=""/186, 0xba}, {&(0x7f0000000140)=""/20, 0x14}], 0x5, 0x1, 0x5)
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000480)={0x85f, 0xfffffff8, 0x7fffffff})
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$LOOP_CHANGE_FD(r7, 0x4c06, r3)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f54, &(0x7f0000000000))

18:12:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x10, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r0, {0x2}}, './file0\x00'})
r5 = syz_mount_image$jfs(&(0x7f0000000140), &(0x7f00000001c0)='\x00', 0x0, 0x5, &(0x7f0000000680)=[{&(0x7f0000000200)="7ece97cef34ff97589abfe6d73f122a825d6f7fefe01cc7eed678ada56fe77b3ea666d0cdeae4310d90f439e7dd4eaa389ebcf1649675a9ff2a629f961f8af0a64c869a11a78b1416cd6997388c35122d0856e36c49fbc14d7442f3be7f0d5f1cfa09b", 0x63, 0x7f}, {&(0x7f0000000280)="7a3ac386e2e16724b0022c8fb45a71f62a3287608d7d5409994e850ee211a8d4a375c443d0b6f9237449ff38fad93c689f3f83e77c354d0e5af43c2b836272a1a2448d457da75251865482b3dd9155788369f86ffd83fe3a681de0365704e63fb7faea5ba67d012db4798b1ca3268193d3ca9fc7eb6a89995931da1dcd14c871287d814eb3c121c3c8706bf41d48e243c6f2df43eff4245efa51e54fad9a87e01155190aa7574a96fca69c3fc6a6a8450105b9e3e0996e9f2140765732768c12af4e932332fd56ed42", 0xc9}, {&(0x7f0000000380)="91c346080349d692ae64790e37ef9d8443d3b6ef480c60f3c1a0a6ff1be2d0edd4b33e9cede31e4a1acd0acb7bea74368510e3b99867f94b929403d46ff10a288501e8bc83203d82a81759dec77cb431de3efff66e082bc871d766569974ced0f0ee9fe3b74c7b8fd22b87c157e05770f81a89ee34834f718339541543f291a18f8d4a8014463a6af0890f126e44b317467e2e5812943df436f586b21c584cda88d2a56c52e0c54115920841a932a80b297ce98d5d15c055b3627e3d66af10fa65274df1e6c6ef3edaa181e9c695ea4294d1893c9d3d806fab50da032e5b5062978acc55d7cb1bbe4dd6f008d68e", 0xee}, {&(0x7f0000000500)="8f40014189a4b0205a42ae94c07ab4b8c5296d842c5f7d4fdcc11e39b8b9e4794f4dd6372358fd9b48fbb6d34a3635bde0db5342ba1530ab194f43dff65c6473e4e21c4ce74cf73206c4cb34fdc4ce1f0673d7fad6a4dde3b38f88fd6fa571a8523686e903b74b85f076152a8d4964bfd8aa45412318d22c32e8569342106f6825823f2e8e405f0586", 0x89, 0x3}, {&(0x7f00000005c0)="d091de4f027bb22829bc0bdc53132d617c6bea6c1d19c46de03add4acedfbcd6669dd743bc0469c3c42cf04f4d1676224b033a8a14ca021be69a474bac6466c2ab231b49ef8d029fd951b23ff26dcb98391876935d545f7a1b0d6dab8d4187bf9b78e88d8b863207149b085d82e672d2d9f9cf37d8f3942f57212fa2069c75d3122999331ba771c5e9cb6b2c150e", 0x8e, 0x20}], 0x1100800, &(0x7f0000000840)=ANY=[@ANYBLOB='grpquota,integrity,grpquota,discard=0x0000000000000002,integrity,integrity,errors=remount-ro,usrquota,euid=', @ANYRESDEC=0x0, @ANYBLOB=',euid>', @ANYRESDEC=0xee01, @ANYBLOB="2c40f0a4e6a1214c4377a8bb7ee5e5eb6211ee3b2375b9e8e17c92701fcc6ce5e82233b5fd1fbc0ad2defe5286709d0d395abc4a7abda14e4386a4c0881c247253d7eaa33252410dc510964d9fff1302c6fbe0412112191c49c44dc4012f0faea9129dde91951ddeee30cdc29ddbd66612d621e372569262d59b99e9121ca6559e05d0f5317be13f8a728212d2a30900a36fc3a32d"])
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r4, 0xc0189372, &(0x7f0000000a00)=ANY=[@ANYBLOB="010000000100000018000000fd90aede143ea38a54ee23da02ee3853981b0e613f199dc6d7634bac8c93f98a7bf06ba9d0502dfab13c9468ddfbb2590e21d5e330927906f5f56518639460d9e612af73b4599a5599e6590e59970220a161e885bf97d8422da9a8c6c4aeeae8d069322bc525d3", @ANYRES32=r5, @ANYBLOB="03000000000000002e2f66696c653000"])
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r6=>0x0})
r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r7, 0x40806685, &(0x7f0000000980)={0x1, 0x4, 0x1000, 0x36, &(0x7f0000000780)="d948041f163a724b720e27fb18cd4d0540ffb2663652e334a2bd8559308dc20f46f29e1312a5aa345f16fb1630ba9d33ba4fb0b237b8", 0x26, 0x0, &(0x7f00000007c0)="e817ba1181d1b7363ca665ad84266f477132c77c3fcfc7e7295fef5e98f345dd0a65a672dca8"})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b47, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0x20000000000009, 0x4dac81)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:04 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f55, &(0x7f0000000000))

18:12:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b49, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x1b, 0x5, 0x3c8, 0x1d0, 0x278, 0xffffffff, 0x1d0, 0x278, 0x330, 0x330, 0xffffffff, 0x330, 0x330, 0x5, &(0x7f00000001c0), {[{{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@unspec=@cpu={{0x28}, {0xc112}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x8, @broadcast, @loopback, @port=0x4e20, @port=0x4e21}}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0xe}, 0xff000000, 0xff000000, 'veth0_to_bridge\x00', 'geneve0\x00', {0xff}, {0xff}, 0x84, 0x1, 0xb3f08aff5df29fb8}, 0x0, 0xc8, 0x100, 0x0, {}, [@common=@ttl={{0x28}, {0x2, 0x1}}, @common=@addrtype={{0x30}, {0x10, 0x124}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x10, @multicast1, @dev={0xac, 0x14, 0x14, 0x2f}, @gre_key=0x9, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x6, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @icmp_id=0x64, @gre_key=0x6}}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x23}, @loopback, 0xff, 0xc3104381e910104b, 'lo\x00', 'macvlan0\x00', {0xff}, {0xff}, 0x89, 0x2, 0x10}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x1, @ipv6=@loopback, @ipv6=@rand_addr=' \x01\x00', @gre_key=0x8, @icmp_id=0x68}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4c01, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x600582)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x541b, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f56, &(0x7f0000000000))

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5421, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f57, &(0x7f0000000000))

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5450, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5451, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7f5c, &(0x7f0000000000))

18:12:05 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8100, &(0x7f0000000000))

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5452, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:05 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5460, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:05 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8900, &(0x7f0000000000))

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x6364, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8913, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:06 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd800, &(0x7f0000000000))

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8914, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8933, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:06 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd900, &(0x7f0000000000))

18:12:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x89a0, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:06 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x89a1, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:06 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xda00, &(0x7f0000000000))

18:12:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(0xffffffffffffffff, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xae01, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:07 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xedc0, &(0x7f0000000000))

18:12:07 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(0xffffffffffffffff, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xae41, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:07 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(0xffffffffffffffff, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xae60, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:07 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xff00, &(0x7f0000000000))

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400448c9, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:07 executing program 3:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xff0f, &(0x7f0000000000))

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400448dd, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:07 executing program 3:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 3:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x18001, &(0x7f0000000000))

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400454ca, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:07 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40049409, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:08 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xc0000, &(0x7f0000000000))

18:12:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40086602, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x0, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40087602, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x0, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:08 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xe0000, &(0x7f0000000000))

18:12:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x0, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40186366, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:08 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x400000, &(0x7f0000000000))

[ 1668.258221][T15534] FAT-fs (loop1): bogus number of reserved sectors
[ 1668.274847][T15534] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:08 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x401c5820, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:08 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1000000, &(0x7f0000000000))

[ 1668.501143][T15538] FAT-fs (loop1): bogus number of reserved sectors
[ 1668.510092][T15538] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4020940d, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:09 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1800100, &(0x7f0000000000))

[ 1668.652798][T15547] FAT-fs (loop1): bogus number of reserved sectors
[ 1668.660500][T15547] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1668.783763][T15547] FAT-fs (loop1): bogus number of reserved sectors
[ 1668.805185][T15547] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80086301, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:09 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x2000000, &(0x7f0000000000))

18:12:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80086601, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1669.051325][T15560] FAT-fs (loop1): bogus number of reserved sectors
[ 1669.059520][T15560] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80087601, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1669.186214][T15560] FAT-fs (loop1): bogus number of reserved sectors
[ 1669.196197][T15560] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:09 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x3000000, &(0x7f0000000000))

18:12:09 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x801c581f, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1669.378941][T15574] FAT-fs (loop1): bogus number of reserved sectors
[ 1669.386861][T15574] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1669.552673][T15574] FAT-fs (loop1): bogus number of reserved sectors
[ 1669.582463][T15574] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:10 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80489439, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:10 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x4000000, &(0x7f0000000000))

[ 1669.789244][T15584] FAT-fs (loop1): bogus number of reserved sectors
18:12:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x81f8943c, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:10 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1669.817912][T15584] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:10 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8208ae63, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:10 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x5000000, &(0x7f0000000000))

18:12:10 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1670.128041][T15596] FAT-fs (loop1): bogus number of reserved sectors
[ 1670.152394][T15596] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0045006, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1670.276549][T15596] FAT-fs (loop1): bogus number of reserved sectors
[ 1670.311640][T15596] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:10 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0045878, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x6000000, &(0x7f0000000000))

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0045878, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1670.599719][T15606] FAT-fs (loop1): bogus number of reserved sectors
[ 1670.609790][T15606] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c64ce, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x7000000, &(0x7f0000000000))

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETGAMMA(r1, 0xc02064a4, &(0x7f0000000240)={0x1, 0x5, &(0x7f0000000140)=[0x400, 0x5, 0xfffa, 0xca, 0x0], &(0x7f00000001c0)=[0x1000, 0xaa12, 0xcac1, 0x7, 0x8, 0x3, 0x1, 0x7a6], &(0x7f0000000200)=[0x9, 0x1, 0xf082, 0x6, 0x4]})
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x6, &(0x7f0000000280)=@raw=[@call={0x85, 0x0, 0x0, 0x8a}, @map_val={0x18, 0x7, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}, @exit, @ldst={0x0, 0x0, 0x6, 0x3, 0x0, 0x50, 0xfffffffffffffff0}, @func={0x85, 0x0, 0x1, 0x0, 0x7}], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xe1, &(0x7f0000000300)=""/225, 0x40f00, 0x1c, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000400)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x3, 0x9, 0x9}, 0x10}, 0x78)
signalfd(r5, &(0x7f0000000480)={[0x4]}, 0x8)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$DRM_IOCTL_AGP_UNBIND(r2, 0x40106437, &(0x7f0000000040)={0x0, 0x100000000})

18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0189436, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x0, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1670.811333][T15622] FAT-fs (loop1): bogus number of reserved sectors
[ 1670.828071][T15622] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x0, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc020660b, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1670.961881][T15622] FAT-fs (loop1): bogus number of reserved sectors
[ 1670.969077][T15622] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
sendfile(r3, r4, &(0x7f0000000140)=0x9, 0x401)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r6=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00c642d, &(0x7f0000000100)={r6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x0, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8000000, &(0x7f0000000000))

18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0709411, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1671.092181][T15646] FAT-fs (loop1): bogus number of reserved sectors
[ 1671.099845][T15646] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x2, r0})

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x0, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1671.196671][T15646] FAT-fs (loop1): bogus number of reserved sectors
18:12:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
syz_open_dev$dri(&(0x7f0000000040), 0x7, 0x480)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1671.221887][T15646] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x0, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:11 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x3, r0})

18:12:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x9000000, &(0x7f0000000000))

18:12:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
r4 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r4, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='wg1\x00', 0x4)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000100)=0x942, 0x4)
sendmmsg(r4, &(0x7f0000001540)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffe0}}], 0x1, 0x20000000)
sendmsg$inet6(r1, &(0x7f0000001580)={&(0x7f0000000200)={0xa, 0x4e23, 0x6, @local, 0x4}, 0x1c, &(0x7f0000001500)=[{&(0x7f0000000240)="92c5674c4e5da804e7c6aa2906ae019e82342ad5b03d4f00efe6", 0x1a}, {&(0x7f0000000400)="df7231533e407ab74e8a006983a20900a0d40f6369645e0c75f3a93592c23ab4996f2fc25a3cf5113d0971fff923cd7e1300065ae672900bc23fc0010a88cf0ae340d82a5cd6a1c02fa7eae382d5e0999cac99edac239cb4777a5e81237a22cd7205333f2845d6c5f8b95139a5f8a780abe4039c0893d96afdecfef7b3e38e669fc12f142428f50e71da5c8489981df43cb1bf538ada68a31e2be47f0474f237ba60460684bff5b3d0fb01d738908c9ba8184344435ec303b132e432080509ed9e73d62728", 0xc5}, {&(0x7f0000000280)="3281a154948ed5d4531bd27e8405a19b5e481c15f85f631493466ea43148ddf8b6e4618f6a45d2eee38f614c78eaf4f5d9a74680f553c697059acb4bdb31d619db2769079dd48006327977a197e80eaa4a43c83ba7c927e6fbcf2d4c7a95859b9ae4fb02d21721ad4384ba9e0584bd3ee7860905c1858174d082d995f79c93ad661b5bab", 0x84}, {&(0x7f0000000500)="7e5c63ebd8bf1531d50f8bb9004734debdbce635461f54d18cb9ccd7a6fc2a3e9e46aa5647c29e7e583183bceb3c2ded0888173affe8963e1470d81a096dd15266190710423baef4fc64372166e2b6e64a777925f9c0955d6794e0838c5f5d253810e1068597c393d9776adb2afc8ed5daa80bcbf49e761c65a4bcdc2a25104c33b0ca225b720ba41e3f105816aafcee9a76168787773280d59e411fbbfb1f1f30feecabdaa6632788313d06e9210226d8900be07f545a79220eb711f104c82756b7da5ec613f8d33084f90623f866b08d2686e953ea410ad8f4abb940c1be26606b80335fc5a8d8558c96438fbc5471d8a95e16800652d21ae7eb6dd0b0ea8c2f766e040dc0cd4dd0fd660a42da24d9c3f08eb729193acd80600ff43ca350357f91cb499eab7e61477f6301696837ded70d766cb083b8afbb62a383b60f09ab00088e71217278a1005430d925923ddc36a7f1316d18dc6f23a34e1ba33cc34f82f71067d11c5c4ad5e1f362a707812b973e44212fcb6d888b92c8a48123a30e81beaba8d38877e11951a3b48f0db476ebf5dfde4784671a15f89c95e2afc7f12a4b36691261e0d69e0182c1232fee56d99044f330999b17f88432143f79ad9dcef1d45023dd185e2a54f3ea19f60eb6c6ca8d02879ada7c06b1264e9bb1ce3b03a8f8056d598bdd692111c1b2a025d2b9a6da2465a7a2a08f3aed26add58f4354670bab8e6afb47abc22e6b6323778192ca42bae03f97e728f7666ea8175b2b0b3d682f4e1227e417c4294b9c06cb36304fbf18c4333019fc2c7b65d3808ae4225cc814723441f797426ca8443c907e7b83e22469bd0526081cafdbee3a77bc389992caf0824ab27eae5c4f62d81b800c682c578726eee803a1b8995fd1451f7142948be3cd49c6b90e4fb4e0af10ac9798f9ab9069c68c51f26cad2161601b90f206221af578637e4d1a037798951268a4702f29a8bf476b7f850f2081552766bb96ca8af32c758e63605d11cd4f8846dabdc9ef9af97d02e7301d0f2a42416690ede974923ff8bc160a3df8979f68b219307f7d9fda617bab40ccbdd1bf56d0a652b4cac9cf2ad1cc41d747b0fb68d460478affe9e31d5662d41f702c4acd396d2908ced812c76b22fe89660ec7e9519226bc19901d00d8c37d6a0c5b2c2ba2b1831edd6d0c85a6936f0a2227f2638d8072481bc4065bde83b03c592ec8c0f4ea87f0e5360ad5236f27f2b612133aacc651bce32a4fca128ea399f2b20d9a11d7b2ca020587356867a2220296b01d2de8ae450f9c7d04285c9205c3ea5a11b426091a1d090bc7e082cc92405f3e96c28224733bf7659b07cc68bd3f3be81709790b424b86f294295ee12c16a2acec65aadcc695f87bb8085708e280b5dcd047f2829051667b13cea69bc02bc3a12e37466f346edcad54f058abececbf88c9b4e88342e15d767962fe6c64fcab2899e61599824d66e0c8af03e18050f54eca5aa8b06b6717470e71494dee157ee21098c76fb0a3a854187992719a3b3549cb9149989315a46d8622e9842f0a322de5d27cd5e9c57f0d9cc094b91ddfb16b47ca992b01b3160cb21e0def1360d0b05b8b36a4682f7c1d33cd8addcf09123e1f7715f69fce0b0f678f3bd93fa0bde93eead1ef77fe321f8462e4cc75a38d7ad279f5fc2179509414479405d6425368d694974b72d8222f13e3905dbbccb71b7730554c15f586a9e44a641bcb965bbbf48036d09368396ff636e2f841fe5cc21d2ffa36c093debe35c7580ce89190617368419e13fa18f3cc063b53bd218bdf31213d698929e7402ba20a5c238581d2f16d2517adeaa0a5e1f8e70d8ce552d38e547ddf237679dc6f2b0f61f34d9f7e95a417719f0661944af5a1675d1858c049a185b0e443e3a0112e83cf6931da9dfbe5c2c91533ef05e83162b64101c988fe8b2430a0b294aade69016b00cedb1a3fa712232bea97336215f22d6040ab9eeac8b43f724041448956cc1344ddd1fb8fb29ed10f30eb0ce72a0ca5e69bcce98cef6defcce40bb8c517d1efef9d96f00853eb3e18e580ac7397f7d15f050a135dc01c8731a9e3f853820a8314cde0f1c83d8112303f4451bb72edfd0e7ea4f6cdcc3301d398ef6fd85dd804fad7ae79ef06de3f455c10e3e692595ecfd3eba2169a715cbb1c05dfd44fd2ce931c6021a1b345b0a4808f8247f80bc89c5e6d99dc6a79676334dd35cf3fda14242f913e38393143741bf132e5c733f1e1a82a70c58726a7c306817563f091619221b986f89010b91fc0f0379169da70bb29baa451e46804ab73a96968e79dc6b3ed29636f1324a77d07925c59e24a81bbf61da574e7587e8b4332a5a4ac62e042de22bc36b13864e31a9559bd1bc7664e79279c8cd84b31e6b49e722ed1af3caf18c9b2bb08c557b54cf2a77859d0efcfa108ddbaa27eedf22ef132ca80870b312fb6669e946584b6adc617c5dd5fda8d260c0069dd3421e03c4eabe0f74b2d9ecc68e3e09ebbaa0006b873d1bd294ea8875281f2e503ffb995f0252a7b982fa0233bc136ade5e434de4c18c364ad8d9a4a38d751f6005aa62a2a73ccab13d65ff71a6219123a0ccf9da3d36bb1371b1280f1af6e3370f1d753da27f93dd31c82720a9ed8062639a2dbf94e7b9f434e831e00eaa735f99ae306001bda9cc6fef53dfbab1276fc16ef4b198a6150f42aac05c0b8b8edf3481df7e4028868443ecf5b74b2498b59f884ecd87c9b4514bff89b9f6b5dbc621ca7c6bba68840eb3198291723824fa26164d6ba86a39188f13e79a0c83ee03966094af6d11179c4d1bdaabb4885cdc5aad789615447bdade74bdccda02e53d3d8c5f7f1506d91f0a4b75e219bb207ae4351cc4836d6ec9d31c86ab5f4d24e8e888f0bbe7d8ba3ac19ec3e785bd4de231be4394263bc224df735ab3799825334168d18d69f9bcde8c15b7b3c0015d309319aea7be6e5baa9225403ede72e4c130ea5bf0d7c3044b632f3c1fae0b54c72b54ee837c1ba529ba2ef6d1420384a62e156a7bbce9d4e6dd76be33fa19eede69e1a72894813e565625d63d6d7158bde5f4acc81e8c93c6419593d44f9f2ea3068640f29c9c9bc5925e6f9cc3a3a70331cfe05623c6c2da7a7e0b22197fb6d7581dd97fe4c1063b0a75a52cd6907ea534dd40e40226e41583cde67dd10dc6387b76d9ca74fb35bfb80c8da502f30dd4b50ed092f0601aa9df0c66d98045267b7b7f25a51ae6c35f83f1ddffbae74fe3995f8ef3f770885294d4a911d70fd98a544d481b337d75c937cbaf41b32fd53cb1649d66c0ce4442d7e26eb11d62de7d8eac4532f9c7cfba775e8687ba6de49f4e96de9965bdd31e747eebce6ce86eaf713145d33de395a925eba4542edc5b84b2b4b3f0d613d52823cc52b2f4bcd1e2e97c0a2c07e324adc0822a4bb91989f488cc945e556f427bbc45a77c5f0ea5098adfdee9fed9a0158779a4bedb22c62db08bb3e3623079cd9dc98f097a44160aad5f8f854dddbb07c2ac5e09dc9cdf5085988deb3d9e8d661a6e456fddfe003014399ee98a273636b04419f2096fdcfaba4af529e30b8f799cadc3c8d9aba89d6d03dc586cb4c1569968b65d9f6c0b4845f7eae01d9ef5766906934027dfd165f9e6cb276e209917667c6eb595b5036feaf8ecb52c4b19c2e5027753da100c3fda39fab2bb3c9912b785bf48b402901bf9de2b6a49d2e6d9f5fd409032eae8d8c45b6b61f6c487b63afb2a3b0b91c1573861fd2dbbe82e6737e9d32a117cbe9d330658da3ca838a49b7e7fcc4b29f0134bbaf97415c4c1a0c38845ea4d064a1d0e276442bcb109e4910c7475ff33cfd5e3e6d0a6acf3150334b38942ba3fe9f182af0f200f075a33fc84aad11d0efa442017db3c6f12c4987e70e05823bb7b39323cb1127c7be4d39be09bb2e136bbe634b101ad762ded87cc542869812802e3710b3d81c68ec121d80c3a877c70aeea6d5d69f01f2f8f3bd4a49adfdd564353662f77cfa113ca0ffc1e2379e0a68516334acadd5e42461cd55cfa4fb35bed8ee6c4b361a0620ac1df62b77a46d7f4c14ebaccfb22d5e6782f1e6f4f8dda7e1b8b2f8336510d226acbc3fcfb8772ce7238435f62d28f272c8ad41cf14ad52c2594708d30ab21a15622d73b9659e6a97001d07d19a870eb10970a2f8d2f29a78ecf90fdf33be57f490f4a0ff058319598b3dcb0da009fcf7e638ccae16e6de3411729ba0e9a429c4afed907b82f15b4acb6369fd543d42f7df05f479f9deee1d3b02a33e32f93c0952a98bc9961bdaff3f5c68b1671bef7a119336ceab1863046c6039af087163364f17103038c5755b36f34feafb2304c5eeb6715a4db828b5c39ecd2a7ddda3741e822be677caca6c8fbe40aa55e3e89e46e318e0177e0e6995fc22444f48478f660ef4ef3af8056a7c9dbeea66d2feba76f933b9115ff6551c52b1339afe42c8fe0e57bfeab8922b403660f90c546839b716f1424db68d8b859037acd836b968d98e989b2b65e45071e8135a98bb4f486689a2b05a6562683a9fc932856419392a64642e38fcf35a15ceafb37c622bf65464fea42eb310a69e42f3eb79e9845fa798db7c6732fc51bb3145775f6b8b9c424c1f32924ddb2f7a30f10cc8d8c78cafc602b92c98e023d9eb99e59a7f144842d608309afbbdabe1b6a1937c77b9388ad9db96c2e815c242d96ba47f39c1968288ab3cd337648d8527e64fda71c6448e3863822b3c5c6ab64152941caa262b5c2d87ad212e7e5e8f5acf67721431215c509f46f4833c71b5a517f9a72e20c455a9958c02ba263d7b3076da5252e51b3b39a2aa811c4d9d2af2f1b32693f2ff1247bb54954eeec88e37b35b0a49f567fa994d8f4cb507f1bf323d0c90fd9887bea83394d1ea3dd2bdbc1e2d61b9686c3f9201461ed9b17753e76f7b5fe3cc9b2b10585c0ce0ddac0c0e0114c44e88d8b39333b61b5b9a332bd43821146c5b4c0de968f02ab9f55699c30450297981edcab60685d1fce5db4d81018b94d68ad1fd51bfd5abc610cc1ce8cacda3f173a53ce3d50db3b45448e8adc4429c786f9f705687f17da01c2734de7a5449a9fe718412032e2e2e812ff0ef253b8d1d69a54982b25c61195a986c5a7f858e58b478d5e8f71ec9fc2dbebaf70b3682618e43b4931f4a5e5787a9d2ef541f6a0a6470db66d9cd5277165d31ca1a72fe5718d3d1ac94f062a9d2113cf81d6f90c90811823d2d321e60ba7d87cee2093ef3e73b4b127a650e5a1f9deee2778c55d88cfe95b2986d8cd654b96f7ca784005f74de66724b13a6152ecdc9051a0a79a2abcaaa82d043159e0c1de36d070e692c883feea5d5816da9e620c463801158cdd435daa68494550f0a663eac1e9d0b79c2e7776c6760ea33651f7b16b487efad10b4356280f7d19f20269acc9c462fcfe7c7093a8704c0c45bf38bdc983d2c20d816384cd3ef2479f2d7587a55d9c0d44641bea445957b0a5efc60e1fced1454aa186c4b3cdef4413c3383063f1904a3a1f64ede18911a86a80f745c8b88ae3c9a191c8f2ae132741aca823d94d4592ca1e6f887a2ac05b6049c84171af5e3c49ba60c352fbf2cbf1388528e8d391ab7f5643e09eb4f619dbe49d85736541d7014448cea596ee84bccd44205db1eba769de2a72a3f9a27b213d0eae557f9d7e57baf18091ccc30f4b259c0bbb8409d6ca2be1265d6659103679a5597c912575e9483d93c342236759aa653016f110ef05493de0e3a567e92e1c7235dda7f5673e5017a78b3853a9caa", 0x431}], 0x4, &(0x7f0000001780)=ANY=[@ANYBLOB="141f000000000000290000001c6da792040000000000340023378d4e000000000000ca7f5341c210f7c429169260e6ab7d616c90c39e25a76a2b21e8a4050d591c4ed3e30a7748ddd924ebcc466fce90bc389e27011ddc0b0570a481a7824e9c4ea8fc91dd7d589d25f9fcb5d0db86e5f48ba953a7124c6ae529be9190d9875780e2d2141b92ce2fca4d3628b44c8e5b7941e38eb9b6abb3c9d8ab34b7c66ff49ec3963546281fe6784880f891123e0f459a04575551efb94d5cacf97f760205ee51dd2a480aa67d24fc4098f5c54c81eef81529397c5f241449f78061c132e95c3ed4525b09ea23f287c42ca825b89503b2f23f52186029ac90a1625a6d5476ca48d93315574493a5207526f4c9fdd651b2c4995bc9"], 0x30}, 0x80)
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000140)=[0x0, 0xbfec], 0x2, 0x80000})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000040)={0x0, 0xe, r0})

18:12:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x0, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1671.427704][T15665] FAT-fs (loop1): bogus number of reserved sectors
[ 1671.461081][T15665] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x4, r0})

18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0x0, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
r4 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r4, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0xe, r5})

[ 1671.621944][T15665] FAT-fs (loop1): bogus number of reserved sectors
[ 1671.631625][T15665] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x5, r0})

18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0x0, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x4, 0x143100)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:12 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xa000000, &(0x7f0000000000))

18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x6, r0})

[ 1671.848036][T15688] FAT-fs (loop1): bogus number of reserved sectors
18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0x0, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1671.861835][T15688] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1671.997159][T15688] FAT-fs (loop1): bogus number of reserved sectors
18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_MODE_ADDFB(r0, 0xc01c64ae, &(0x7f0000000040)={0x7, 0x9, 0x9, 0x1, 0x4, 0x1, 0x4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1672.047734][T15688] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x7, r0})

18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:12 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xb000000, &(0x7f0000000000))

18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x8, r0})

18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cgroups\x00', 0x0, 0x0)
sendmsg$L2TP_CMD_NOOP(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x800, 0x70bd27, 0x25dfdbff, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_FD={0x8, 0x17, @udp6=r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040084)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1672.218829][T15708] FAT-fs (loop1): bogus number of reserved sectors
[ 1672.234099][T15708] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x9, r0})

18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1672.309310][T15708] FAT-fs (loop1): bogus number of reserved sectors
18:12:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000500)="76d3b040d862607b817328b20b29acd1b345bc2a3190c80f8166b0e2d025a6e865532a015fea4c86bfedc4f0da5938dcd1eed7898dbd098bc23085b84f3b7b520c29121affafc6a523a0141698ccab0aeff92e49b6080b0aa454808fb717f14afcdcf80d500ffb6127fccbd3102e691a69af33831e53281a3685799e5fd62aabcebc723689699add382672c2875e806ad5ee623a5e40bc39b7571c9b025aefa0480f684ae31ee0171a7780b1db917378679aa7d86b0f5808dc46248a3b93a524be3bfa4360f6da94fe4450b97f0f49caef2bf2afb09251e541f04e2ef31a5eb49073a6219b60d6e4f350ac2bba437583485f2673581d8723da5b776f06ac287b25252878a87ecdeaf297cbcf055fbf43aaf3cbba037e435d825b19041254492fb0543ae35fecdc094121ec4add505ab624dfa31c78bda4901081d7194c31c69a75da8ee2b4540a16340d92c1f235be6f44b3acbb3d164af62932e93548fbe75c1cbe4c95c19156600fa22587981b112577977e3ad7fc44049da487d12fc23cf38d17ca3d7ac520da3915f847a12f690b618c7a14ee1838d1b4ed67933490c53b67371970558373cbe2043ee8f30f319ff90b17c2f2cb41fd11786cc1b9156e05fc0dd2f915326a4e867d368e370bddc98e7b0dc417ad80c7100240db7c9487b929cace2a892cc0ad821c801ae4fbc8423855519291af7cffee75040f535868f17d03889a2b355b0ff8c79ee49dd3039687a9a888476fa4b02e3008fdb55ac1f397ad868435cf211f043d18048da89cbee976553a66804a3a8a83e9c2d039aec4edfaa9c3913e7b115cb9ed55c76673d19727bb0257124315b1b7124fb8dd123442f5f4841d9d92cb6952e5f45ff4cc9aa1d9e87d2589a0d8c6c085f6ac3f037779a199dd25238304f16294622a679f0ee264a058fb8451e30abfce48821c82763473a67ac4b4bd5b71c804ff60e09ab4359580d079618e17206293f5ffe4592e7cf11867d1ee2c69fadc4b7cef2330d7b42f90f14c3d4da1d3001b956461b7ac8600b2962db18ab8ed83c5c739fcff5ca78c042d6b456577059fb78374d49c1151a1a035b171c697776f26e0a1c6d0cf8c24dbf3aa833d38561c52d97842f7c2d181ed087e2103a2f47eea870cff24b01f8a5d371687b4630f536b0b1feb5c2c329098f09b3c643d8a37aea40546bcf723146d02e01961556dd429f301efe198f6bfa0648025fc36ad7d8618af7820bc270daff80361fb15278356f849a8237defdcbc476a0292e2f9b20a634706f628561cbe119bcab49385c97be193f00215e9704755ac069b85f19d80c07d408bc62ae12ee4910eabe78e5bfe4cfb473cb772812b4161cfc19dba46e92c10110ad1c6fa2cf06416f2ca0d82ad7a3f2c17bdee7f6d0bb66d1786b7cc47bcc5ce6c18380014a0af66833fa65416f958fe386693c1fc5ab1de11477c4387ab92a674951c68649200f36ed70fe330e0f50fcccddc5e1df02614d2c3b58dab89e5550c853ede4605b6ffe814a5355a661c94b84d7aeeb4e663d734377f906d5007e82d95828423299f173b52b38e4602fc6e3839faabae99373c28591d0bb8c6c6058668429f48e8d325d52a66b57a3c72706cb86aae92e5c72581ff524087e3a0e5670df4441722c8b43d1d66e375db9cf5cae423ffdf4f4f16db114c721e424707c2993da4739f67f01c4c3d04ed399d8f74cebc1f664c8124da153974505d40c8e2de905bff51cb02a7875d3f3d956c148983725fd85214e71be42ca2e5d7e2df3bfa228fd7698f075122458515c9d94745a18cdf7ad8556dc1f508aa5476d9f2b36dfb149176bb3ff531aa1038878fecd5f08634d036812d5c69b45a5f200426e680fc6c4f692d73b6a6c3d1230fea9c029285f07573b741b8d5976afd93631bf060d97f1b1f2bc94f3ad63713e224a3f97f3622b9d49a66aeb3c1da6ee7c8cd3dc45dd59f581c75757f766fe43108bdc757ea2fa8c609d7c8caa9513d873b97208b42c7e5a96c7c889153be4ca7cffd129a9d8c35b25f2cf2c75415887b2258ecedf89101c069b16b48e575662032289fb959de09f4c46426c9cac41d9cb1be4b9cdc6c176aad7d390298906c99066445d1ba4da369545de5a13a68a2849c623ddf9f3170731cc87ba0aea88378c8e4f5246b69e4846f2b8d42c0c646920a650e6f83bbc40be70054505006f650be16a925ef2656f3457dddaf78933c499899bd9beab324344d74f869eb62d59f4c1be4d5006a7806d745f96d730b8ee8de57b53b929a9125d93a805e2aae6455929b818421d6daccfd3c11cb7d5de2a689983915e79ab5b9c7093ebd96f2ba64f6949a19237bc6c56def392b0c21f8ca871443063631345ec6f2eb6eff03b7591bf4e49b79f7ad4981a1b30721c00e538ffd92941ec1b5d5c99b7fa5569b1785e95b92e799a62a39fd920a88539e3b2c25b891e258a1c6dc199a8e8d7f4500900c1d76b64b6f51de8f2f7d8c421f730d7f6e713916d1706b1e917b4b85af443f7a664660df7f81c089f7dac813ccebca808a7e32c9de084c748c78ca46ad00e4227f33ca8ee907462fc2158ec4a0643718a0f43a81ef7821f5ed053aefb529a95e221d30fac305381c6859240bd03ab77e88160765d8d3080e28683ff388d4672f23f9411b0d73e6929b2f88087f253e4745097c99b24c960bf36ebbdbb6e471935e89bf49b7d136e72472f318f612be8bdd15978673e5f3382495fdfc2f31e36689a6c8f6aca4eb9f7ec883d9fc971a740c54be1a9416d913d0db893f35a233f7887cc9b7d896503b784e417fc582e0522620efbc38ff47ae721181f738cf44eaed107c110068d0b4e26538debccc3c272da8b87d3118bd5a17c0d04a8ec7430a92090fc54b83cf981059d0600d2a679767543ff1e140ea71f540c03d7aec1ef31f43d710d2d3cdb09a56428e634ab1a26e1b1036a553b5c369c4ae1e313a6b9b5d72ae872558cc7fda8e3fa3923ac50b9b01bd616b362101970907cd8f49029c73ac81704a5c43339b6a2806391adfcc3d927cfcdf185be7e6eb808fffcfe354f16bf9a3efa59213e8a3e74f18007d0b50f974736eec1eabdf8d5e55ee955fda6fb31602fe79bc39329209088a180f3b1bc4396388d17e261fddf2323d5229b6f5917595f4611416249b59e621dc2bcc309d64646c915d597a35e4333a297975ed40436b83fe6d36e89e1ea2f00256592df447ad465f2ec29f50653c9516e8300bc822af2b7a995e0d1fe29059e156409c2728d07b214d6b18b5af6b789214c2294eeee61b1b3d7c7c7d945e79a612d785029c79d7aeed683f28d5888ff357cf1824677f8784e3e441f507ce923eb9da0d978980f791765efa2614efe8d1b42c52fbe13ce22cc019db5f1cd4b95ac98d1aa6755f7996d1d0ab65b1d5061e3d5e000821660425481dfd75b021f436e884492cede81c109b7f1823929c78c15ea02981f43778a709860404992f8fa613e7f17619efd60687e5a1718591ddf14733345ddf46d76f631a55a8e572577c996fc0722a28e18a6c0885df770fcb936f8a56f0e71c35a27981cb6d4eda46f8b5578b85c6b751763691cce59a4dd3d469e0fff6eaf35231fead8a232961d4b08bf484cae3b6c6048d6a39965e17338dd9debd65de0066cb5cc5b9593575ee58e53ae3190b27e563c9b08dfd75cc2ebe9100e701139de1a762cfcd77069254cb1b8478d1a2989845defba411409595d5484ce31c5dd504c72987b7ca86211a4f691c8191edc27dcd9db5599b9d96c1d74de9d1f2b7473347466c26edf41520b8c0ab7a103ec6b9b9e9b2e2ab93e15b5fd246f7f7b31241e88f760e58c725d73ecdf9a1e6e3606e99a8a08f0cd128789242879372e7634b1a392350ca78bfacbcbe85c6b15abe5e32564a05d638e5423bd18bdab91619ce749e55ab6c2e8f0f499fc084ca635609534e580f2ac33c70a5d3250ba187c5300db06824d5ed2465e30f85a4385a73c5d1581e8a7d5567b4fe678085fa5fd817db1ab206927d80f35f5a097c22c94a92c425d7fb9e8d6f9f68cdd37b27858e255399b14eab9f66cf8517bef42eaf59fc1069021f32b49ca83dfb264d9a80cd1231a3ec1a86a29a77eb16e5730bedd8f65233413d6736feb42e12936a6f7709ddbb491a33edfa173dd4aed3eb6d6b8ef620af8594fc7583097787d9cfe190c64b9d9e2aa7e979261f1539dfdd8078aba3b846899c2247aff68b6a1ff58323c68c2fb38400ace08a8242205d2d09d261f91deae48902a07edde91abf8de7175ee4a75054bfb6f72c1b2ac01ab7c8a132296af3b7783e09a7516de9c8417802dbfd12d9525ca95953e2848dc49b25905dcbb8f352daa967ca16ad1644e2837e31e228ebaec770efade34d6d27f3af23416384e39f917da2491362e9b0f9643effed0b46f1454979d46854c0585842ded6055be56697e9f9733a396517b5df22028bfbbef4264994884c333180f1305047d2a09cdc83799ed62750c9d44a510b54a45317ed9b72dc25579a69f5ad75965d6ca76cd717a9ba29d6ced496d4ff0a4c3559ef7dfd9a8eca4f24fbffaa7179280b2998433ce87f0efc68611dfc3a567c73cd3ffe54234462ff60a7ecb1e246a09329e40c209e43a162d02cf14fe45105a8408911d27e17c0379e9594d0ccaed118ce5932005398538ced70b7126adae31bb9e0020f4063e0e51e678bae24d97075a6b3695e2ed1d1e5250b20378388dc7805dc431c52691486d532dcf53c42dd643972f184ff5631e8b5d848e10ac9f2b501da8f0cc00db193b2226e7a5cba47523b63561b0886ea793c79ccfae0070ee4b5c4093c840e5f564abe09500f52e7d3e41949717bb04886b4b4b67b50096822ec52a26f01f99135825a46f6149c9e19c92a138b29e17b8d246ee41c3204bbb10659ba83b7108aaeed8dc9c58459065d9f5c0fafb13637074a4b49992b3f8c5aae16b2cade82f7fa134dd528e9134dcfa60f7c658b22f99011f4125b29ec235bdd4318fa1bb6817511a3185ebb73472557c51d0d48012037be7764756092f96eb6f9011c7979b768c5cd4d388a167e9b61427d2557ef5a6c503e5d0ed2ea659f282ab3153eb854140582392a09e481f962ea6545bcd147fda094bfc30c9b2785b48d32a77c2c725ca9cf9010833df25ca9b852cd15685e1f7c7b64e67c37b75a2c8ec0ff745b686e070015f18a3ed3c7d7089fb3a34e250d6c8ea18dcf41350fbf92e0ba61289496f3dba8669f926ced068ce41f114a0cf41f3253aa35148aa960ba705d05fd4ad04d7dc626fa090917966cf0a47d2a4ac3140442a9e786e5011b938258443a836b39cb3c7aea72112cf68b992c68b4aa48c4e79826343eb7a0e693abef42b07994fa07a188f28758cbc8b45bc2b5448c4f4aa778176808a9a115d4c3b89c13504533be21d6ef899e2206f935ea9c887620cae2c9888f07894cda6097a06ab9eebb133cf03f54737e8f84344b5259e01b2441f6d21e7b0e8cc18374bce35d7c09e59235648b71deb3f5dfe78e853fcfb85fcc61e2fbeb6658ab3cacc89331f54d7d87082a89c0edac5d0d95eceed146418e7a2838987967b6d8a31b24f11db8d5fa3f4883ded0ada56e82b016e0109211496f3cbdb32f91476dc79699a52dc3ddbf178dacaf647d66c50db6d578e3f07786491a77a72e09edbfdb9fa975b2dc8194821e5552fccf5ac91b6404fe088dc03720f0478d835395fe7f99fb9a25faea2ca20adeadc3d25780cbfa1fd4d1be3e9e02df24d48cae", 0x1000}, {&(0x7f0000000040)="833713d240f279dd136cfc716f6548fd248475efd41b9b907c584c157be34d39b9c3146d93", 0x25}, {&(0x7f00000001c0)="9f0bb39bdcd6305c57c623c2644a00af2698192b78cf5bd39d2f6608da552cc859558d91c334e487a18105e57db4c75df7abc51e6a4c69eee00308fff7387d2d1a9a6c116a01baeeb9d11f828c619dbbe417fc74258dd488c1ab2ba7255a4610b452417dfb6119c20960e1c364", 0x6d}], 0x3)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1672.332521][T15708] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:12 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xc000000, &(0x7f0000000000))

18:12:12 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xa, r0})

18:12:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r6 = getpid()
r7 = geteuid()
sendmsg$netlink(r5, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@cred={{0x1c, 0x1, 0x2, {r6, r7}}}], 0x20}, 0x0)
syz_mount_image$zonefs(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x1, 0x6, &(0x7f0000000400)=[{&(0x7f00000001c0)="41f022edf1261a64ae0d8be35a3a7c7429e71cd79354cdb649d34c5e7e875e0b02e501d1c5c77a534dc4d7eaed2323ab249331df195bfc1f66269d23b413c956e61fef409c8b63b90de532ef0a", 0x4d, 0x3}, {&(0x7f0000000240)="b83b3b5725d11b8e8c1bc9061fdd96c5cecb1627b43e1c04077e20bc5483567181dc807cc8af72405467cdf642bf27a8dad8d2e52cc917dc477005c640f1527cbdc3074608d33cf8440850ae8aa0844497102f5fe5aa952aa0d44071be963a6449b94b5a1e1935c3e7867ece9a4ebc8d536324caa09175180260f6a2", 0x7c, 0x9}, {&(0x7f00000002c0)="5a3cd9714775daab246b6ff2b41209d313040cc24a9c3de3d2cd500abde58d7fecbd5ecc4a49abf48b7d6e2ded11408a3a9862c4e2bb1bfbfa38a748ce2a9deead95a45b096b62640534179479e42941bc878f14dad9a6bff7846a9cd974e0ec6c700599d22936a6027cd138a061ca72dd2ff838e692f1d17c8677675c07332409e6d1c2f107", 0x86, 0x5}, {&(0x7f0000000380)="896e10b33b1549a1d8a693703428cb56a16e74", 0x13, 0x1}, {&(0x7f00000003c0)="d473b823dd208de6e17e855570a96144ae5a799555252773d46d0b26b3447e524fb3891349", 0x25, 0x400}, {&(0x7f0000000500)="fb242c253b38d9e36a1a474232259d0f07b3413de32dfb83626e3ec049f234d15363decbe4153209c60c2638373314ff85a26ca93e054acb1333e0aa1da02371f69b72c550e43e4e88b0393a1cde62ef12f59371649084ee45860e85d13b1294a84057b9a9e8bb96dcf244923a909a420fd6b5680ca3a902bde46f0d2f2205f9c4507a60795aa56902a5d56c63acea5beb8df9007580ccb59c7d41cd30d5bb0f622942377c7304929d162305e9b1e7f200923e126da96558832297d21672b41d2c830d358c3567bb6757245a878874c72836b1965635fa911d1c", 0xda, 0x1200000000000}], 0x10004, &(0x7f00000006c0)={[], [{@smackfsroot={'smackfsroot', 0x3d, '-'}}, {@uid_eq={'uid', 0x3d, r7}}, {@fsname={'fsname', 0x3d, '/dev/dri/card#\x00'}}, {@euid_eq={'euid', 0x3d, r7}}, {@subj_role={'subj_role', 0x3d, ']\\}'}}, {@fsmagic={'fsmagic', 0x3d, 0xffffffff00000001}}, {@euid_lt={'euid<', 0xee00}}, {@fsmagic}]})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1672.507629][T15732] FAT-fs (loop1): bogus number of reserved sectors
[ 1672.541683][T15732] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xb, r0})

18:12:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0x200000d4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r2, 0x29, 0x7c, &(0x7f0000000200)=""/39, &(0x7f00000003c0)=0x27)
r3 = openat(r2, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
lsetxattr(&(0x7f0000000040)='.\x00', &(0x7f0000000140)=@known='com.apple.system.Security\x00', &(0x7f00000001c0)='/dev/dri/card#\x00', 0xf, 0x2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd000000, &(0x7f0000000000))

18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, 0x0)
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xc, r0})

[ 1672.701201][T15749] FAT-fs (loop1): bogus number of reserved sectors
[ 1672.709258][T15749] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r1})

18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, 0x0)
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xf000000, &(0x7f0000000000))

18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, 0x0)
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1672.863724][T15766] FAT-fs (loop1): bogus number of reserved sectors
[ 1672.873758][T15766] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffffff, &(0x7f0000000140)='/proc/self/exe\x00', 0x0, 0x100)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r5, 0xc01064b3, &(0x7f00000001c0)={r4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r6 = memfd_secret(0x80000)
ioctl$DRM_IOCTL_INFO_BUFS(r6, 0xc0106418, &(0x7f0000000040)={0xffffffff, 0x6, 0x9, 0x3, 0x4, 0x3})
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000200)=r7)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xd, r0})

18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1673.049948][T15766] FAT-fs (loop1): bogus number of reserved sectors
[ 1673.066311][T15766] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xf, r0})

18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x1000)
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000300)={&(0x7f0000000140)=[0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x3, 0x4, 0x0, 0x80})
r7 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r7, @ANYRES32=0xee01, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c6530001a930634a1e0304b22ff9f4887e008638d32a8befc71e85acaaf559ff1aa8bcddd85468c377d2b2ffffd9a4052daed9f7669d14c9fb69bea721e98829e82f8a643b9486622bb328706cf13c5113d00b18f33eb8e87e747dc315e30"])
r8 = syz_io_uring_setup(0x184, &(0x7f00000002c0), &(0x7f0000148000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000340)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
r11 = socket$can_bcm(0x1d, 0x2, 0x2)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x2, 0x0, r11, 0x0, 0x0, 0x0, 0x40000042}, 0x0)
io_uring_enter(r8, 0x45f5, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x10000000, &(0x7f0000000000))

18:12:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x10, r0})

18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1673.235262][   T38] audit: type=1400 audit(1638036733.764:1644): avc:  denied  { read } for  pid=15781 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1673.357830][T15793] FAT-fs (loop1): bogus number of reserved sectors
[ 1673.366737][T15793] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(0xffffffffffffffff, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:13 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x22, r0})

18:12:14 executing program 2:
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f00000001c0)={0x0, 0xe, 0x4, 0x1, 0xfff, {r0, r1/1000+10000}, {0x1, 0x8, 0x4, 0x80, 0x5e, 0x9a, "eb747186"}, 0x80000000, 0x1, @offset=0x2faa6f1d, 0x2, 0x0, r2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r3)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000140), 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(r5)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r3})

18:12:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x11000000, &(0x7f0000000000))

18:12:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(0xffffffffffffffff, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1673.617547][T15808] FAT-fs (loop1): bogus number of reserved sectors
18:12:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(0xffffffffffffffff, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1673.638298][T15808] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:14 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x5d, r0})

18:12:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$sock_inet_SIOCGIFDSTADDR(r5, 0x8917, &(0x7f00000001c0)={'dummy0\x00', {0x2, 0x0, @empty}})
syz_open_dev$dri(&(0x7f0000000040), 0x3, 0x2002)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_RMFB(r6, 0xc00464af, &(0x7f0000000140)=0x1)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1f000000, &(0x7f0000000000))

18:12:14 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x80000000, 0x7f, 0x2})

18:12:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r0, 0xc02064cc, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x3})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000040)={r4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1673.915097][T15827] FAT-fs (loop1): bogus number of reserved sectors
[ 1673.926077][T15827] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
open(&(0x7f0000000040)='./file0\x00', 0x22000, 0x100)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x20000000, &(0x7f0000000000))

18:12:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1674.115201][T15838] FAT-fs (loop1): bogus number of reserved sectors
[ 1674.131639][T15838] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
write$P9_RREADDIR(r2, &(0x7f00000001c0)={0x49, 0x29, 0x2, {0xf, [{{0x20, 0x3, 0x6}, 0x5, 0x4, 0x7, './file0'}, {{0x0, 0x1, 0x7}, 0x1ff, 0x1, 0x7, './file0'}]}}, 0x49)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {0x0, 0x0, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:14 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x0, &(0x7f0000000040)=""/18, 0x12}, 0x0)
syz_io_uring_setup(0x3ede, &(0x7f0000003740)={0x0, 0xe39c}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x0, &(0x7f0000000040)=""/18, 0x12}, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r7, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000001, 0x30, 0xffffffffffffffff, 0x8000000)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, 0x0, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4080, 0x1, {0x0, r9}}, 0x1)
syz_io_uring_submit(0x0, r5, &(0x7f0000003700)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, r6, 0x0, &(0x7f00000036c0)={&(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000003600)=[{&(0x7f0000000240)=""/210, 0xd2}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000340)=""/118, 0x76}, {&(0x7f0000000040)=""/48, 0x30}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/181, 0xb5}, {&(0x7f0000003500)=""/240, 0xf0}, {&(0x7f0000000140)}], 0x9, &(0x7f0000000480)}, 0x0, 0x20, 0x1, {0x3, r9}}, 0x9)

[ 1674.243077][T15838] FAT-fs (loop1): bogus number of reserved sectors
[ 1674.250005][T15838] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x20100000, &(0x7f0000000000))

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {0x0, 0x0, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x404, 0x10001)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x8, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x8, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x40008042, 0x1002, 0x6})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {0x0, 0x0, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/exe\x00', 0x0, 0x8)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r5=>r2, @ANYBLOB="00000000000000002f66696c653000458b50a72a5847fcefb4a9a240e5ff4009c7700122d9d42683693ae6d99af0d1783ef067e87e461d0be56813d86aa32a"])
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE(r2, 0xc01064c2, &(0x7f0000000140)={<r6=>0x0, 0x1, r2})
r7 = fcntl$dupfd(r3, 0x406, r1)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD(r5, 0xc01064c1, &(0x7f00000001c0)={r6, 0x1, r7})

18:12:15 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x3f000000, &(0x7f0000000000))

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, 0x0, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1674.783282][T15869] FAT-fs (loop1): bogus number of reserved sectors
[ 1674.806229][T15869] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
r5 = syz_open_dev$vcsn(&(0x7f0000000040), 0x5, 0x100)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f00000008c0)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000140)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
pwritev2(r0, &(0x7f0000000440)=[{&(0x7f00000001c0)="6a94b00291bce98ed5fac8d404ad79fcb6e46d6291cd818afe1f8e66b65d648977bc788a98b8dd509020d0efb6d0f282b7cef13b5312438d4913470b0183dceeef864f", 0x43}, {&(0x7f0000000240)="5491107a9852424d18f98ad317ab06c0976ffc9015d8768cce0408aa7420f0988b6245db53e6d93e6ddf2a979d8e0ecade66fe03d449137d3f31ec1feb8e6e6eb37b45acbb99e06075469c9d74e567cdb7cba20aef4e9b635ae2d1ffde983fce53d6f713949e9dc69cdff5aa45687eda7ea2881451689711e7f6ac2c9c1f6da26b05a2b4464625890a4e98d18c6a8905febec897d04ff236800afa3f4fe2fe1b5741b424905bbdc46bafaab7e2ba3231e151a420e1d189d2c9f7c362b6dfb98a87236fea1289f597a8cff22130a533de256a856c4cab0b7b38c2a19fbae3", 0xde}, {&(0x7f0000000040)="be240ca4f40ec007ad9d61dd0a50b608e7aa3049653267a6389560199b81d630e9142b9fd7bc5df01bfa41011a", 0x2d}, {&(0x7f0000000140)="7b77ed9b875889edf674f7dd8f", 0xd}, {&(0x7f0000000340)="7c1bf774707734d9898607b072c22807bb650e58a812bee2b8e92a09f85bc158ae15197ecff790b87692de06723c9014560e815435db19f621fb2e5cbe572ee1e8b7f12dd5da8e2e890fcae9743eaf40e8ba294de77969080f193ad7061908b1b941fdf3ef95adfd5e26de7977e88419584981721ce014be63543a39090d83bc749020a7c8f80f10bb7be17f2619adf66044878fc17ae35c45570d6719a39f52ba220266a207801855486b8d0f26b5793ccd122af88936a07040f4440a795a618fa56c46e79cdcf376b20888392a53a9122737e50f983811ba7f2d308177eebbb6b9fc3b5a3bbce289d855c9fa72541b", 0xf0}], 0x5, 0x5, 0x2, 0x4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, 0x0, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:15 executing program 0:
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040), &(0x7f0000000140)=0x4)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1674.984288][T15869] FAT-fs (loop1): bogus number of reserved sectors
18:12:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x80000, 0x24)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, r4, 0x701}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)={0xac, r4, 0x300, 0x70bd27, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x401}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}]}, 0xac}, 0x1, 0x0, 0x0, 0x8800}, 0x20008080)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r6, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40080)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00c642d, &(0x7f0000000100)={r7})
openat$hpet(0xffffffffffffff9c, &(0x7f00000005c0), 0x224c01, 0x0)
r8 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r8, 0x29, 0x2c, &(0x7f0000000280)=""/20, &(0x7f00000003c0)=0x14)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1, {0x40}}, './file0\x00'})
r9 = openat2(r8, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x80000, 0xb, 0xa}, 0x18)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r9, 0xc00c642e, &(0x7f0000000040)={0x0, 0xe})

[ 1675.005951][T15869] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:15 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x457f0000, &(0x7f0000000000))

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, 0x0, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
syz_open_dev$dri(&(0x7f0000000040), 0x5, 0x101000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_io_uring_setup(0x3ede, &(0x7f0000000300), &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x0, &(0x7f0000000040)=""/18, 0x12}, 0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000140)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x1, 0x0, 0x1}, 0x80)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r6=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00c642d, &(0x7f0000000100)={r6})
recvmsg$unix(r2, &(0x7f0000000400)={&(0x7f00000001c0)=@abs, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/75, 0x4b}], 0x1, &(0x7f0000000380)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {<r7=>0x0}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x60}, 0x2100)
r8 = fcntl$getown(r2, 0x9)
r9 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
kcmp$KCMP_EPOLL_TFD(r7, r8, 0x7, r9, &(0x7f0000000440)={r2, r0, 0x2})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x0, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', <r2=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@ipv4_delrule={0x3c, 0x21, 0x200, 0x70bd25, 0x25dfdbfc, {0x2, 0x20, 0x10, 0xf8, 0x1, 0x0, 0x0, 0x8, 0x9}, [@FRA_SRC={0x8, 0x2, @loopback}, @FRA_SRC={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x20}}, @FRA_FLOW={0x8, 0xb, 0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x10880)
r4 = socket(0x1, 0x803, 0x0)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000001c0)={r2, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, 0x10)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000240)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x7d, r2})
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="320500ffff00f4ff0600000000000003000000000000000000000506ddafc60400001969c204000000040000000000000000cc7a19f0dda705f5197d943e1e522ae126e66d19a1e6ec1de71add32f710115a8864cc6cfc4b9b25a3c624363ac07e0f5ed7c5c78de4aae3921058cc488db24ed7a57322372f3409d0e4f44521277919a58293"], 0x38)
sendmsg$nl_route(r4, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB="500000000000000402bd7000fedbdf2507000000", @ANYRES32=0x0, @ANYBLOB="60840000100002002c0012800b000100697036746e6c00001c0002800800080019000000060010000800000008000100", @ANYRES32=r2, @ANYBLOB="04001400"], 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0xe4, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x22822}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r6}, @IFLA_WEIGHT={0x8, 0xf, 0xfe000000}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x40ea}, @IFLA_IFALIAS={0x14, 0x14, 'veth1\x00'}, @IFLA_ADDRESS={0xa, 0x1, @remote}, @IFLA_PROP_LIST={0x68, 0x34, 0x0, 0x1, [{0x14, 0x35, 'vlan0\x00'}, {0x14, 0x35, 'vxcan1\x00'}, {0x14, 0x35, 'bond_slave_1\x00'}, {0x14, 0x35, 'veth0_to_bridge\x00'}, {0x14, 0x35, 'veth0_vlan\x00'}]}]}, 0xe4}}, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})

18:12:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r5, 0xc04064aa, &(0x7f0000000040)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[{}, {}, {}], 0x1, 0x0, '\x00', 0xa, 0x3})

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x0, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1675.277487][T15907] device bond0 entered promiscuous mode
[ 1675.290974][T15907] device bond_slave_0 entered promiscuous mode
18:12:15 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x477f0000, &(0x7f0000000000))

[ 1675.312328][T15907] device bond_slave_1 entered promiscuous mode
18:12:15 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = syz_mount_image$gfs2(&(0x7f0000000480), &(0x7f0000000500)='./file0\x00', 0x6, 0x6, &(0x7f0000001840)=[{&(0x7f0000000540)="3fed52d9212569902771174188f3b1c30ef8addaa0ec09ec3b7e270ab1b3b115eb8d8a4a0ed6e010bf893c4a07faccd46247a17453dd2bd18d1cd711bdb24f523e9e05ccc3ff70461c5142589e0cb37a6a82fbccf475bddaf647e1f80fede7f3824ae6df836b25e6b60b8c4afa4c5776f3b7a736e2d9020ec305da0884e0522f4d8f05e48838a855635ee03345ad757ea39d4a18c681ce7e296ee8cf07bf2b80d6064db68494fc4e947cec54bd1a676cbd3b8f2da0998c127a72abd2012cd0a83530385efb59a8bfd4f94c106ebc7258726561b17e7ace7299c5d3d65c627ac382c5a04f071e48848adb0768e305ac8e598963754530502a2184abbf2467fd440cf1e47f5d6d26bb444d4d150ff07e878e377f28960fd1e531b19264c806f6d0e261601c3dc14061de5a341cfb7fbfd1704931368adf6260e2e6f1165574e69f8726217db7e89fc8aecc24f702a18aee1f7705b45f93f4e451ce59d3a6a2a1c514db62e3d697596a1374a3843756cd87eb39dad3b5d51fb0482f3ddd5a0c87cd29706189777c4f72131dd235d6c4465b527c01213a6695b7a365abf3801c36e455a5f7419b9bcc891ce44e5b9bafc027670887d9187d8631c1747175748df4e515642bde2cd51e097abfd4682134b191736f55f92d6005f94b332a387dea6a0a988d74dcc11430599f6286b343928983ce75395c0cf47f9a387981fffbbd8583d1fd04fdc0766df87e675eb1ff6999538774ec8868c864c9d4e6ab1a080621047153523dca2f444c00ec9f9bf18bc680eea4bc43ed2ef11888ef693eca7f2df1ae45ec75ddc6d680497e7056445d577f8dd3386c1756d3e8c3b9aafeaf9607cadb725127dac9241b55690fe1c65765b0bec2b602d0e08494e93a7f5537e86cb9157683e9aa95e5de39847944d727e0ea15cbe4b566a34edc8eeb2f90e8251785f95849c420abadb209e6bd4aff3396a1675172ebb65876c2d1fddd5e4882a243714de80b443e633c3d4ebe6bc1cc03e89dbc9b0db82fe4e20e54c859487364ff217954de32d5b569582c676fe6f3690ea8e3a53b5e909359c887328d736e1260891c2bbef10843131724cd3f1a622a42bf602aa5974c88e86a29395fdecf11ce83bfd3e7e1118838c321f71ad77b5f936ad305d0b798a1dd12d4c3fcfe6b4e48458ff3c36235b37cf48f574d44760e877b12bb32a62ef1f805f53e95bd42a16371725396d93d12173611cfb9ef2d1e96015a9ae836abae55cde7cdd8e7bc2848121edef3c4104162ef1d567bd5f7badc0247ac0dc90cf6c8c52b9acfb9bec7681036499c9e056bfda8b2e23131721436fcff0ca858148ffe8162b964eca1f9aa7dc934488310c38937758114b4160a8e7c4b219de063eeab6c7a2c1978499a2d58ff46128a07a1f8ffe18a9e1d8fcfb77c229b8f44c88d59ce041fe78b1dd7bfb39f2440d72a1aaf3e16e2cd3d3395796811f5443c783a0488889942cc0f483fa7ea3f577bb65603a73f925a949061853ed9b90147e70bd46ced5974054185f821dfafc7e5e7f240409887068e88ee1dbd7fecffb8e2d0ecf5768f520bc9fae08480107ba813276f5f64a63dfe579529d85dfbbb5e3d07e7fee12bd7c010328fea539864177bf8af416c83be63ad3d17ecce62cb22b629c952595c20fa02e96821efbd8ad3a08d3f473582df2c103e543c48a360f371ee2fb653b191c8383defa94e27e6717c30e567904480bc5151b86d33cc042907a4acc3b6cbb9fc20cf2004ff35cc32c6422830e6bf03415933aff83db4acb6d9e430e32f7172c43414c90fc5e7bc3af27a973f8c4e1e1b22be3f10258bda994eedebac1b752b50df7607c7511c39829fb5775346f35b0fd0f7e5fc42f8f8865f9864576f98dacef88f82ff92b7ebd7fd506300d45d3f676f4f2edbc71b0e577840bac87226fa75a1e87839e93ddd08fbf5e711c3b5aab5360bb941af25a8c831fc929899c3850d0f2518e9ac45dccde676ca08f5fc025220a49d62ef244ffdb9580a8305698129b2f682a6df92c501d6321e59a9a7a0970989647bdd2263b9c498933585ca4021ce74afc78fdf7d9e06892440850ca0bfe6ce3e4a43365d9220d1fdcd35692c3de59963d74b2791156a6a94ca1a32a0b0b6fdd267b10dfed9298f0753cbb578c208c143e642da53b221d68de3c660a2e5d86b11c91c6e3fd1caf0fbfaf9f13ac015cc3b08456e0eea5dd724612e2f29425b6ef352e9eefd9d704b21f27f606ca5a9fd50e44255830028589846e10eb66a9daf0ba59a21fcb364561f671fbbe85d3f2e03ceff08f23971277fd1aa3f632e0b1b51892e2d795543007d6fab0682b9fd75b3a48006a05e1e34a3d12af358156e9564f2a2ad8dc4d8bae3b862690243d818c57c12b70936effa99a30b0bf70918d0b30193df4aa8d1c22895e8fcb26a91e90ee48c58ca77e033f8f7dbc3c897b6f74d0dc24b3dbaa5ed88066b5dcdb0f276b992e2a84ed88bcf136a50f4ccda7afc86323a1649473e34bced273b2da3991f1fc2243be09f6669d63dd6aae289005dfd8c89a2cdc5a1518de0945729da22c81460f002e0bc01af588c3e79ad8c11cd3a6fd54a97168f0a9bdb2ce82c4a117b72f288b521c4e0997c07b183a2c5d859f68e99ee0b5de4593bc7b753d3eb7f66bfd18c575cee2efc95acb53ed70b1b7e3f2959daa240265dd49a46d69043a512e2a2a668af190abb54c463061652b1e371f59d798d00f7838c136a05c250a5f194f6a98e848b153bbab715a2d1719306f38d97210e8177aac20bc9068199f190099d3f71e8469db9d3ec4a93b1e8764b2abd0a3521fc7372cc92bb61d0d8bdcfe1f9539f18233170f67d036dafed548fd9a8b631a60731955318d3d11e7fd0fda365c40017207a5d8d6594c7d2362dfe9bfce488f5a537f99e5c0816cbb0feb0248d6b0641d34ec69113ed35170fa9611258974d95008dff7d8ef66ab7922675a48596665f028023d4b50dcd98e347e4e32300878e4b54e7ec47bd2a45aa871c3f3868eca12d34713c02285938ab579030db3fcc2826df2af68f9df0feecd85787849768c4ff184bbe02ca7018ebb19865cc91a40620652cadd325d0acc05002c7b34b2079b6598fc96e2121705f00b0962f18a541e9e135a3da73feff10a097d4f2968a5a7fa9f67c6c4b2d348cb4431a38cab9c62b461b297ef3cd4caf5e29f0abc4ab943f311644f78513763f6e21c284a7e163f0de152958e706b188051a0bec5fbf689602ca395e24cbda364f83ff36450fa8e9e2a3f276624732631f3ce32855afffd5d930f17a1fd0ad82a84cbee6d8a9c1e6c1d7cdfc70bae5098562f3f401e52621d0a169cd82c244328faca8df9be0ae9e363d11fbf13a71320367a6075fe126f5b42b25c3f19fb4460785a9c9db36b1437ec152d15951345b746cf020de1f882ad638b734094b7c10ba12c75cce2f7e5409b427ebebf7ba2a67248bed82b368e6b9e1335f57c7958419469060a2567e5d0f955681c2f40defc6c0812386749470e577e158194b091a8edfc02ecc38ca81dd7d91c343db70d99f97e5c0a17ad3d1e69ae08d850a1ffe92d01f8d2452ac8bc3bd2aaefc48641b3003186b122b6c792c98cc3ffab877458ff9a8a30d6e41e040c4d60265a664ccc658213ea72d5545a2b5903d09142fa8af49f9ee5d76ab7248a5c2acdbefa96b528a451185f0cdf357b754d06a20a83a995e0baa26a7ed58b724ba3d9ea041142f32126cdfb30029fbc4a3a5c3c3719e319e638b8f54865def53872dd9bd50b3f72c1215d01c0900090fd53f067160debc86c4876d741f162954c6ad9fc0dea3865f975dc22e31ff78de6a35b983db020e4a488b7411febdcda629f18a9d711ca1597ff94d4483b2cf4c977fdafba06480f69bc1f0af9b739adb067e481737e272156357969138e3cc9b805c335bc7227104637765a79b39fe946e055d31ca6f005a836aae9d09051a8d2c4bd06ca764ccc733311154154eaecf73403ef9c817dc63eb3e2d67eeebd7bd31212f9933180fe091ebf86e589b61cb34830a56c38ed29ff5be99f1b6dc898c9d48bf522f188d140eedf3e9e1ab08800f3bd61ca9ae55a44a6b6a8f3eef22f082de0979d691982e69577b879ce3ccee3a05edf52790da14c7b93a8f2a608ee0cda6fe873ff9ffb512eabe9203cad8d60c45faec7ae641b07bc66d9495f0b893214970e4f26d4f2f3e323e70cc673d89da5b702ab6de6ab552a76c9a06b2e8f36a1a913fe479a24a235a2fff870273211df1d00e5614d071167ae079d972ab51100fc9c528f1f43971328615e64197f4876b54ee852f46fcf2e52ace8d551a31f4c6ccf2b6e4b691ba26c12cfb199a710eee40dd5c6e254eebbaa5a5c4fac58f288c8b481457f79c92b877f8e9cb68688074fda073d2b0f4a13365cb403f364158b98e2a54565ef12c1911467c7a9ab33b9990236e601ba580201960630e44d5bf0af44e6138a7fe4758d9ac6f7fb4f9f2e8856d459de9ba6d1185d1cd3f995c2b44191d9ed6dad402242fe6017205518ca996a7f2928345c798db8c855a812ca77766a22713454c5aa26e5bec4c1472d1bfe9b1f921a0629b1de63f99c82ce02f9e1ee1c9e77dce40e2fcf2f8f6066f2043d7e2f2dba5b460f377390091124961246231ed129b95f984ee008f03c672ffafd0a868af508b973460b7155e20022940ef2ff1937a8e8867f6288b5bfc44227e643e0f573d358a086b45deca6531f1e8e9e041dc65c00fdb6941195fd6cc0e71a4c32a866d5bf3284aafdbb567e9c5b4cfc5c2e4d7136c06da00043ed3a546b6eb589a54b1e25cdab61a4b9707c7ff0c0638883a274ed692742eae11ddb815fd04bc663d9c933d75c0c897463ce51b2281b886547e7ba56580dd6d2e0bcde0369addab7075cf939c16e6c28affa2994cfbc5bf80a79132ba82bd388eda91687e930f507db890b8c431ac4a0f3c9751da38c042925009ba17a5832266b666e51c944671a4fc44877a71275287d6d3151ecb17dbf290b89f1f857a03d8671e8f5b10dd182ec2165b671983f04797e8bb6f93c315b8de8fbed6a52d1f52e8fb5d996ba60d5b49cd36f402fddb734e665eb4be48b8b1a26090ba07f24752ec8322c2f73ff5124e7c3aef5443b4c4b1e6dcd836cdb41ec0de8d7a3e30f173a9ee5519a254f509e1caf996d568551f70c86b13a8a13c51e56b091d07b233e60916b53fe963a7ad8912087c37392974a10644a14518145dd92e4bb46da99300afbd5a19c3f48a37491fae0b30c11da37064876e61ef340962a2e8a4e292605d3e3b3c2a6f6925db2527b24b1be5cb7c639a9b5cccf448f77b00e89271a02bff082f7fd6487e5e2c4cbd1b3fe872c2bcc3e2abff39321c4c78fe69b760739958d8637cacc6bea95f3757517aab0bd485040f95f5fe38f05d7b1db9cac205d005ba68a7a5218de5b51a7aaca4153ff54b3317997c7a348e8a2989b033e7fbf3e1e26fa93696b0235e66035407f30884599b4ea785f3e55290a8470129f0e3467b37b096ac809f7d05a95713ee32548e1275d32f454994e86f986931f0bf60c451639346cf52b8f97a8770747462e57d9818faff9e202b400d6e98ed72be5198ff40b077e9646f9f81b8cd579664495ffaea747129de86d9624ab526890c35fff048b71a72c7fc43e5ecbe7d9fbe2e2a67243d474363f7a44d29fcb9267ac9f7a93479979f193231e48ab875a85a08e668e42352008eced2dca8f1229b1c55a1cd89a41945dde5a3921b0c9a", 0x1000, 0x8}, {&(0x7f0000001540)="af7872853e51f16912d338e399af176d8d28054fb5a9ed33e2ea760d140c9c0b42e066641f35bfd492522738a5acb219342dc2ecd98acfb104215a3a83cab5f88d754d71a2b3170522d981f7e0eb782aaab8620b1315a703ae1aace12bdd63f21f2a6f96575b94672db81b52a7760dd36c9b", 0x72, 0x3}, {&(0x7f00000015c0)="34ee9bd413b7c14705170b699cda172b7c67aa38691c3bbcf6de163d8e8aa98841b5731649e61d89aeb6198d5f60464895c656bc09e93f8e147ed38fbb2c444cfcf1615470b8b4cbc214044d2951f5dc8452f214347eda7d31a60aa52d60", 0x5e, 0x4}, {&(0x7f0000001640)="af791addb82d8f0b12d66de251ee0895253e3d15f519051bfc57fc535c3af9113110137a3412ef053504b07d11fd813dd5389d1fe298616378a3b52db90360fd49b3ca591d4d4630a9d6c6538ba20c1d3c1be28a5ec4906bf3da137bc4eaf4698f5e186e60df38518938686595f4935c2e32a55333f7d1da0b6880cee5567de5fa0e20a8f053698e3361ce701f7ce6e6460b9740b7554b72", 0x98, 0x265b}, {&(0x7f0000001700)="e6d07ae119bbec024530e27cb78261f8ddb63b6acf9f2f1f1e84eb04d3b7c4c0b0dc31a7e5d68bd27825fcef4dfa7dc9094d331f37b773347bea556832dc1985d7a8674328245e350b5cb6b3b803ff", 0x4f, 0x6}, {&(0x7f0000001780)="c5693e6acf8b2d2f7d799e5ce61813c64ea43743f8a37f4927627f4d58ae48d9696cd12cb0e9f20a96681b9bce7b50d123e009895c2b42c84b82da7778f7dbc3b3a46fab3c65a67a1d7b001786e58a5f32c92ff7b0ac9576e153e38c4e32d1e91f7e215b710af1418e1c705931a0395d157630d166b77e0da8a3f6530371545e24b70589948d8ecedeaa17d97148c2441e3cb8b17f0594528837", 0x9a, 0x101}], 0x2010400, &(0x7f0000001900)={[{@commit={'commit', 0x3d, 0x1}}], [{@obj_type={'obj_type', 0x3d, '/dev/dri/card#\x00'}}, {@euid_eq={'euid', 0x3d, 0xee00}}, {@subj_type={'subj_type', 0x3d, '/dev/dri/card#\x00'}}]})
openat(r2, &(0x7f0000001980)='./file0\x00', 0x0, 0x40)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
sendto$inet6(r3, &(0x7f00000019c0)="8fb49fe52c50cd91cc750648b4712e989880f7839223a630c96b7a4b059c29e4aa59ecc542d0e9a238a769eb7457b49a75a2bd4f8f5aaa59428a9cd2d51998dbb70e8e21ff3327e8bad23299aae6ef2b89a7951d1fd26addcce4f7930e96dfc4a249d0a037f662c070e380f84e220bbcb446bdd82429d335495c0e91be0b101c5a45a85702d00f64072f2f7ea3128a5f4d9d905a69d36aca78e98e2023d8084308a7580ea1", 0xa5, 0x4000001, &(0x7f0000001a80)={0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x264, 0x12, 0x100, 0x70bd25, 0x25dfdbfe, {0xb, 0x0, 0x7f, 0x8, {0x4e22, 0x4e21, [0xfffffffc, 0x5, 0x7d, 0x7fff0], [0x8, 0x2, 0x2, 0x8], 0x0, [0x0, 0x65]}, 0x52, 0x1000}, [@INET_DIAG_REQ_BYTECODE={0x101, 0x1, "0d8f806263bf78e61269c104004957d1ee8b551072ce0aec91937ee90bbd0bfedad1d5a9bcc128d1edf6a9fbe93717abd2b7f0578111d795e29d51e31a68bf42f45650f966a2e11324cb997f3a06ab8c433c2f7a1b4a824effad02dfc3ecc3d6196a05c336a61939fe8ef38902d93f8873c3212203fcc8ce3aaa6277d9f0b70d54d414c10902f6050afcb705bee773e3bb0646e0be4aaffd41c310d83f61332b38651722d4923c644c8925ff41e23dca578c27278f6403daf4f500b5c055dd56336e10f07f6042df77ec63bc2dda644ab81a6f59ed00c23b828dad3b77945b03e057d4fafe0aab5786a1a2eba9ee2a65c3239a02d03d2958f7344b228d"}, @INET_DIAG_REQ_BYTECODE={0x34, 0x1, "15c7f328f792d5bdedac7ba08a214c877d021f1e53676e63215457f11fb5f5f1cd0c205a5ea4ab3fd08b80d22668da0b"}, @INET_DIAG_REQ_BYTECODE={0xdd, 0x1, "dc4395c29cdc3e0720f0e3d89ecd3967af92d0f4730ab107904d0395129a70dfe809a3e3ad387e5ca23e46e0a0f8b690edd552b38a6279315010123a76b37daae2419a7570055acd5bce406609222f711b55de5d0f4e014d134cd7886ed7015af682d44abb9dbbdf73cca800fbe632818b62f9f23573e0f48820cfd97ea8a7ef4fff35847d674462bd4f3384c1cb3925c1cf64ac508c5f30eb6c7bad98401b0f7b0f96b68b2cc8c0df6c3527090bf374bcbdec6051b3eea5f893da80d743a37a994a303da75345da05404431554368faa3e86af6a318a15ecc"}]}, 0x264}, 0x1, 0x0, 0x0, 0x10}, 0x40080d4)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x0, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1675.376123][T15918] loop0: detected capacity change from 0 to 38
[ 1675.392487][T15918] gfs2: Unknown parameter 'obj_type'
18:12:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1675.425472][T15907] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1675.460496][   T38] audit: type=1400 audit(1638036735.984:1645): avc:  denied  { nlmsg_read } for  pid=15916 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
18:12:16 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x507f0000, &(0x7f0000000000))

[ 1675.508949][T15924] loop0: detected capacity change from 0 to 38
[ 1675.682324][T15906] device bond0 left promiscuous mode
[ 1675.703076][T15906] device bond_slave_0 left promiscuous mode
[ 1675.710915][T15906] device bond_slave_1 left promiscuous mode
[ 1675.732156][T15907] device bond0 entered promiscuous mode
[ 1675.738788][T15907] device bond_slave_0 entered promiscuous mode
[ 1675.790279][T15907] device bond_slave_1 entered promiscuous mode
[ 1675.827055][T15931] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1675.849666][T15906] device bond0 left promiscuous mode
[ 1675.862582][T15906] device bond_slave_0 left promiscuous mode
[ 1675.870622][T15906] device bond_slave_1 left promiscuous mode
18:12:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x402800, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:16 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:16 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x517f0000, &(0x7f0000000000))

18:12:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f00000003c0)={&(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x0, '\x00', 0x6, 0x9})
close(r0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000240)=r0, 0x4)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x2, 0x471b, 0x800, 0x0, <r4=>0x0})
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000400)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r5=>r0, @ANYBLOB="80000000000000002e2f66696c6530006af793a425a874776e3e3f00aa96487334d41fe5cfd0c04f68e13e3bf9b7a44e5a163f1a3ec9db8461851d93da285bc2db9b4a6c46b4b95fd4bc67ad870ad584f8e9e24dc4a8fd482bc1bb792dbeaee5c1180fa88f5b918054926741e52aa52ce7708a3e1f6c98f97200ed97d99d16"])
ioctl$VIDIOC_SUBDEV_G_EDID(r5, 0xc0285628, &(0x7f0000000340)={0x0, 0x8, 0x5, '\x00', &(0x7f0000000300)=0x81})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, &(0x7f0000000140)={r4})
r6 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
dup2(r2, r6)
setsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x3, &(0x7f0000000280)=0x6, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f00000001c0))

18:12:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000140)={0x0, 0x28, '\x00', 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000240)={0x9, 0x7, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x7ff, 0x46})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x101100, 0x5)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff})
tee(r6, r7, 0x0, 0xc)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:16 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x200, 0x486701)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x8a000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:16 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x527f0000, &(0x7f0000000000))

18:12:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x8, 0x80)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x2000)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x2b40805, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/21, &(0x7f00000003c0)=0xffffffffffffff8b)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000400)={0x5, 0x200, 0x9})
ioctl$DRM_IOCTL_NEW_CTX(r5, 0x40086425, &(0x7f0000000040)={0x0, 0x1})
sendto$inet6(0xffffffffffffffff, &(0x7f0000000500)="c539e1757651c8464bcb7cb7f7742f1fd6a65ef14719268e4fc6ce5bf501187dcf6b73891a74112e13564c0e66c9f4fd6485001c48effc3b876cf655fdad9dd89de443dcb1cf314edf6db2a8adac2ca4179f888091d771cab75d61f96b2651b366c1068085d149ac773f9f7449ccf3c87d4ee58cf47d283ac47ff3b778b5d66f133dc9f96fc57ea32cfe9ef0dd40726276dbd1da33ba74dc9222f98973ea3e6feb46a4ae684e3c1a04aad13d760a9a19a0d5593f8a60765c2eccddfdad4bcc71a33356427a8d1ed72bcb2935407db6a3888eecf77bc86c7775dd75f7a6f717c366e2f463e4ece6743c0990b092f613b146", 0xf1, 0x40080, &(0x7f0000000480)={0xa, 0x4e21, 0x8, @private2, 0x10000}, 0x1c)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0xa00000, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x1, @private1, 0x8}, 0x1c)

18:12:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'virt_wifi0\x00', <r1=>0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x400000000000000, 0x0)
close(r2)
write(r0, &(0x7f0000000500)="bdf79fe9392186d587e600cda816564158f64f322241681dabd89b624b32e930c949c97d63da849d8b96e2c7a97ca7de9e84fb566da6584c61b38f156e16830a85479765c899c5913d383f17e07e32a48239326d2e38ffd67ccbabd86c4792d45ca8de93f4c8cea4a5b9091e8d792fac088b0c7bccf29c68472f5c7c7cec89e1fec672cd1ecb5407ee9f670bd89f3977f13efc7530e1547e6030a0ac2d14fe1ecc496786cec20c0d2e5f8ef60c6ba4f2db27082974c976fdfa1908a7983e90c42638687cef9e5e3b91fdf4b7d8a45954a85bb670919f3d029bd10bcaeece308ade973617d2e47fc7d566d20f85b5ecec15322e3fd2f69c81cadd51b1479eb008876868a7f03b7106ac734eef6ac4ddae15e1e65a91713ba80a050f6ec2072b7124b519c0bbd3138c4b17823daed1a061cdaedcd6ba3006b67e434eacb8fc81a3aac8a3329b420cd737b1aad46bf29099db7030798956323ab5687f2cd62338d0b1f86342a03a7e2d076f60536a596b647ef1b0ff01d2413b10bd256b1b80ed49e812d077bd36723ab76797e9e16ee3f3fe9b6ab3430a81d23535bc7d5931ddbaae937421cc160d6549a6c4972f58db2fa4aa45e891f662c77e9d8bcbba149c71b2b038b3fc024565d65ca5fe8e94d61f6c548f61991e1374e31dd6dee4cce209bf0ac6e5970130a85211cd4a394d3d3b21a2eb77c14d5d0f4471bccebda01772097e25e8299f00f10b484fa78d9ff38b83a885228b809ae073ebabc4e8628776be6b71606ce5721f8ffa37b2fb703847658a7e19b6fda5bb0f8d1945ef538f0be328a805b62e3cd0efa5f74a67fe1e33b7d5929022e0c9a9b314695a2f8a4f4e907a596a9a0f2cb921b63528432d6591c7002b858409582a06a3d1ac85538934ad486e13d98570ccd1f384cfe7c35f8ccde3683d1e1583d4ee467c06ff6578693b9601324c089cbe0a744d9dfc8bd55ff4e100a359cbec8931f47e31dec12c37d7833d3ab1609a078088bb1845e9c1a4fdbf2c04a5996a8d9433d821ea1775d4e5de21ad2dee2502144a28ae7e1e43d347bb80f6c6eb8091d9f2bdfb5f376c0a858928b93ace5a8b6ed267c83a6193f39911a89ab1a09cfb0b13f0e8e61d631ac3ec2574c0eabc2cdd68a3846941b72fd175db0200a9e70df09ac425812cfa16de9ba151fe36c47b22e19c9ffadb40a53e12677bfc52af06ae41563ee81707a59c1f7c82cc93e6761c0103d41e0c39653076d5ebdbd6b836bf3124f82f6f9e8947e0c1e6599895a34188e0807d26b457e3891f2844e03bee0f209f3ccb696709557116037f2aecbb86981be7f890fe54d96b0f8b897f4351278aa124c0355c87575824a1ded8f9f4f89247e98b4925ab2988823f0df29babc4a6f3d7993333a9b7cd36e93b17d422f42b1cb98fce0b7470509264b8aec15b38d0c882e05cd9f267bcdc4d0cd351c9379e89ed533a6611b4ca71baaf9c95d929fa9e21dcd7d245a4d1c4a49cf7057357b0127f7cbc3dcf6e534ebe92d45e9f49b44788504b4b763a975a730431523a1fbee5fe72be681bb9ca13639e5b4608ecdeb05a40124d4a2363fa911afc43bb4ffee8e4dddca38b4d2141080267745a62c8c6eb37a582f8d0a1d741d04ef64730f7e4206867b70314c6fa77e4ff54a5315acdcfd40d3198808c8ed55781b02b94076a063be99d1edee70238e449d3a0cfeff24a7148de8ece33d5aa9bb53964075cb2e45125c6238782dea8ab3602ff98ca3ecc3c157dd3f3989c5cc57dbf6d9e4975db9af8c0008d1f0b54ffbeecc26970321c1f0837460a7282de6d546dcbcf866ec40db5bbced468603619f95d82bdb6cf68af80723e94f205231a4aa41661e413e30b9e7ccf04d1d66a3e07849aa630d2fd97f19123ae8f007badb8d673ea7263c5a6941f9231ba8e215e84c22b2dddb94435dfc9eda4e1844d31f9e7b5db54a7eabcd306e75bccfdac32b7f84fcf40e6cf0240f66677729501f2bf9352c2054c2f2deed5546daca4d7eab85ce6e1f51c654c627e969fb617f8aea87b7686cdf9c8ab14b26faae7078b2707875f6ceb45521e428f393d5b6acecbcbc0f0a1d3c41156abae0e05a31fb18153ecf9962b55e154f0af0e044869374040d94388784bbcf2f16c615c12c1e03c006ccf8d3e85414501021571a3238b7feb79725a84572aad1d5c11b11afd0c5eb0a5955571aa2ff96a3d1326f8093e0e12ed5515059f5bb1d52b9bc717311216b5f668bc55bcad173e47339d3bba1282122978c6c3ea62cba266027340f4b82a6e140f44b2f443218086864e0e079af4af4efac9b7ca0c7f9cf07db8169c34eac6d310af797683c28e18aab920719aa3382a4fffe1bf628c3f1064bac63128d5515edd060a8d9c7a78650fecc81fa9083cf37ba4c7f38f23b47e3760b219b654f4b1685536283adbf95ed6d3a57922876bc2d75d55cf232ec1cddc5a7f636d363f2523b868befbb7d9a37eb0dce4ef00779a1df07a4bbd480bf4c3d4fec04e3795e50b9e56481fca2489ecedebe71861ed2c01d6f745c02be220e0fd73dc08d4528b49624dcec9728bac2b4487c499c19715adf20756fb55c08dc49604a0b4741012862053d1dc702fa81f336374f690d62295b2323156a6d73fd553a88fbad06ed493e9f8df096a03e97075f61f620d9739e495b27702f9dd4e5aeeaf44209451320bb1991f798df1db856fbd3ab67f8edd35f5c25d81223e5e1d7b8f8bafa128d2d080d2de56541e62bff4ba41dee1acc4495069cf3430990b97c97ae97e2ecb6720595e0b296eeca12219e4004ab03ba98cbcfc21e40de1e1baa3d151abda80ba91174324d2642528454ff081562cca91e8290497ece98c2d112b55b4cfa85c5e7c130cdf981fc7a19379ecf76ef7b20b6cd9981ef4347c9433d4f5760f1fe94c98ec1c4a6303ba1b5e3c6742a7d395432d1c265f2575209ab1cf633945ecae90abd847e9aaec04ce910d003ce1f54e549afe6b10c4cddd900532f444b0f7fda6b0d437747658a8edb07977330ea54ae12f1741228c26c7149b8a73027d13b22d8f5540e1706c36f07452f8ed523382a7471051f4d14eb88da39da0d0506c75f79a8ab17074c06a71fc5836a10dc1cba199936a34aaf9ba20d6ffe8736c4cf5bc08fc45acf1b4b7205aa5d115dd2e7cc631d8236b8bc65f6a5939b518ea11844b58063280e373268c9adb146bf5e305d0ba73d7a6b1117489e20b811857a78ba898f2b7a111644f9b1ad94bfebd0b9cd80343079c024c9dfe024693a34c62a81b60a301d2f9ed935368d84e18fe7ae2c1a9eebc3f7924d09776dda0d479e7f9b9fb95db2116fe189f4b8eb45339bd86cc8125240432b5e0c8a290ce4e7476db59f2f0478bdbe957c97df01a0da69e23ff7ca719f89f597889ea24557f08613194437de60a9518d3f258224f0cc41528601f97ab3b3631fafb8779f3ad61634508c79be22d6401f7d8c007119761278f0ba9ccbc07164cff3fc4a4e8f0727b965e8a9173739fade22b96cc1e4a800486d952bb7348a6cf03120e09e9f1a92f618877caf79df87ca2e5d917736c9879eeb9411b63b4a222d243072a66c40d1eb6d6508c522dfbcf74337d9d4d60f9046cd4f801c2ecd2ab6fe66594c2c92d8973bc32614f300befeec017e746de53870c35d75cc5e5dfdbce4df6392af9f27e3574d8ed138ea39e4d15e7665ef6004379e2e2002dc70ba22c29cba14383fc961b02df8e05bd24f95774428f883d45278247328b0f3bbf577e8a9e7367292c8feabceb99f17cfb5a75d6c55167fd539da45fb069dc0b7fb6b385c1bc5c95f872a5d439668055273bff8c0987b5d5a2b0b8e00633aca7fb4191fc0ab44bc28e5ecd3fdfe1403260be39b0b83cd7f796bd5dc675ccb4009a67c17db609ce9c5d3331162f929de4b4dcc0786407f63c252bd7a898c8bec9ecb10945827ae7c4d80d708944f28bd8740c93ce9c3ecb7485d8bf4f69bac1fc26b6f04b336610b9acefc075d13eaeb4a08acbc98b36a9a0f7a94fa49556ccdaf76a5948f9cd0031efd8d3643c0adca958066769290aa520ddf74fefe7af94c4a018272f21687fb59e8bec11d59aa23f2c5a3e4603169f018e986f1f45e62a0709c2f759bad532d49fee42e2eb335d092952abe663ec8b66a40f5094aba8d96aa1ccf1ebb46525e1e44c57a0f58b8bf30a9856ff14750f95527e3e27fa5e6ab20b0803a21cd7d62a4b7d09abd14dbe8791520b0fed24c2f160b25d4ae7f8d9e08bd94723d40ebbdf58c852a0445cd64a196d5a1aa0051592b1869350addaced315afd847f158b458a06b339f447bf622cae389ca4c931148eb68191a5500faa124734b5872842e3ef01c364ae0dd2d61aa09e1861751b091bd33c9133045865583a49cdad3752853cf5931c76e8cf3c5569950335f6d3998aade9114809fbe7fcb2a4a6f9390ceb23e94cd9f7c3add9093154ca5cd6ec879b90a60e413978675ea9c41a3dac5dfcc8b0255a180951735f7f8820e4001b3865cab23193fb0193de4f7a0a1208ee67de5da842982be377d08eee2d852135b26255e2f39a02253979636c221a058f90c2c6e811eb5ff1b8fab627c4531a4151b51cdc53b36e1897edf0fdda983544eee814a6f49e3d875d53a01b00c753c0b0f7dfd27020a20685601ccf21bd7fc9a0e05575accb62d30f60f143be1cfa72d5608584b3ad2f123f1645cdf937f9855a0a7b8a7f8fb96335a605d230494497bc5fc4de3ac1695dec8c86c87988fe6ee0ec4ee49f8a5cd293b32431c01e1c9b14d7ea601ca902c56df7660dfd2ae463112a51a67d5070c78338b5ff8e6ad5e04548afee3375a3e3704468360800bdd2875687a803123c24c27ffb666ccda8465d776daa6eaf74d6f0ea051407cdc4032a35e2f105f241c5971434c60c9acc5aec47534c96bd91782d796301e0340d1c9fab1116f04d343617ff1d47dc537405987a49c8ec704df072451a2bc371b6479b40993b0b06f93eab2d08af640960ebaf2fed2df1af1bd4317a12cec64729a1eef5cd49d1d8e961372ef57cc0791e692ed8c447e542a21df3bff12b758b9a5d179d412031d879179b4436f6cccb7418ab65305028ef1d477bf33a781f8125029d48d4eed2708eddff7352387279da5799f94583ff6d274a13fea0a8b0d59952251b8b2464646864f20c3ff2a2c66bf8f1d7abf34bdd501ae9ca7d7b76b6bdb9df471c148c415879fe10d280a78d2bc6ee6a8318db076a917cfcb9c90394202d73530a7a21577eb13c6a8f0859fea15d9dc81ef4491ffe39b249c8dbbf4597b77ed5843d346a6b7a716ece3d5eb72094a830512f6839c5ab84c1c3378588b170de48af93d0e5c1b15fe1dd4b1fd39ceead5602dadef6088d0cfaa712c16cf7c8c9fcc82fc61d8283a4c0683043f78cec1434d8b0e3e3fe22da9a9b1796c5f8af2be5c0e62335346b08b9e7b58e8fdcec022469a4d39fe111058c42019ef2106300c00c24ee66767aab2c0e4b4f6351d5fa7d1b551f8477044e0c4283e5e2338b37ff6ef25f524036bb05426ec5ab587ec2aa904ec18386977b47da292a9c4bc6036d521b73054085c0efacadc4cb4e6a09a41546d5f59f350684d94c1995ec0ca33d5f22a337ea0e54913e79d7202f34f56dc32723242cdcb892688c333e61c277ef7e9c44c9d77162784957468525ecf02eb3b7a2d84ddbbee994d63e0c99a7eb3fd85431946e881b80282ff52dcf0ef83bf30e3355ccb2ab5505d518d3e6c724805718dd10bbafa141b0b3ad8db", 0x1000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/9p', 0x200001, 0xe)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@ipv4_newnexthop={0x40, 0x68, 0x300, 0x70bd25, 0x25dfdbfc, {0x2, 0x0, 0x7, 0x0, 0x14}, [@NHA_GATEWAY={0x14, 0x6, @ip4=@local}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x4}, @NHA_OIF={0x8, 0x5, r1}, @NHA_FDB={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040}, 0x20000015)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000140)={0x1, 0x5, 0x1, 0x91, 0x100, 0xdf, 0x3, 0xde5b, 0xfffffff7})
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:16 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x20840, 0x102)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00')
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:16 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(r0, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x4)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x1, 0x3, 0x41})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:16 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x537f0000, &(0x7f0000000000))

18:12:16 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
r2 = getpgrp(0xffffffffffffffff)
fstat(r0, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000002740)={{{@in6=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@private1}, 0x0, @in=@empty}}, &(0x7f0000000480)=0xe8)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000002840)={{0x1, 0x1, 0x18, r0, {0x0, <r5=>0xffffffffffffffff}}, './file0\x00'})
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000002a00)=<r6=>0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000002a40)='./file0\x00', &(0x7f0000002a80)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x4000)
syz_fuse_handle_req(r1, &(0x7f0000000500)="f98ce06a10d1e47ff14ef7d14b8b0e1573ffbb92a5288c7ee35464670f94c68467cd1bc1f4ea08514cfc4150bf8fa496244a3dfff9474327e98f9d4f8b08884db02a43febace1142eae5bcb9707edef4dae46071d940d23d95233c6cb8f24612d9ea5283394d35559c72b868eba2f00fef9c3213c585c6daea733f65c4bbb3eee91fce0af20a0a6d1c9c01b3f9d348b1c5cdaace462be06968dca613904d9296f8fd5c98e356eb4ee9db9e2a385e99b6a3a58b84b66ab1828340769c02e4524369d6d7f0c08ad3fab3e30f947ba1570e724b293cc6311b3d74805677254ea57ccf0392ae2fdd01641d21a903e75486c07165f8c9f36611e3f820c7b6f6b9b32afe8d7c90ce34c16d15986c77f5d98ead5f4c2df9493821c5624ed13f12cece9b8517653bc8fff34e4390f9ff1a5d6f6a14e99f7139e2d1d0227e4cebfa8c87ca38dba637096a30ec6b84d22d321d70038667b9e838193d56b77a11cdf465b3368df541b0331c47bde8fd0780e0076096f9e8a8b5fd60095d5e8638c864bc00f406f894e75ff61961e2f557f6d4abc2cf95ee99694b7ef69c0da7f238be930240b0ca5e15f511708a07f3e8bfff1a4c1d2d480540c978250a476b997aac594f4b12780b9e9771878c1a81aa0c18eeca7921fa7a3584fecd0df331444b9cf324d471345cb55b64aa9c79d37bf00ddaf5949396b4fcbef1433a3364fde1b3fc263437dfb1d46226a73d5d6179801cea0ca862f4bab0a7e8d54cd22bb4ca456d46870bfff80d23157ba563b71e98ef7dc424460d20f92812cf7259459c8a9b41627d04e871ef19555f8ecd1332cd73e83b006caad4cc89c7104b2a0b3857d69c516a8f66d2cab91d992ea5af4c5c59037a26364887e6d9bf9a2b124c651715a78bc76414a99c9f06b2555a9fd7f8580852243f43f88e2ea31e03f17f44e2ff5df973f9d8ed53385cc1e182c96162b69d87dc24113b3756c74f06ad4360a1b2452d26087fcc3f8efecdc27c00d4851d9c683fe7458bd1235d4b72ff5ae76ec7cbdcb499ef056d3f8f6ce9a9f4e43d1ee5a5e9a11c02a2e13bce13781fe60c3da070ee92f02e9753a9402c15d18f353f4cb2cadac363683e14a82a7dd4fe7b656f2e767e3ae57b3b7be2892fe2c02f6c9c7cb9d3353bbe3e3f52ef25b92f43e794fa9327d8bc4fd62a76ed94024984df2101d3e2fdb265562a3958af94ca28872713398de83aa2004a3426e497832e316549b0b7bd601c03dbe3fb7d76ee5e2b289fff3e9b8450e5cc0dddbb0b4c7f748511a0b10485e37e71d6d5d4a68bd184e0d38b00e57a01f95e8f8987c3ac760070607fdab3c1266d76b3785c939756c769d314d165c16e539d853803b5c441a812db260eb035c9a0985c2c48b5c938411d916e377c2cebc83dbf2d675651bc1a8a9b72a2325950ec362c79919c2ca3d1212556b3ff31f8b451c5d50661dfe5278abd9e379731f80f78b48898af4c3b8e8e97c542e562fad9c6a1c3ac28e017692fe94f71f96f6a790988d5ba742d5c239171eeed2feb9623e9dbccc2a1aa3d1ddd298e29dbd57a411a64aa5191e4fc81065638b394d1148bfd6897b92815e61294cf762e4899e28ad69707529862c99b77ec55afafca84317e8046b39b0fdedcef4ce50d5e95ad62b53f67235895e8c0d702168923f39f39de00a4e80674febac0e03f35d4b104c909aaba95bf1b831351daf0e6ad7e7a4306a45827a8eff059428f0a5d594c9a2eeec9978568cdd9e833da403ab84dd5d052eeb6cb1fad21419442d0b22f0a5b8ee640b0adac39501913fd944b908692adad18ae43f3ffe34058fe4a68ef3687c0045873196702922a54b0c61d03d7bff6dd3a31886d346ad8f7cd7f0bceb686572538a01d9397a7e346e3833f7666aff9e6f232ca9eb24c41c87a120af0d2ccd2f2fc54eba9aee8dd8ecbbb7f5873282482477a7be0c7244833d030fc16fc0f293428e66bb8a47a56400a4db014c3d55d6c5fc7e912c8ce651830bf8beb6e09c3846da600e2dff773d78373becaae6cd7d9a2d36a6cdd7509c1aae4133b884aca7236b038b22efc26cef96e287076b24ffd308e5118ed4ce85d0291ad46c98155270222cf16061a19f942cea5e1aa32673bcc85a2d1e8425efad48b44c09bcc47a727c25c57f13201141f42b62d3104ba1e70c873592239c07992d8480cb6f30861267441da49c64c146dd0af295e8a25453c5c29dda8aaa5067abe7753cd7757530983e651a676886a6605fb37b97ec41752a0f76f4fb1317eb986b598c752e6256084cff641836d671e2e123ce9871e98c703b5cb8fd5729b2c0253b05082a1d90ae029c81c55b3dff913155e11d5d6caf8d40e4ccf0daa3f907b46207e3ddee642193b166feb5fd7061eef768291f29f503048aa20fcd49d65ad4f9345f0863c83f4644e695e7b60fa5e79e55014483209f0d84e994190f54428b6c2520188e7048227b3e189c4d5b2b14177cbfaffd66db5bedff5e30a65de4f2c3a8e0de7a7a2efdd38b9a81961115dae3860d4aa474b10c9d156acf2e15354176831fa0d64d805888fdc368b9b697985c686fafaadb94e1d31cba309dc1eca2afcc48c79eeddc1c4f6b791de7f46b577c4299dc94509d5a39373e70bca3a18350693476505c7ff4c30bf68c42f1304163c2b7500fed3a378ceda81db6bb1861e49c4aa8b760be16ab85db92922614a062a704760db0a934d5e32f44d815f04e1cce469fb0f6b1668a5f3b3548ec2d0f2adcf7723d1190cb7ed62b1b3dae9110fc2425483eff33bd9f692fd8b9f59e505c2bc6972ceb6ffd42b73b1924b90f67475f57948701875a97cc9ef829a43f53c7997b06ee7aeee94ef8247a1f4953d9daf808e7e6d7d6d989dd669ba8dd89d1adba766e68a7a0d5cbbadc369c445259837822a47e1f783c2f7cd7c7bec507cc58d1a80f83df3291d76dcc5938d2d16c04e48dc21fccf8964244be49c4baac4acd42e2cc845747f92ac39168cb20b8b7612917044f108652c94c674fb2a0df145670a4d65d5cd3b596f6a80e257075b10cd3033d62673157dc1952796483b61b07cd4eaefc8d235bf136302c0a4e1d99ed3a2c89a695ff1e5f3d4ba5eb3865a3c9b4ba8804eaf6285b85725310e147868b900b59d8355e903f971cf18d209fc4df84960ec4bf2a90668cb0598b7a2ac9656455d437caee0c8f08126918b5fa655864bcb44404526c1798a732f13168a15bbb67597b000ea0404dae21ea81384b41f41732dce9dc518b89aaa06203b27315fcb2da26a7edf5bc51928236322bf0ae94bca5c50d1d0d25c395d71bf14063e178fa268fdbf1addffffa09a463f6e8e8b4947b38fb28e695a0755497b9bd7ff3be116d36b3451b74c5552779d0fbac3d6e73bb88f01d1368241b8564f7f2459776218b13eda55ca36a5f61b4cd08c2297c82ae09074904648649e04b413655d75094dd9cc89972c76a54182075a589ec7706c0ea33f028558dadf8599ccbc61cfe2b0ad484dfc9344211b5444122bb4942e00b47126ceb7dd7b4c3bc959274511a2d5d7f82c5d616422f527fa02a9d7079ea5394d0ffb3efbe5cfa7f08f407239ef46daaf56aeccb52cdf02f2e30837e532da46b0bdb8d866b58dbd08b92246f673c462210a76bbabb6264a5f0541eaedc93dfc596a530bce77ab74b45a9734ff62933b75c67a4d9b4cbbf8b5b55180d5c8fd8a16eb54095f47a1952f84dc1e0e19c7b530fd4b2c3fc3c1e32218b5b2a6a1c8a04e78910c6410be17bdc2a8f146012e1cb013c4c903ffbca4a6cc44b273f85b56a468f8cba6fb3983496291da6b74ea27b01ad9b5922d01e9ae78bf398ca1d2924d4c1c44658d31f38d92d16b2f38b55d17096c974bccd60a938a12236c1d48867b83a76bfec504735ca023f9e5c705262786a48f4c051195762b0aa41afb929da92dec70c566e39909d3a07c7acf380f983ef4ee13b644822e4bcbdbbee26f948a12db6623db5ded166a4cc2389bd05d9c9ac0b14936cd60c605071b9057601054cb11df87b04edded0c9b982f4a0cb9aa3932438cf50837d35aaf1d7fcba7d4819c87f3d80f7cce0e3fca0c374b5fae8b01f058e341654aa8b438fc5f81479652f51504c7eacae21f4a49147dd444321e2dd457268d33223a7ccc913c105d7fee80e5200261717cb9ad0a5c4116605816be45f8cb47967fc3b7f01c24b32779da3f8333bce8767c858677fa1ba2753dc79e046899b805ce034756a7526bf0445ee840eed80322268ab7e3898584ce8760d04edd11f4e15044e8c3bbc10fa8959ab8cdedf4eb09c5a8dc887fae67d45f274159631506e8eaf3627267ede6dedc4e9ac44cc9f33bdd4feaad9bbe6e90b8e286a520883f30a200421fe0f0384f41846a519e2c967297baee4b18be662e583cb12d76027cd849df96e4a236d58359c9a6782d295c9cf9c614cde90cc6a6562b2f683c1fb7116eb21777b03f1191106b44d9570e71ff6e03cbfb2f6f23e469a1c8b1c0baed352ae7603436ddbbd09d9d7139a2ced201e87dd1b1ccf4cf4cd24568ce816cbe5926310a2ddf243fa176446ac8a43f6ddcc503a0d5ff36eb685876256cc3f77ecc99953a391e9ce342c3b658ab687958cfc290ac389ca98187a05823b244ee95a7c8f2ce6a5781e1da73ef599cf5d84a782ab2d5c32e30ab3759b0746d5f1af5d5b73e6816152180f921ac4385bff047fa757dc4cda19fa244f5e6ba320f199ffece68610e19b807f40b3b89f2a3e68cb28c42243b04a7f65f77c728fa9ea33d2be9c2c49265145103d8862922f2dce515e11d7f135e726fe41b98be948ce46ddeca4592f08bcb7c5a316806968c187da528d9fed9af4b0f6e2eaa2cf5238edbd1c5740ae68c86d0333834b3a8387008cb233683f86481ea757ad7cfb5c597d709d5422cee31989ba4cd6fcd5ca691e88d6766fc17642a84ee2c7834c3abe6a5b7847a3c9c35817d82ba4e8c2a33aec160ebe3de4fb6f2e01661f18ab0d2f6ad7b093f5d3e74ac060076213e43b5a55f116075fc2bab6ee139f1323451683c6ec93be2a3f1e7e15824129833a72a4891725a3eb66331b797bec1c0b0ac1f77f515febdd36c200c90e6a3de26a90b133bc588864cea949e878f55dc8a660398c7dcf67406dffc14508cfa2f9515ef89ac03d4c54b4440cce9b12a19df8c38f8c5d009438fe70044514b32b65d0b5e801f4b2db5f22eaffa5c353db80e271fcb4820a66af9decae89a50f399fccb22b900728bb3bf23a5f2b52970ea6129aab54851abb91a262f3904433f214ffddf2134d1d0e91015fbf73ff2cffdd70a7c5ea2573f7eddac5675bc955a70518cd11ce514bb50756b0c5965e72483ff4ce421e3eb484c18152d72c27db3d22a2c7ea5f795f8dbf12a3344f9d946dfefbfb073fe85436ba3dc50eb0f587e5cfad990d51834cddcb7a227d349b09b3804f69fa9142a079577d4ff15f95a741a6c19257747b8a5abf56f15a194303ec6916a97a0bb04b757f0a46b7579fb7eae797f3f4d10f18fcc38340fa84ca93c6e9df530e45f64413cdc6065c1c60b5d6e9f9f7c7ff23b4dce113087a2894731ede86c24fd7eeeb38ec30be6b7ee6770c7aab20eab7ed463caa6fe86c04711181b949a6f60e4e93550452438f6f58daf990d530690ca2a6f2bcd79989e1d20dcfdb5dce14c00fe1663d99be17852705bd6946422fa04cb303e588df766e4eb408766741aadeeab88c63701f2dc8d9e1bd82b38bdedec0722cb447c9717e73d548388f0c455afccd825ca22c2cfe8c748133b9650990166eb3f820707d4d93cd0b31fa6c0358d9daf0978ed24a55603fe276238a5610aff0de6e52ec7df2c5a4cfeca3f0fd2f351f803e96a1c1ca10b527d094610f7b21c7ab4829c124daf6a2eb300e1bbae174cd332bd201567cc5f426f16c83dc157baa3f79f0e17fc7f88cb0d1abe167295f1f8213a313d17892c265897f47f60c30775007957aa6e464444fb2dae4ad588754969aaa213d64c4241ae3183241c63b9af809486f121a720a68f26464bcc60d46efe13cdbee9ea50d63908145c01982eb4089189953dad902869feb3306a1aaa362a1c227592b7d7853c52892d1a207a5e47eadcf4a705fd897c01d6ed063f98c03df174b59b5b265fa4816712f9277fb6e83bc51a01c1b8c4201db8f5f3f040e5c9ecd97dc46a34ad223ff1c3a64948ed24758446898c7b87fe744659884d524b25fc13a08a5ddf2d772b49e40668ec2ce92d1dae16f6e7ea413cbab90e7cf5871d90d28821a62dc6298c90b7d4e3e5288bd5e5f35f1868974766b57151eb5f4f1acc9f231157f4a2382640365d2b3b9cee9150d2d247c8f2b7c32e953b657b5e66a4e5cd2369c4f3bd7a6dfb5bc71741819db94a608088b0dfa362688481a5f58be0fa48b82c058e462ea3c63e07aea27f2f9a6f47301c3dbfa62d11dbf04cbd7714784084a51e57d31c0c5fae3e7d74dc28a3e3bda4d0f319d7c2e9120355cba46b22d3e934b49797d00866b831aec48eb68a12d3bb3824148062b413f83de390831c3e6d721d8e59853fb2f9bf217e3d56e44061afaabb1397599fb251d10f24266761d328a753b2373133468f6f1e90a2932b88c7b162b567f09f93d34011f60cf0ec97dd3ffb26d88d53ba7568350a2597a7625e76e1e6cf4dc6447292eea079f98a4a63168ff9800b167b51f9463549937e4f6ca4f26d77351329af243e8658ae6d73dd9945fcfdd3254757df2fe102b6327c8d9777f39f361c13a89b4affa1b32117bfc3f8c6a7e123bf3e249d9599f7f7c840f812a90444155b3000d0dcb06db1f8735674d5b3268ed5e2654c36cfbee687c9e919858167e1e72487e61e7f3b7a2fffe67f259cfcde4dcbb3d55f2b5d437b0adb44bdde1bd4c78c9facd75b7574fc2392722d29dc644c41ac457519195aebfd9a868c0cb5a9cca4f54c9b60cb76f73835e60d9dc573bf2db019f9011b0e66d1b2245589253872df50ad1004582f86af2655e31c7ae9c61389294cbc26f2ad4fa26019decd8144fb5a3121e4a25c11960b9920d793f3108d5fb76425bf8316c5ea150340d99463cd9d1e4248ea1ddc2f991b1eb65c3c7b15db0d6ca306c4635bc7db81b6b7e2a23ddefdc0b48ad8d8aa53c00484570bfff8d1261fe49512397f560b5f7c18330e1f8e3f6935bd094fbce23039ea3aa24196ccee612d823ff9c1650e37034961f35041ccf01c9ce1504bbca794f27dc3a9ff660984d8ca9bfab8afc5228705805ff3c13eb55974156f8099217261a45adc752e1edb71cbbca5186151185a3ab85598ff235aed5a9dff0a546ea3986c64e84a19d2743e43881bc82c4fbdd086d87714f855851bd404421b6849f45df0dd6920a3de649b172beabfd33bd646d08de103f71aad69fa9364caddfbe55890c740667a98880624040cbc511f317a764545e29c84decb8692acbe189d4c35742024d3ec2dc1d67372e58d924f830e55ef10bc27d21a5c8f9da1a357edb40f0a72570b73e923585cec374f8b3990514a9c7d92e7729f196edf75500f508b6b9394840865c388fdb40d75f3af50a86efd645165d553460f9af61d9306610b0b2990b8d38023cea74f186fe8c3af47cb0f906b444965ab37fae25bbdb1766c04aac4be839057d8ad513c5567924225b776008adc460bce4822c42ffc8d36053ee9109bbbe436f318d4e167e923d9ef0a7a538870313851b0b87388014751ecb9aed4a42aea5781e25e4f0f1e5f26271032b76a08cd7a3ad90f134f7c310064b3ab1dcf8d496c33c6c3e691ff516a079b025d6b36b216f8537c1c3d41a25fbcf6ee3672f6fb9585f9daed635ee36e26716de6ff7580fc321905fa210ce3766cfdf81b039ae5738f404e3dec430470cc82904f6eb23d95cdc6b46d8242e9ac1123455a29dd494b975f9c85a55f66139065fff6622227a80c721a903c0f0ecd0604ab797a2d7341f64dd3fe52e46e8718c3edccce97d140d7598028c2c3a9c8339ed70e883c6b6849414a3462b1c810f38537b9e44dc2f98c95b6a0f83898cb2c6059b89757caa73951881b85940ac43a4e9fdc60dd87d5528ffa252d2390b8cc6cce2352ee7ab5101b4cb32c38c66ad8f13a0ec76669a0b1f5f8cecfa83fd287cc6b0e2d9926a9eb0595b42cb1ce495b9f6b00b5cfb1a35a8e64c3f0e56df50273ffeba8850827553cdc97e56990602f43ce664a6a4c80b059fe1d08cca7d7cc164fd607a354e5974944f0baf548babc3d8bd91efab492dd89d4b208ca3ee9c95d49d1b6e84bc59bf1cac029d4611a2688698b3dc66127171ef14844bdfdb348048524ca4e50e87e80e5ff1ece5e92dc5bf3bb35a1ff8e9e86eb75a2a9d22397223645d74280f4983346b7774efd3a1a7e3a54a170ae0b81b820c0847101547b861abcc149104bf641a32c93a888403a2ac5ab1e6cab11b7d448a5ae8bf616d064df58afe000557da1a8690ef1d3d784dbfd39679c5425ed0bfda771deaf336e83b6f89257bd414d03314e3662ea6589feccf6ea73a4f5f10ecac4b0b9e8d48844af07bb9a05a4bc2f6fcbac14bf5d007dc7885bd9bd59d70eb064982cba7c1ade17729034c2cd630fa80d3b68f3cfe8feceb9ded41d8ebea75d946debf5ad6d685a5a676866e859a17065b25a344684cbbab50768ff4418180e0701cc331e1114bedc81385be621f10b55a6272c2325b5eb85994b4b8201847b070c0145cb8fd476f7551b158fceecc4d7b9a61a9ea52871a4f814d74dba4ca1c9fa61fa0e5e5fd96431eabb466a1e3ec51feb8492b97b7d7cdee9f11dbe11d1df3ba2768f44e5a33fd991aea15f8ad39a8a1d130ed9be30aeef8021d8affdc96b2cb7b907765bea8576d2059d66373f60583aeea2b9a63d9a4554514ad704a32a87ce2d17c5e3b7634db51bde477a2a4f59bb7e2323282010e4436f5834b7549cee3dcd8bc9cea11a77d58ece7524c1dc9c5f97926e54ecdfd8fad474c25bde78b57a3a7b9b530dfb52057d0994535b8a453b35504cd9690f29190cc176bd64614b1f4f37ba84b6633a10905480f5b0f370922c6261df7b0947cdb90c401f0e14224efff83a748cf328ee30e3cc467435fc54bc02081bae95f109aef219a39fcca2f790e3fceff9278d43d9733f850dcb9d5c7b2097c7ea162a9312d3645c6783831c9ecd973f9f47ca2ed1709da411efae9a3452ea38a0d9e0d91f4c284a0075445d41aa310f0307f07075b90bf6b541b929f1d385b1af8bf625dd865687f7c3d15a8e6a29d363ffe456a0488b7a3137d3100f68428b8fd5d0f8c7d2b28f20d9db50d14e870380d0f0e499ecf9dc20628ec2145166c60809b6cbfb7cd973cb33ba4b930516244d7e37963b2277f4a914daa0e0c47a6849f76ff7fb6f185f180c432e10be95fce025a92fbec8f0e68910760a7d4fb5810c123cf8696762305948202a0f474079520c3e0a9a1d1ce92d497c151ee7f6082e6bc7457cee8a2adbe120f201296a637516fd58f1079389095226d63e15aeb7a501908c87f28b4e8c0f98d07a8c3555a46c4f867a33c470b10dabaf40c38383c4399316b1d3f418ab1df1f465c427612ff5f5f568ee39ec22b91c5efce6d2a3b3fc1cc8be2f06adbfafa2b3384f335e15e176b16c48a5944d17af56ed48e6a64f42e8d5745e5a5c5a6cd9499f534de5ca68677f9a265d852aaaf7ee5faa0cb7b1705111bc48eac3484d1a47c98bac514c7edbbb6862b318d3246da9ee4cac53bf93d389e113271b1e31e207b8a5a731cb97ad8ad542ea42ae72c7c25133e6b50cc4681987f27f4583784d4395461d569c83e8cbc6df8c230df6a8b7bd7d9b2c592b06127e5d78fa61e3c4b791b93b03048171454f1142e6b4211d56434e03d3739f2f091968c5f7eb5472760ef899651ae01120e008e73b41fda1c533dc6cb05eeb3a0993ba53d384d35caaa77a380f76ec27c3f97e19684ea871adf66edfd5f721ffa3e78192d9b8c4b1ac41f8d6cccb4140f53cfdb513795d0b1ed4cf171d753f758884d1a40c17d1344d23858786ee1a71b94511036b4c09070e9b898cedbfaa4187cbc2705dfb6e08389990ba10bfa2e0c6cbc83f9f0501770c1b4e3c5cdc43a4b942bfe9abdca57ffc14171f0f52a3e973d26d8d5852f141f26ffa3136079c90745c88d20a1c89c39810d8366786fda8010681cfa0a8113a6294fc0d255f534ee3479f535756c8413bbcd3a2e8ab91c24235f651220e3b83a47b0b2184fb74796cb567705bf2f84f2d14d84ae3f91dcfeed20a4e4e08615eefc5c37aa67857d87b88423941846128b10c7456bfbc9cf5d526afa3801d00e97a929e83667b3d32a4b183a9f4496f9b72d760d255ecf479f0ab7b0b9b2bdf9befc1f0af7bcd5bcdc8e8c84b4223112e85ab0925bc8ac5c6efbc4941551ac2807510a7084bbf8130228c3a2aae883dfd6dd3c2ebbbe3b5a0aa7605af921717cc041f6b336e0ddc6b9ef6d276fe4ea8b4b05c4ead513d52f41102e85337c38bfc6d44fabe6f513a785dd22ccae7c52c3ae045bde0fb9f6e1b2a9ab90dfcb5147822431d90e8d8d70f654af04417eec25803ee414d5aa43b0fb745fbb7277cc47130876927617b7e1aa4555d117053f1433c4a233ded1ba9ff4faf9faa1fcdbabaa061fb8e57a7613656e0524fd1c656a5f435e319172960229e5b146646372d18e62ea7a1b0ebc3af74329faa0464e1b87b34cda288e8ec8382b6f4695e1667c5dec1da3445f51bfe93597072f6f09d56a9e75b56c95cdf7cadd0cf038d40c4d6626218ba84a7c4ce59aa101cc529766d28f048b77e38e7452aa1a6a27857f9ebf3dcb298e2dde258882b08df6857c8c30efdf538feaf4dd1a79cabe6ef5c59c68880746c2391b3db79e2a6f46b08f7d81ff2cb81ac8ac2f3be6fd59716f1cd3bd66ad2aba0a6e1f5e7ed0b17086abd4c11b2fd2e508ab99edb2e898f491866cf74522a9d2a9d49f552772fa794ccfbc08647a778790465f2ec11e2b5636294e3b2367b59448aab1d5bd781aac7a99152cb799762155550633cd8b0f3f8e201b93af04309786a78446a3dae6cbd0f7968d5bad18f4c41ad05e56a84c2b940e786338656529efc615838e9264f5c566594dab70cbd2d63c409d19ea7bf7b584f8c1c6c6201cf20345a05f00a1188ef6875e2d6b8d877219d99f5094e913ac613f100c773af32bc6b8bf7ad4a9bece7f36cc254ae0884d757d3040336a40a47f2b785ffac71065a7c15ba70e8ee09008adf7292a530f6e857a297c323fc0f2e896de9c7fa16402ebbe580f999842054ee3a0e99558e8e55468b6ced9c9d2e2037c26c7de66c3b2cf65794ada488ddf1cd162bc3007cdb7d925af73aca676a1fc86805810517cab37dc3c519dbca7b8f9d7529701777f9b3a5d6b815e47d5fdb21b396e90a803bec65b6ad2d1dc8e2bb3b04a77b3e9eaeb479308a66f5d5e88280a9f03ee1320bcb5b515a427cf416ab8324d156c4446d47fbb008d894461d161106f5d54564658f991bea23ed7985d1fd43c2ff86792b3043d2b51a575148b5074fa48a7768c33ad112cb95b453f51c", 0x2000, &(0x7f0000002c00)={&(0x7f0000002c80)={0x50, 0x0, 0x3, {0x7, 0x23, 0x0, 0x20020, 0xa8, 0xd9, 0x8fc2, 0xe17}}, &(0x7f0000000140)={0x18, 0x0, 0x8, {0x3}}, &(0x7f0000000240)={0x18, 0x0, 0x8, {0xab77}}, &(0x7f0000000280)={0x18, 0x0, 0x4cd, {0x4}}, &(0x7f00000002c0)={0x18, 0x0, 0x100000001, {0x2}}, &(0x7f0000000300)={0x28, 0xfffffffffffffffe, 0xffffffff, {{0xf5, 0x839, 0x2, r2}}}, &(0x7f0000000340)={0x60, 0x0, 0x8, {{0x96e, 0x2, 0xec, 0x4, 0x9, 0x1, 0xfffffffe, 0x5d89}}}, &(0x7f00000003c0)={0x18, 0x0, 0x4000, {0x7}}, &(0x7f0000000400)={0x13, 0x0, 0xdbb1, {'!@\x00'}}, &(0x7f0000000440)={0x20, 0xffffffffffffffda, 0x3f, {0x0, 0x5}}, &(0x7f0000002580)={0x78, 0x0, 0x401, {0x1, 0x751, 0x0, {0x6, 0x9f, 0x2, 0x3, 0xfffffffffffff000, 0x3, 0x3, 0x100, 0x7fff, 0x4000, 0x401, r3, 0xffffffffffffffff, 0x80000000, 0x1f}}}, &(0x7f0000002600)={0x90, 0x0, 0x7, {0x0, 0x3, 0xee6, 0x97, 0x0, 0x3bf, {0x0, 0x6, 0x101, 0x5, 0x6, 0x3, 0x3, 0x401, 0x7, 0x4000, 0x0, 0x0, 0x0, 0x8000, 0x7f}}}, &(0x7f00000026c0)={0x80, 0x0, 0x3, [{0x0, 0xffffffffffffff0f, 0x0, 0x7}, {0x4, 0x95, 0x6, 0x3, '](:-#{'}, {0x6, 0x0, 0x7, 0x1, '![&,\xe3++'}, {0x5, 0x2, 0x0, 0x46}]}, &(0x7f0000002880)={0x158, 0x0, 0x3f, [{{0x4, 0x3, 0x2, 0x2, 0x7, 0x9, {0x6, 0x0, 0x8, 0xc68b, 0x0, 0xffffffff, 0x7, 0xfff, 0x7, 0x4000, 0xff, r4, r5, 0x81}}, {0x1, 0x810000000, 0xf, 0x9, '/dev/dri/card#\x00'}}, {{0x4, 0x1, 0x80000000, 0x5, 0x3ff, 0xff, {0x0, 0xfffffffffffff801, 0x5, 0x4, 0x8, 0x5, 0x2, 0x8, 0xffff, 0x4000, 0x5, 0xee01, 0xee00, 0x400, 0x3}}, {0x4, 0x751f, 0x2, 0x55, '^-'}}]}, &(0x7f0000002b00)={0xa0, 0x0, 0x396a, {{0x0, 0x2, 0x3e99, 0x6ca5, 0x800, 0x9, {0x0, 0x0, 0x8, 0x1dcd, 0xc221, 0x3, 0xbf843abd, 0xff, 0x1, 0x4000, 0x0, r6, r7, 0xcc, 0x5}}, {0x0, 0x5}}}, &(0x7f0000002bc0)={0x20, 0x0, 0x2, {0x99, 0x4, 0x80000000, 0x1}}})
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r11=>0x0})
close(r9)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r10, 0xc00c642d, &(0x7f0000000100)={r11})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:17 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r2 = getpid()
r3 = geteuid()
sendmsg$netlink(r1, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@cred={{0x1c, 0x1, 0x2, {r2, r3}}}], 0x20}, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r5 = getpid()
r6 = geteuid()
sendmsg$netlink(r4, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@cred={{0x1c, 0x1, 0x2, {r5, r6}}}], 0x20}, 0x0)
mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x90000, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0xbd}}, {@blksize={'blksize', 0x3d, 0x1a00}}, {@blksize}], [{@dont_measure}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@fowner_lt={'fowner<', r6}}]}})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000040), 0x8000000000007fa, 0x28e981)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r9, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r10=>0x0})
close(r8)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r9, 0xc00c642d, &(0x7f0000000100)={r10})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:17 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x547f0000, &(0x7f0000000000))

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
setsockopt$inet6_tcp_int(r2, 0x6, 0x10, &(0x7f0000000140)=0x762e, 0x4)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x408082, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r5, 0x84009422, &(0x7f0000000500)={0x0, 0x0, {0x0, @struct}, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
mount$fuse(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@blksize}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x80000001}}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x1}}], [{@seclabel}]}})
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$BTRFS_IOC_BALANCE(r5, 0x5000940c, 0x0)

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x557f0000, &(0x7f0000000000))

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:17 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101280, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x4002c2, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000240)={&(0x7f0000000200)=[0x1e1780, 0x418, 0x4, 0xfffff801, 0x8, 0x8001, 0xfad, 0x81, 0x1e9, 0xffffff00], 0xa, 0x9, 0x4, 0xc5c5, 0x1, 0x0, 0x2, {0x4, 0xf139, 0x5, 0x5, 0x1, 0x7f, 0x8, 0xaad8, 0x80, 0x200, 0x4, 0xfff0, 0x3ff, 0x100, "b813c4e92183694555c8fb14b239e7764b0d29e6040b37c5fb8e6a7968aa71ff"}})
close(r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x32, &(0x7f0000000440)=""/24, &(0x7f00000003c0)=0x18)
r7 = accept4(r0, 0x0, &(0x7f0000000300), 0x80000)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x9, 0x3, 0x3d8, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x308, 0xffffffff, 0xffffffff, 0x308, 0xffffffff, 0x3, &(0x7f0000000400), {[{{@uncond, 0x0, 0x1b0, 0x1f8, 0x0, {}, [@common=@inet=@recent1={{0x108}, {0x7a7, 0xfffffffd, 0x20, 0x1, 'syz0\x00', 0x71, [0xffffff00, 0x0, 0x0, 0xffffffff]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x4, 0xffffffff, 0x5, 'syz1\x00', {0x11}}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x9, 0x2f8d, 0x0, 0x0, '\x00', 'syz1\x00', {0x419a}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x438)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00c642d, &(0x7f0000000040)={r5})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, &(0x7f00000002c0)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
getsockopt$inet6_tcp_int(r0, 0x6, 0x18, &(0x7f0000000100), &(0x7f0000000140)=0x4)

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xf4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:17 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x567f0000, &(0x7f0000000000))

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10, 0x2}, 0x10}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x10, 0x0, 0x0, 0x40}, 0x10}}, 0x0)
ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f00000001c0)={0x8, 0x7, 0x8, 0x0, 0x0, [{{r3}, 0x3}, {{r0}, 0x8}, {{}, 0x80}, {{r4}, 0x2}, {{r0}, 0x8}, {{}, 0x74}, {{r5}, 0x1}, {{r1}, 0x10001}]})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r8=>0x0})
close(r6)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r7, 0xc00c642d, &(0x7f0000000100)={r8})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x577f0000, &(0x7f0000000000))

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0xfffffffffffffffe, 0x1)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x5, 0x401, 0x223, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000040)='macvlan0\x00')

18:12:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000040))

18:12:17 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:18 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x5c7f0000, &(0x7f0000000000))

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, 0x0, 0x0)

18:12:18 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x81000000, &(0x7f0000000000))

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, 0x0, 0x0)

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, 0x0, 0x0)

18:12:18 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x89000000, &(0x7f0000000000))

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {0x0, 0x0, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {0x0, 0x0, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:18 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {0x0, 0x0, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:18 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8cffffff, &(0x7f0000000000))

18:12:19 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, 0x0, 0x1, 0x4}}, 0x48)

18:12:19 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xc0ed0000, &(0x7f0000000000))

[ 1678.724951][T16065] FAT-fs (loop1): bogus number of reserved sectors
[ 1678.733225][T16065] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:19 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, 0x0, 0x1, 0x4}}, 0x48)

[ 1678.840846][T16065] FAT-fs (loop1): bogus number of reserved sectors
18:12:19 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, 0x0, 0x1, 0x4}}, 0x48)

[ 1678.851624][T16065] FAT-fs (loop1): Can't find a valid FAT filesystem
18:12:19 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x0, 0x4}}, 0x48)

18:12:19 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd8000000, &(0x7f0000000000))

18:12:19 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x0, 0x4}}, 0x48)

18:12:19 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd9000000, &(0x7f0000000000))

18:12:19 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x0, 0x4}}, 0x48)

18:12:20 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xda000000, &(0x7f0000000000))

18:12:20 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1}}, 0x48)

18:12:20 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1}}, 0x48)

18:12:20 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xf6ffffff, &(0x7f0000000000))

18:12:20 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1}}, 0x48)

18:12:20 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xf9fdffff, &(0x7f0000000000))

18:12:20 executing program 2:
r0 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r1 = openat$ndctl0(0xffffffffffffff9c, &(0x7f00000001c0), 0x800000, 0x0)
r2 = openat(r1, &(0x7f0000000000)='./file0\x00', 0x4000, 0x60)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000280), 0x402401, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000140)={0x0, 0x0, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r7, 0xc00464c9, &(0x7f0000000080)={r8})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r6, 0xc01064c7, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0]})
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r1, 0xc00464c9, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r9=>0x0})
close(r4)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00c642d, &(0x7f0000000100)={r9})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r2})

18:12:20 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfeffffff, &(0x7f0000000000))

18:12:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x40000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000001c0)={0x4, 0x9, 0x1f})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
r5 = socket$unix(0x1, 0x2, 0x0)
r6 = openat$hpet(0xffffffffffffff9c, &(0x7f00000018c0), 0x8081, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
sendmsg$unix(r5, &(0x7f0000001940)={&(0x7f0000000200)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001800)=[{&(0x7f0000000280)="328a2bb4ac09ceaaee9ed7c1a5c7bc4259a3fdeafce37080db07d63a35c35a9c9a27769d59c118ba049f94a76057e595063b3caf6113b49173b2f284d53080b74f9b4d4e3c7f206c5703bbd9d72d4a071f07", 0x52}, {&(0x7f0000000300)="abd65846ee6ed2fc51f98c35e96b1e1875f29ce042e272b02528e97c4dc726d5b7fa3da3dddb35de545adab99e09b69e89075be7f89aae5f031d44e2e293d291a642cb1925eda4411299b040ae8f0b8a3d2d2491bf47fee7f846fe7ae865941d5b5396a5b8ab13b51d7d3cf860db50dc913aef2b7fed2fdbf91eb63663ed09037a8719524c1602051b47e1ee5dba9e352327386dd63ab642ef3127b157067bcd7b950ecc8857450516bb4116f35b9b0a1c2331dae74d14b60db3999b9e4c38fdee823a95c0c1176b785d2eedfbdc621a7845b0a789eb45ff1b9c4ad7742f8c10f73edf9ef649284eba", 0xe9}, {&(0x7f0000000400)="ccd867bf2d8649647e27", 0xa}, {&(0x7f0000000440)="7890bc6f34bcd64629ac9fe2a08e727c28081a11d082d81328943a3bb19427dba85e3a0fbd12b30a0524ae31b6687c469acd7f7751e9fa91957b0bb71bd3c9a6f9ce0538b41d4e3443ef8c424551e7d05d2553c3339210c7", 0x58}, {&(0x7f0000000500)="e68545392af92e26151b97266ad5600926d905fed6c7da71b23cae400f3070338990cbff5badb8d768539f5089966521a0bb2e8b7bee15a797186be2d65678a39b9caabc13b1e56b1a97874a76390d047171761c072a7567b749f071f08f0488d18e875681dbb78792fb04533fb6b8f623372d72ed6887f0636f31a3c83428489776de1e3a8423c59774f163eb5d5cb7090553c2020cb034b6c4f0c67bcca4b6793a75a81024f523ed6c1d8bbc1e9586042babb1ceaaab1be823e1c5a4f1174a77a446552fbe81ac17fbcc654893039b1076e75882784286b0ad16d3ccc509c342d916bf61dca009bc27b2fcaf22092efe3cf004495e496a5286f09d6ea09b", 0xff}, {&(0x7f0000000600)="1d7f32d87c2c55a21d3ee61f40b76db9829632b62e189133340c18", 0x1b}, {&(0x7f0000000640)="eb988a2a26bf442739d811663a4cd44d0ebe6f2059356756e01ff12857e57d5dbb4f1a31a9bfd1f83b69aa1225a16f9e913fdebd55c3f194fa2621c4789bcbcd4b6f596e6206a45ecc4b664bc48735bc33e544a4d4bed31862e3d8968d2fe238e453122690a49eeade6c73ab2be286755e9a7cfa651c73808036a9148b24cb32f1c04842f42abe073a31926b5b8a992c0dbf408c63513ae87e897639aeeef87cd418e2b96467464a672121cf47df86d70c8e0fbeb35dac7d897a1644abf83a8d87567503f4cd4fb7b63dbd0e12ab63000d6a28d08381e66ce223e6df83f88787558a83497dd91ab89e0e5d37c61b407d94d68e99a73af28dfcd77a30667a5a7c6902e15e3f91f13ed5a4e73e123db5e6595414d0c5f43fbb7822d3a3fbb6588b69e288151a283ba00afe6d266c4771bfa20d36eb8ece13952ccd7a710ceea05623d67908b684ea06af924c8c99d8a4f1a6516d2f363c77579a7a8c767c35babe4cffe49f528c953b6b0133612cf25082f313de8d15a64c36024a4f4902a385221109578fab4b878e170780204e99283ca468dc4f6d699175502ba283fa60126bbb9416c2671bd8cce483dcb5f066e51cb3018bd021eb58a9b999c4ea0470271d4eeaad4a43d62344f17ade01a208b04492da19780fa401057ba60439dbb761dd3b821238f479a4d4d9ffafa3fd197e8bb3013b51f428f502dc7fd40228de66b721da2cbe5829e70a89c93dc3c46a166af2505a63d68218a2ebec77b3041c01f7c0701476ad65fefbe22b1f82c604e457c75ae6d27463928e26fb9cdcc6073abadbc08d68c30bfa6837490b60914da50e0fa66dacbfe59c7c3ae39f64934e7b908a307b94ef7a64b02face1c6c35183c97dbc1f3dd5bae2755b5d2a8a46a94f0cd10e44874de69e87a0ad5c75ea71411662efc7ac539ddf82b439cbf8bc1a6674abfdd63f5512c85dc0b776670a301d45500039ea803a333bb0bc1969e4d29fc96fc6281c74bfd637152c44efcc8be586b8cae41366b657a37a9b8f69256d3aa204da1d0da2ceac3b370e1160c374e46f9c7b0f76892f62235d4f395d91f69653a495ba9fb93a725c24fd4f1be1aeb672463198df1c05a670849f0de8bcfff79dc168534f302639cedfa9fb8a5e671c0e62e84197f793d2e01fc90ba37b4d8c3ae14ba363ab8e1c319d843362f70785ce906a5934a3b699f73fb27a72dbebc90e10f004ac3db02372202222b1a24835d4e59f0141892e35dcd30350dc7c1bddecab05d13a66115aed74c88396d1b868f21908f9d356617bcb551a1e68638bc865eddbf87e313da48f1401c564d0610c0cc5192c0d7bcd6963d84d2ef39dc5ee6a44349f8b7615769e3ce31d455b345592dc4e543ec2c1f6d8816575479251adf7900f59905fee446fabfabcdd034ea9de0ae12a8a773443fc66da910cc0d6df9f04b23d769162fc46a7390429c476134a542f66db8b12e32cf6e8e7538b08cc045df47cdbb6404997eb63a0aff06c438a77dae063f3312cb474e4e3d641c0455790752036109c67abe0ce6c09bcfad8403b1c9d988ca091f9b171865b415dbea6a8bd29b25e8ac122c07d763fddf156bc5e6a53da2f56520f5f98d626cea340f545f915aea6872a1808f38516e16172a44791d7469ef89f81e910a44a9e0c7244b2a670bddf50c9b315617ab0b6089ad70b5a88b763ceb9df73b46658b34cf2963d41ae1b87e07e9910b913f145208e6b2664727545598bd1fc676e64efab4127a121d6a22461499686ddda60b8d4680fe657bcad2d3e70f9a877f378f76ac255dbe1207f9d409204b4dd429c3cdd1b2f9f3d9cbdb1c59dac02c1a3e9fc634083107c4bda9b6149f9583bd7b4de708e84ce4207e2920ee4c3337bccc61d2b0e486594e883319f6c63c28644a64a2530e1d2a0ebaa6572c0c4fb192cfeff534d7dd6f5bc56d3fffdb5f6008c670af7d005d8419c46b804fb46c2ce66323ed58e1725b2b98400682432b85a22358eeab1a2dd86900c4179684ae1139601636e9b54f0ebf483d4ba2a3d051c739c5123da03af0cdb1474794809668fd4559b7f16aac80f07c6678640da01966608a1e821d7353e82384abdbd519c6096900c220d3970f89ed886a046ff9a7ffd3f1d589e5a2f9af52c03a02c9eb0a5453dec803955ebdfd5edead2ce85fa6edbc4da0477886f08ee9c4d06a36a51e2d1df612b4860633fc913d32863da902007fe1e52f61cd165ba0e9c913aca5fce826a068c681f9428d366d0d77d8fbeef58d014c70a18298f1f5fb8749cd33e5493057d29c5349310167d0d62b867fe0043f074139da1ac3cd04869b62bf49ede54186fd7fb2ef9541c5386019ce7a9637e569e825f06f20515adb52c1d99169b3064f6d3424218febca1a8a82548184e1c53fb3caed6708d83812466b3dbae8b77b4f90fc983c0d8bf399e359c0886dccfb147f23c75151cea361cb9969f72d8bc34abe1dd66d04aec29c074d6c545227778f27fc654cb483e3cd126212f0f3ec99c4b8f9c5101a058d57ccd5441002b55fc45865845b0739639bca4b1413960c78f10cc9ab4ca1e24767ccba0b42465d416ffef966ec4d6b40f6d5efa6042fe84f6aa5f79973ea707df70e528c0a7392f3b3f6e9c4f7650d500a541d02606b168503bd71ce6f9490fbc9f4a7951b080f0cfe39859657230cec842ab0ebb28a1e94053b496ae1ef8176ca9b2b0842f75933389fe5cca700137af616ac5cf6276299b82adcac59ada89474d2290e0205a427b8926b515e204a82114686d2062454c1ca648ba84cc2de45680221caadb3bf282abca15a1c45d1e773e9a7b5ed7ec0e0e87d6096128cea0ea9f41eb4efa940d4b1f5d84bbec60572ea228beb8d9db23dbe68dd4b73fbfcb13f7fb63264c82db1abf26934b5eddb4cc4ec5d7bbd1d481f17b5c302054b839fdc0fc7eb3d7a069687731a3cff34c566f34391c3c15bbf6e1380d29076663af3bafb35d94df403da14e48baa93234d30b809c84d865ed771bbb79c4872e4c3ec0d373c6cb94e2764255b25f8cefe8e55cc343b5ca34815f52fb2bf9bca53b44a1f1a6859edb30a008924ad16713d906b3fde47c1052b1e099bff11df0f343680786dffa83bebb463e628dc5f355ba3a41bceaf5ce34b35fbfa44f5a4925f981b684cdd06c20a535c12f43ea66c09d754d0dab16ba892f54625aa7f80ef6e1b1a479da8124c15543ad90e6dcfc673d7c5517bcda02ea2af8041f61a09cb9a802ffd6c871d706f52f1e1894644545c340ef79aad612b2c436d52a88a953241d175201eace5d97a186c9e3b8d2453c3fee56b7569cf08b94d4144a5597731adf7616e40aff625f8c33e860ff61f450a49f8061d0e36cd3a9dc8931eb99bc498a0950d8d5de8404bbe9bca114be75fbc485fa6484b5002b5b71870eef6729aa135e622863f8d93008975f429199bd935a4ab1ffeb07c89c60264a670ce1100f1bb9769825a5244981ec1f085b409440c9440d4956050035270c81157f73bf3d6476da8c353ca64e25824258fdb5cc79f4c2c4619288f90d0ae58976c6f1085fd8091f00be3045301c62dd60b672690f2d90120f3ea9e49aeaf0c65a5bac77d7f085c978a79cfb5c2da5822ad47682a062ca166844e8d31c5312d566d21930722a1ac1119555b24ea446e29f402a6eb1429555ed7d49a54aa6af0e9fed19fa14dd298d97a3a5968599e0f372ce1084d4710d193fa2c2d83d8367197534b6a1b41bb7967cc5f72fefaec49bb0c437f799fd565716af90b05986ac6519d235132d35c246f6e3378da094c4e8b8b2bf5a760182929b45a00e9526e9cf6c6b9900204295f9655d80e608da02759322b51344e32639131cfe0b11c09da899cce36ee17e8917810f2299e3ab696134740c62a722c1391e41ff7027ae777e6e51ba5a08bd95b36be7316429ae1278d3482d05e1658b07047dce83f711b622cf7ea765ad783416f109c2689fe1295353204e0131113241b46d76d1aebced4ad2851d9c7c21184ee338b00979521442195038dacde878276d2850dfe1a206a089984e204f62e70f2f6fa20afa8e543ff57bea81389032414a72a58fc17e9d0055126aca2cd771e4e1b07ac9ce6ca180add979fc65f50b314153d7a9f32683ef235a185b15b0505842e40d2851e04f901dec1772521b8b7a9c93d3c32275a90e3e5026da39ec18669d9aa7ff9ac80e4acfce60eaa4c0c2f7ca48ca5490e46434612ddeff9e4d34ff0ef2a103c6fb7d3ebd5742de336779ee9c370f4df5543278509b9eb7760584e99d161b2f79bf0dba0f070f4db4526e959f72afcec450f87a85b5583d209bdc242caaa11804e430be7d0f12e72ef2857e6df60af790ab633ed3c6df8c65a8ecbe76f013c5f731ff4648875297903fe679e16c31be135edb8b080b5998b2d70878e69d6d80fb44806757fb025e4ddf75f74ed9533cf5ea55af9ba1f3c172bd5aabe9e76d02bd6701c8d4cc950a2df6edd929c984971ce1420852c70aec267fb61dc79605254e3a08232f4ec8c99eab053dd58b8958ce01eeee7d37e62c4f7ca9231e412a595d02681bdc4ed4fb4b470657095f73e48202e1847f857014055c563fbcc178b903557f14f8982477fcf4a54aaf9ea3fb8973609711f26a6f13f5ad6fd1d3c4afe2b93deb2b10f515b8f898202e3d25b056638f7a26a908308f494cd3f31f59b7a9c7c68b9d3ac99d2146d4f0412bb5b3d8a28dc98b607ef366b80a078d8f90eda3fa0d98b3df2986ae27e20a0076613b736faf6d9703e15a5526f2516112d05b6c25d7afd336103bfd3dde0cf5b4206591b2664fe5fe61afd682f667001042f21e1e3ea8cfeaa225d2a4ff0e1860b91cbfaab2d34df268112c4544d112dad2fde931235c598ba1d7d59ea723451776e7c854db92bc7e6f172c86ba35ac779683e72341e36a67b81fbc82bef496c4d1ecd8fb02be2e471801d2bd2ce7088428415124828f5ef981d50a118d9892946b6ce08744a36f11f43a284c4de82ebcc6f5dbd8037e832964bd8b9f704903a597e7248cc87b3c51ea2f01d05f35bbd63dc07864ae5e488693adf05241161cbd74e99b0efb27b87b3967ea5545e3e2e22e7cae56e14a21cd3fb15bdfa6a63f9ddd8542d5725d3351979f8c33117f211ba6dafb8129bf75a75095adc4bc92c410e195ab65a05c642c7330d6da610ab697cc2549c270e45ff8e690a25c00635e0b07d29e825d126fae7608cdbe6375fe2c25b04dbff0fa5aa08af95113bf253d4498e65cc5bd2b67b32353aedd178dc1b398722c48bc338ebeddbcf7a17d080fffb48c6e3cd2dc845d292add172da7db03c68e53d9c3d78ac35246f7c09755b18c1b4523942dd55668e6a855c12e552f98bab9a7e9aa74f237db93e52d8a2274b71595f6cac681b66a55b33934c28e8b2dfef4ea8da8a5ca114c3577082769952ebbc0c25ae92de4b99b99094792fed89577773e1b22f4c0ddf3365c909ff58286deb7f00fedf23c8c3c53a6084f787a034dc03f80c19e6e29674f98245440bc46ccfc3e8afb4f697ed7e0dff998afb21dc78b5c71f13d972ec99577abcaa3366c4aa5c7d68cfb45ddec4d48ac648ef3eef8aaccab1a10f29835252fafc963eb5f68981ffc2d88fd3cfbdf20446420380d9f050c3474906178ee21918cea0c42e11829249398a231ef6eb33fed087e1851f2d3aaade5a1c62683fbcfdc2546079420863905ac11caf3d57f8b3b91a92f848a047746f08760f740bb46fce5736ca580820d827c66f2614e07", 0x1000}, {&(0x7f0000001640)="379a0b3bfdb837ad31e96e8a1235f72858525d19d6efed4cd6ece3121ff3a3ef30edbe700ce445e94727668ea5aa97df2592430257fe83be9205b4181b83a979ceb1487bb990f48d701ba049c7f21652531d11eb724c07fcfdef5859681ff85a0f16fa", 0x63}, {&(0x7f00000016c0)="ece944d5fd2bc8332110b56c260663995798a9b9d195b3eabd8ead8564e8f8fba821aec9848e472def53a32bd0733b803f094e628938c258412fea7f913a631949bca32f4ed2a8a3dcd629311aa24a6bac90d9bcd5a9c5fbf397a1a30f0662ec94", 0x61}, {&(0x7f0000001740)="188010103f5066892024905507bf54503c2f50ba325224722c456d452a0007b155ed26924b61ceedc86ae6c93471583a834bef995d89a6260417accbcab50a25cf1d45a997a972374f97a9398b13328e12996729639f045c19ec6dafb3c5d7993f2909df8af8a1bd090393a1121a40b00d0ee466d8ec0ebe4cfca941a8f7b0c9e047fe490dccee85c7de7183567543db705483fcb5a5de811b06", 0x9a}], 0xa, &(0x7f0000001900)=[@rights={{0x34, 0x1, 0x1, [r0, r6, r0, r7, r2, r0, r0, r8, 0xffffffffffffffff]}}], 0x38}, 0x4000080)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
fsetxattr$security_selinux(r0, &(0x7f0000000040), &(0x7f0000000140)='system_u:object_r:iptables_conf_t:s0\x00', 0x25, 0x2)

[ 1680.540048][   T38] audit: type=1400 audit(1638036741.064:1646): avc:  denied  { relabelfrom } for  pid=16095 comm="syz-executor.2" name="UNIX" dev="sockfs" ino=168814 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1680.540079][T16096] SELinux:  Context system_u:object_r:iptables_conf_t:s0 is not valid (left unmapped).
[ 1680.626353][   T38] audit: type=1400 audit(1638036741.064:1647): avc:  denied  { relabelto } for  pid=16095 comm="syz-executor.2" name="UNIX" dev="sockfs" ino=168814 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=unix_dgram_socket permissive=1 trawcon="system_u:object_r:iptables_conf_t:s0"
18:12:21 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x0, 0x4}}, 0x48)

18:12:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000040))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000140)={r4})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:21 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xff000000, &(0x7f0000000000))

18:12:21 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000040))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000140)={r4})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r6 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r6, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x200002, 0x40)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD(r5, 0xc01064c1, &(0x7f0000000040)={0x0, 0x1, r6})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r7 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000200)={0x3ff, 0x9, 0x101})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:21 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, 0x0, 0x0)

18:12:21 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xff0f0000, &(0x7f0000000000))

18:12:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f00000002c0)={0x8})
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
setxattr$incfs_id(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240), &(0x7f0000000280)={'0000000000000000000000000000000', 0x31}, 0x20, 0x2)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000001c0)={&(0x7f0000000300)=[0x0], 0x1, 0xff, 0x101, 0x1cc, 0x200, 0x100, 0xfa, {0xc98f, 0x9, 0xdaff, 0x0, 0x7, 0x7, 0x23, 0x8, 0x3f, 0xfff, 0x9, 0xfffb, 0x1f50, 0x60000, "61802f3bd0131e9a50feefbc4410151d79725996d7b83c89323f21ec9601785b"}})

18:12:21 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:21 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfffdffff, &(0x7f0000000000))

18:12:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
splice(r0, &(0x7f0000000040)=0x8, r5, &(0x7f0000000140)=0x9, 0x1000, 0x3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:22 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfffffdf9, &(0x7f0000000000))

18:12:22 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
r2 = getpgrp(0xffffffffffffffff)
fstat(r0, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000002740)={{{@in6=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@private1}, 0x0, @in=@empty}}, &(0x7f0000000480)=0xe8)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000002840)={{0x1, 0x1, 0x18, r0, {0x0, <r5=>0xffffffffffffffff}}, './file0\x00'})
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000002a00)=<r6=>0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000002a40)='./file0\x00', &(0x7f0000002a80)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x4000)
syz_fuse_handle_req(r1, &(0x7f0000000500)="f98ce06a10d1e47ff14ef7d14b8b0e1573ffbb92a5288c7ee35464670f94c68467cd1bc1f4ea08514cfc4150bf8fa496244a3dfff9474327e98f9d4f8b08884db02a43febace1142eae5bcb9707edef4dae46071d940d23d95233c6cb8f24612d9ea5283394d35559c72b868eba2f00fef9c3213c585c6daea733f65c4bbb3eee91fce0af20a0a6d1c9c01b3f9d348b1c5cdaace462be06968dca613904d9296f8fd5c98e356eb4ee9db9e2a385e99b6a3a58b84b66ab1828340769c02e4524369d6d7f0c08ad3fab3e30f947ba1570e724b293cc6311b3d74805677254ea57ccf0392ae2fdd01641d21a903e75486c07165f8c9f36611e3f820c7b6f6b9b32afe8d7c90ce34c16d15986c77f5d98ead5f4c2df9493821c5624ed13f12cece9b8517653bc8fff34e4390f9ff1a5d6f6a14e99f7139e2d1d0227e4cebfa8c87ca38dba637096a30ec6b84d22d321d70038667b9e838193d56b77a11cdf465b3368df541b0331c47bde8fd0780e0076096f9e8a8b5fd60095d5e8638c864bc00f406f894e75ff61961e2f557f6d4abc2cf95ee99694b7ef69c0da7f238be930240b0ca5e15f511708a07f3e8bfff1a4c1d2d480540c978250a476b997aac594f4b12780b9e9771878c1a81aa0c18eeca7921fa7a3584fecd0df331444b9cf324d471345cb55b64aa9c79d37bf00ddaf5949396b4fcbef1433a3364fde1b3fc263437dfb1d46226a73d5d6179801cea0ca862f4bab0a7e8d54cd22bb4ca456d46870bfff80d23157ba563b71e98ef7dc424460d20f92812cf7259459c8a9b41627d04e871ef19555f8ecd1332cd73e83b006caad4cc89c7104b2a0b3857d69c516a8f66d2cab91d992ea5af4c5c59037a26364887e6d9bf9a2b124c651715a78bc76414a99c9f06b2555a9fd7f8580852243f43f88e2ea31e03f17f44e2ff5df973f9d8ed53385cc1e182c96162b69d87dc24113b3756c74f06ad4360a1b2452d26087fcc3f8efecdc27c00d4851d9c683fe7458bd1235d4b72ff5ae76ec7cbdcb499ef056d3f8f6ce9a9f4e43d1ee5a5e9a11c02a2e13bce13781fe60c3da070ee92f02e9753a9402c15d18f353f4cb2cadac363683e14a82a7dd4fe7b656f2e767e3ae57b3b7be2892fe2c02f6c9c7cb9d3353bbe3e3f52ef25b92f43e794fa9327d8bc4fd62a76ed94024984df2101d3e2fdb265562a3958af94ca28872713398de83aa2004a3426e497832e316549b0b7bd601c03dbe3fb7d76ee5e2b289fff3e9b8450e5cc0dddbb0b4c7f748511a0b10485e37e71d6d5d4a68bd184e0d38b00e57a01f95e8f8987c3ac760070607fdab3c1266d76b3785c939756c769d314d165c16e539d853803b5c441a812db260eb035c9a0985c2c48b5c938411d916e377c2cebc83dbf2d675651bc1a8a9b72a2325950ec362c79919c2ca3d1212556b3ff31f8b451c5d50661dfe5278abd9e379731f80f78b48898af4c3b8e8e97c542e562fad9c6a1c3ac28e017692fe94f71f96f6a790988d5ba742d5c239171eeed2feb9623e9dbccc2a1aa3d1ddd298e29dbd57a411a64aa5191e4fc81065638b394d1148bfd6897b92815e61294cf762e4899e28ad69707529862c99b77ec55afafca84317e8046b39b0fdedcef4ce50d5e95ad62b53f67235895e8c0d702168923f39f39de00a4e80674febac0e03f35d4b104c909aaba95bf1b831351daf0e6ad7e7a4306a45827a8eff059428f0a5d594c9a2eeec9978568cdd9e833da403ab84dd5d052eeb6cb1fad21419442d0b22f0a5b8ee640b0adac39501913fd944b908692adad18ae43f3ffe34058fe4a68ef3687c0045873196702922a54b0c61d03d7bff6dd3a31886d346ad8f7cd7f0bceb686572538a01d9397a7e346e3833f7666aff9e6f232ca9eb24c41c87a120af0d2ccd2f2fc54eba9aee8dd8ecbbb7f5873282482477a7be0c7244833d030fc16fc0f293428e66bb8a47a56400a4db014c3d55d6c5fc7e912c8ce651830bf8beb6e09c3846da600e2dff773d78373becaae6cd7d9a2d36a6cdd7509c1aae4133b884aca7236b038b22efc26cef96e287076b24ffd308e5118ed4ce85d0291ad46c98155270222cf16061a19f942cea5e1aa32673bcc85a2d1e8425efad48b44c09bcc47a727c25c57f13201141f42b62d3104ba1e70c873592239c07992d8480cb6f30861267441da49c64c146dd0af295e8a25453c5c29dda8aaa5067abe7753cd7757530983e651a676886a6605fb37b97ec41752a0f76f4fb1317eb986b598c752e6256084cff641836d671e2e123ce9871e98c703b5cb8fd5729b2c0253b05082a1d90ae029c81c55b3dff913155e11d5d6caf8d40e4ccf0daa3f907b46207e3ddee642193b166feb5fd7061eef768291f29f503048aa20fcd49d65ad4f9345f0863c83f4644e695e7b60fa5e79e55014483209f0d84e994190f54428b6c2520188e7048227b3e189c4d5b2b14177cbfaffd66db5bedff5e30a65de4f2c3a8e0de7a7a2efdd38b9a81961115dae3860d4aa474b10c9d156acf2e15354176831fa0d64d805888fdc368b9b697985c686fafaadb94e1d31cba309dc1eca2afcc48c79eeddc1c4f6b791de7f46b577c4299dc94509d5a39373e70bca3a18350693476505c7ff4c30bf68c42f1304163c2b7500fed3a378ceda81db6bb1861e49c4aa8b760be16ab85db92922614a062a704760db0a934d5e32f44d815f04e1cce469fb0f6b1668a5f3b3548ec2d0f2adcf7723d1190cb7ed62b1b3dae9110fc2425483eff33bd9f692fd8b9f59e505c2bc6972ceb6ffd42b73b1924b90f67475f57948701875a97cc9ef829a43f53c7997b06ee7aeee94ef8247a1f4953d9daf808e7e6d7d6d989dd669ba8dd89d1adba766e68a7a0d5cbbadc369c445259837822a47e1f783c2f7cd7c7bec507cc58d1a80f83df3291d76dcc5938d2d16c04e48dc21fccf8964244be49c4baac4acd42e2cc845747f92ac39168cb20b8b7612917044f108652c94c674fb2a0df145670a4d65d5cd3b596f6a80e257075b10cd3033d62673157dc1952796483b61b07cd4eaefc8d235bf136302c0a4e1d99ed3a2c89a695ff1e5f3d4ba5eb3865a3c9b4ba8804eaf6285b85725310e147868b900b59d8355e903f971cf18d209fc4df84960ec4bf2a90668cb0598b7a2ac9656455d437caee0c8f08126918b5fa655864bcb44404526c1798a732f13168a15bbb67597b000ea0404dae21ea81384b41f41732dce9dc518b89aaa06203b27315fcb2da26a7edf5bc51928236322bf0ae94bca5c50d1d0d25c395d71bf14063e178fa268fdbf1addffffa09a463f6e8e8b4947b38fb28e695a0755497b9bd7ff3be116d36b3451b74c5552779d0fbac3d6e73bb88f01d1368241b8564f7f2459776218b13eda55ca36a5f61b4cd08c2297c82ae09074904648649e04b413655d75094dd9cc89972c76a54182075a589ec7706c0ea33f028558dadf8599ccbc61cfe2b0ad484dfc9344211b5444122bb4942e00b47126ceb7dd7b4c3bc959274511a2d5d7f82c5d616422f527fa02a9d7079ea5394d0ffb3efbe5cfa7f08f407239ef46daaf56aeccb52cdf02f2e30837e532da46b0bdb8d866b58dbd08b92246f673c462210a76bbabb6264a5f0541eaedc93dfc596a530bce77ab74b45a9734ff62933b75c67a4d9b4cbbf8b5b55180d5c8fd8a16eb54095f47a1952f84dc1e0e19c7b530fd4b2c3fc3c1e32218b5b2a6a1c8a04e78910c6410be17bdc2a8f146012e1cb013c4c903ffbca4a6cc44b273f85b56a468f8cba6fb3983496291da6b74ea27b01ad9b5922d01e9ae78bf398ca1d2924d4c1c44658d31f38d92d16b2f38b55d17096c974bccd60a938a12236c1d48867b83a76bfec504735ca023f9e5c705262786a48f4c051195762b0aa41afb929da92dec70c566e39909d3a07c7acf380f983ef4ee13b644822e4bcbdbbee26f948a12db6623db5ded166a4cc2389bd05d9c9ac0b14936cd60c605071b9057601054cb11df87b04edded0c9b982f4a0cb9aa3932438cf50837d35aaf1d7fcba7d4819c87f3d80f7cce0e3fca0c374b5fae8b01f058e341654aa8b438fc5f81479652f51504c7eacae21f4a49147dd444321e2dd457268d33223a7ccc913c105d7fee80e5200261717cb9ad0a5c4116605816be45f8cb47967fc3b7f01c24b32779da3f8333bce8767c858677fa1ba2753dc79e046899b805ce034756a7526bf0445ee840eed80322268ab7e3898584ce8760d04edd11f4e15044e8c3bbc10fa8959ab8cdedf4eb09c5a8dc887fae67d45f274159631506e8eaf3627267ede6dedc4e9ac44cc9f33bdd4feaad9bbe6e90b8e286a520883f30a200421fe0f0384f41846a519e2c967297baee4b18be662e583cb12d76027cd849df96e4a236d58359c9a6782d295c9cf9c614cde90cc6a6562b2f683c1fb7116eb21777b03f1191106b44d9570e71ff6e03cbfb2f6f23e469a1c8b1c0baed352ae7603436ddbbd09d9d7139a2ced201e87dd1b1ccf4cf4cd24568ce816cbe5926310a2ddf243fa176446ac8a43f6ddcc503a0d5ff36eb685876256cc3f77ecc99953a391e9ce342c3b658ab687958cfc290ac389ca98187a05823b244ee95a7c8f2ce6a5781e1da73ef599cf5d84a782ab2d5c32e30ab3759b0746d5f1af5d5b73e6816152180f921ac4385bff047fa757dc4cda19fa244f5e6ba320f199ffece68610e19b807f40b3b89f2a3e68cb28c42243b04a7f65f77c728fa9ea33d2be9c2c49265145103d8862922f2dce515e11d7f135e726fe41b98be948ce46ddeca4592f08bcb7c5a316806968c187da528d9fed9af4b0f6e2eaa2cf5238edbd1c5740ae68c86d0333834b3a8387008cb233683f86481ea757ad7cfb5c597d709d5422cee31989ba4cd6fcd5ca691e88d6766fc17642a84ee2c7834c3abe6a5b7847a3c9c35817d82ba4e8c2a33aec160ebe3de4fb6f2e01661f18ab0d2f6ad7b093f5d3e74ac060076213e43b5a55f116075fc2bab6ee139f1323451683c6ec93be2a3f1e7e15824129833a72a4891725a3eb66331b797bec1c0b0ac1f77f515febdd36c200c90e6a3de26a90b133bc588864cea949e878f55dc8a660398c7dcf67406dffc14508cfa2f9515ef89ac03d4c54b4440cce9b12a19df8c38f8c5d009438fe70044514b32b65d0b5e801f4b2db5f22eaffa5c353db80e271fcb4820a66af9decae89a50f399fccb22b900728bb3bf23a5f2b52970ea6129aab54851abb91a262f3904433f214ffddf2134d1d0e91015fbf73ff2cffdd70a7c5ea2573f7eddac5675bc955a70518cd11ce514bb50756b0c5965e72483ff4ce421e3eb484c18152d72c27db3d22a2c7ea5f795f8dbf12a3344f9d946dfefbfb073fe85436ba3dc50eb0f587e5cfad990d51834cddcb7a227d349b09b3804f69fa9142a079577d4ff15f95a741a6c19257747b8a5abf56f15a194303ec6916a97a0bb04b757f0a46b7579fb7eae797f3f4d10f18fcc38340fa84ca93c6e9df530e45f64413cdc6065c1c60b5d6e9f9f7c7ff23b4dce113087a2894731ede86c24fd7eeeb38ec30be6b7ee6770c7aab20eab7ed463caa6fe86c04711181b949a6f60e4e93550452438f6f58daf990d530690ca2a6f2bcd79989e1d20dcfdb5dce14c00fe1663d99be17852705bd6946422fa04cb303e588df766e4eb408766741aadeeab88c63701f2dc8d9e1bd82b38bdedec0722cb447c9717e73d548388f0c455afccd825ca22c2cfe8c748133b9650990166eb3f820707d4d93cd0b31fa6c0358d9daf0978ed24a55603fe276238a5610aff0de6e52ec7df2c5a4cfeca3f0fd2f351f803e96a1c1ca10b527d094610f7b21c7ab4829c124daf6a2eb300e1bbae174cd332bd201567cc5f426f16c83dc157baa3f79f0e17fc7f88cb0d1abe167295f1f8213a313d17892c265897f47f60c30775007957aa6e464444fb2dae4ad588754969aaa213d64c4241ae3183241c63b9af809486f121a720a68f26464bcc60d46efe13cdbee9ea50d63908145c01982eb4089189953dad902869feb3306a1aaa362a1c227592b7d7853c52892d1a207a5e47eadcf4a705fd897c01d6ed063f98c03df174b59b5b265fa4816712f9277fb6e83bc51a01c1b8c4201db8f5f3f040e5c9ecd97dc46a34ad223ff1c3a64948ed24758446898c7b87fe744659884d524b25fc13a08a5ddf2d772b49e40668ec2ce92d1dae16f6e7ea413cbab90e7cf5871d90d28821a62dc6298c90b7d4e3e5288bd5e5f35f1868974766b57151eb5f4f1acc9f231157f4a2382640365d2b3b9cee9150d2d247c8f2b7c32e953b657b5e66a4e5cd2369c4f3bd7a6dfb5bc71741819db94a608088b0dfa362688481a5f58be0fa48b82c058e462ea3c63e07aea27f2f9a6f47301c3dbfa62d11dbf04cbd7714784084a51e57d31c0c5fae3e7d74dc28a3e3bda4d0f319d7c2e9120355cba46b22d3e934b49797d00866b831aec48eb68a12d3bb3824148062b413f83de390831c3e6d721d8e59853fb2f9bf217e3d56e44061afaabb1397599fb251d10f24266761d328a753b2373133468f6f1e90a2932b88c7b162b567f09f93d34011f60cf0ec97dd3ffb26d88d53ba7568350a2597a7625e76e1e6cf4dc6447292eea079f98a4a63168ff9800b167b51f9463549937e4f6ca4f26d77351329af243e8658ae6d73dd9945fcfdd3254757df2fe102b6327c8d9777f39f361c13a89b4affa1b32117bfc3f8c6a7e123bf3e249d9599f7f7c840f812a90444155b3000d0dcb06db1f8735674d5b3268ed5e2654c36cfbee687c9e919858167e1e72487e61e7f3b7a2fffe67f259cfcde4dcbb3d55f2b5d437b0adb44bdde1bd4c78c9facd75b7574fc2392722d29dc644c41ac457519195aebfd9a868c0cb5a9cca4f54c9b60cb76f73835e60d9dc573bf2db019f9011b0e66d1b2245589253872df50ad1004582f86af2655e31c7ae9c61389294cbc26f2ad4fa26019decd8144fb5a3121e4a25c11960b9920d793f3108d5fb76425bf8316c5ea150340d99463cd9d1e4248ea1ddc2f991b1eb65c3c7b15db0d6ca306c4635bc7db81b6b7e2a23ddefdc0b48ad8d8aa53c00484570bfff8d1261fe49512397f560b5f7c18330e1f8e3f6935bd094fbce23039ea3aa24196ccee612d823ff9c1650e37034961f35041ccf01c9ce1504bbca794f27dc3a9ff660984d8ca9bfab8afc5228705805ff3c13eb55974156f8099217261a45adc752e1edb71cbbca5186151185a3ab85598ff235aed5a9dff0a546ea3986c64e84a19d2743e43881bc82c4fbdd086d87714f855851bd404421b6849f45df0dd6920a3de649b172beabfd33bd646d08de103f71aad69fa9364caddfbe55890c740667a98880624040cbc511f317a764545e29c84decb8692acbe189d4c35742024d3ec2dc1d67372e58d924f830e55ef10bc27d21a5c8f9da1a357edb40f0a72570b73e923585cec374f8b3990514a9c7d92e7729f196edf75500f508b6b9394840865c388fdb40d75f3af50a86efd645165d553460f9af61d9306610b0b2990b8d38023cea74f186fe8c3af47cb0f906b444965ab37fae25bbdb1766c04aac4be839057d8ad513c5567924225b776008adc460bce4822c42ffc8d36053ee9109bbbe436f318d4e167e923d9ef0a7a538870313851b0b87388014751ecb9aed4a42aea5781e25e4f0f1e5f26271032b76a08cd7a3ad90f134f7c310064b3ab1dcf8d496c33c6c3e691ff516a079b025d6b36b216f8537c1c3d41a25fbcf6ee3672f6fb9585f9daed635ee36e26716de6ff7580fc321905fa210ce3766cfdf81b039ae5738f404e3dec430470cc82904f6eb23d95cdc6b46d8242e9ac1123455a29dd494b975f9c85a55f66139065fff6622227a80c721a903c0f0ecd0604ab797a2d7341f64dd3fe52e46e8718c3edccce97d140d7598028c2c3a9c8339ed70e883c6b6849414a3462b1c810f38537b9e44dc2f98c95b6a0f83898cb2c6059b89757caa73951881b85940ac43a4e9fdc60dd87d5528ffa252d2390b8cc6cce2352ee7ab5101b4cb32c38c66ad8f13a0ec76669a0b1f5f8cecfa83fd287cc6b0e2d9926a9eb0595b42cb1ce495b9f6b00b5cfb1a35a8e64c3f0e56df50273ffeba8850827553cdc97e56990602f43ce664a6a4c80b059fe1d08cca7d7cc164fd607a354e5974944f0baf548babc3d8bd91efab492dd89d4b208ca3ee9c95d49d1b6e84bc59bf1cac029d4611a2688698b3dc66127171ef14844bdfdb348048524ca4e50e87e80e5ff1ece5e92dc5bf3bb35a1ff8e9e86eb75a2a9d22397223645d74280f4983346b7774efd3a1a7e3a54a170ae0b81b820c0847101547b861abcc149104bf641a32c93a888403a2ac5ab1e6cab11b7d448a5ae8bf616d064df58afe000557da1a8690ef1d3d784dbfd39679c5425ed0bfda771deaf336e83b6f89257bd414d03314e3662ea6589feccf6ea73a4f5f10ecac4b0b9e8d48844af07bb9a05a4bc2f6fcbac14bf5d007dc7885bd9bd59d70eb064982cba7c1ade17729034c2cd630fa80d3b68f3cfe8feceb9ded41d8ebea75d946debf5ad6d685a5a676866e859a17065b25a344684cbbab50768ff4418180e0701cc331e1114bedc81385be621f10b55a6272c2325b5eb85994b4b8201847b070c0145cb8fd476f7551b158fceecc4d7b9a61a9ea52871a4f814d74dba4ca1c9fa61fa0e5e5fd96431eabb466a1e3ec51feb8492b97b7d7cdee9f11dbe11d1df3ba2768f44e5a33fd991aea15f8ad39a8a1d130ed9be30aeef8021d8affdc96b2cb7b907765bea8576d2059d66373f60583aeea2b9a63d9a4554514ad704a32a87ce2d17c5e3b7634db51bde477a2a4f59bb7e2323282010e4436f5834b7549cee3dcd8bc9cea11a77d58ece7524c1dc9c5f97926e54ecdfd8fad474c25bde78b57a3a7b9b530dfb52057d0994535b8a453b35504cd9690f29190cc176bd64614b1f4f37ba84b6633a10905480f5b0f370922c6261df7b0947cdb90c401f0e14224efff83a748cf328ee30e3cc467435fc54bc02081bae95f109aef219a39fcca2f790e3fceff9278d43d9733f850dcb9d5c7b2097c7ea162a9312d3645c6783831c9ecd973f9f47ca2ed1709da411efae9a3452ea38a0d9e0d91f4c284a0075445d41aa310f0307f07075b90bf6b541b929f1d385b1af8bf625dd865687f7c3d15a8e6a29d363ffe456a0488b7a3137d3100f68428b8fd5d0f8c7d2b28f20d9db50d14e870380d0f0e499ecf9dc20628ec2145166c60809b6cbfb7cd973cb33ba4b930516244d7e37963b2277f4a914daa0e0c47a6849f76ff7fb6f185f180c432e10be95fce025a92fbec8f0e68910760a7d4fb5810c123cf8696762305948202a0f474079520c3e0a9a1d1ce92d497c151ee7f6082e6bc7457cee8a2adbe120f201296a637516fd58f1079389095226d63e15aeb7a501908c87f28b4e8c0f98d07a8c3555a46c4f867a33c470b10dabaf40c38383c4399316b1d3f418ab1df1f465c427612ff5f5f568ee39ec22b91c5efce6d2a3b3fc1cc8be2f06adbfafa2b3384f335e15e176b16c48a5944d17af56ed48e6a64f42e8d5745e5a5c5a6cd9499f534de5ca68677f9a265d852aaaf7ee5faa0cb7b1705111bc48eac3484d1a47c98bac514c7edbbb6862b318d3246da9ee4cac53bf93d389e113271b1e31e207b8a5a731cb97ad8ad542ea42ae72c7c25133e6b50cc4681987f27f4583784d4395461d569c83e8cbc6df8c230df6a8b7bd7d9b2c592b06127e5d78fa61e3c4b791b93b03048171454f1142e6b4211d56434e03d3739f2f091968c5f7eb5472760ef899651ae01120e008e73b41fda1c533dc6cb05eeb3a0993ba53d384d35caaa77a380f76ec27c3f97e19684ea871adf66edfd5f721ffa3e78192d9b8c4b1ac41f8d6cccb4140f53cfdb513795d0b1ed4cf171d753f758884d1a40c17d1344d23858786ee1a71b94511036b4c09070e9b898cedbfaa4187cbc2705dfb6e08389990ba10bfa2e0c6cbc83f9f0501770c1b4e3c5cdc43a4b942bfe9abdca57ffc14171f0f52a3e973d26d8d5852f141f26ffa3136079c90745c88d20a1c89c39810d8366786fda8010681cfa0a8113a6294fc0d255f534ee3479f535756c8413bbcd3a2e8ab91c24235f651220e3b83a47b0b2184fb74796cb567705bf2f84f2d14d84ae3f91dcfeed20a4e4e08615eefc5c37aa67857d87b88423941846128b10c7456bfbc9cf5d526afa3801d00e97a929e83667b3d32a4b183a9f4496f9b72d760d255ecf479f0ab7b0b9b2bdf9befc1f0af7bcd5bcdc8e8c84b4223112e85ab0925bc8ac5c6efbc4941551ac2807510a7084bbf8130228c3a2aae883dfd6dd3c2ebbbe3b5a0aa7605af921717cc041f6b336e0ddc6b9ef6d276fe4ea8b4b05c4ead513d52f41102e85337c38bfc6d44fabe6f513a785dd22ccae7c52c3ae045bde0fb9f6e1b2a9ab90dfcb5147822431d90e8d8d70f654af04417eec25803ee414d5aa43b0fb745fbb7277cc47130876927617b7e1aa4555d117053f1433c4a233ded1ba9ff4faf9faa1fcdbabaa061fb8e57a7613656e0524fd1c656a5f435e319172960229e5b146646372d18e62ea7a1b0ebc3af74329faa0464e1b87b34cda288e8ec8382b6f4695e1667c5dec1da3445f51bfe93597072f6f09d56a9e75b56c95cdf7cadd0cf038d40c4d6626218ba84a7c4ce59aa101cc529766d28f048b77e38e7452aa1a6a27857f9ebf3dcb298e2dde258882b08df6857c8c30efdf538feaf4dd1a79cabe6ef5c59c68880746c2391b3db79e2a6f46b08f7d81ff2cb81ac8ac2f3be6fd59716f1cd3bd66ad2aba0a6e1f5e7ed0b17086abd4c11b2fd2e508ab99edb2e898f491866cf74522a9d2a9d49f552772fa794ccfbc08647a778790465f2ec11e2b5636294e3b2367b59448aab1d5bd781aac7a99152cb799762155550633cd8b0f3f8e201b93af04309786a78446a3dae6cbd0f7968d5bad18f4c41ad05e56a84c2b940e786338656529efc615838e9264f5c566594dab70cbd2d63c409d19ea7bf7b584f8c1c6c6201cf20345a05f00a1188ef6875e2d6b8d877219d99f5094e913ac613f100c773af32bc6b8bf7ad4a9bece7f36cc254ae0884d757d3040336a40a47f2b785ffac71065a7c15ba70e8ee09008adf7292a530f6e857a297c323fc0f2e896de9c7fa16402ebbe580f999842054ee3a0e99558e8e55468b6ced9c9d2e2037c26c7de66c3b2cf65794ada488ddf1cd162bc3007cdb7d925af73aca676a1fc86805810517cab37dc3c519dbca7b8f9d7529701777f9b3a5d6b815e47d5fdb21b396e90a803bec65b6ad2d1dc8e2bb3b04a77b3e9eaeb479308a66f5d5e88280a9f03ee1320bcb5b515a427cf416ab8324d156c4446d47fbb008d894461d161106f5d54564658f991bea23ed7985d1fd43c2ff86792b3043d2b51a575148b5074fa48a7768c33ad112cb95b453f51c", 0x2000, &(0x7f0000002c00)={&(0x7f0000002c80)={0x50, 0x0, 0x3, {0x7, 0x23, 0x0, 0x20020, 0xa8, 0xd9, 0x8fc2, 0xe17}}, &(0x7f0000000140)={0x18, 0x0, 0x8, {0x3}}, &(0x7f0000000240)={0x18, 0x0, 0x8, {0xab77}}, &(0x7f0000000280)={0x18, 0x0, 0x4cd, {0x4}}, &(0x7f00000002c0)={0x18, 0x0, 0x100000001, {0x2}}, &(0x7f0000000300)={0x28, 0xfffffffffffffffe, 0xffffffff, {{0xf5, 0x839, 0x2, r2}}}, &(0x7f0000000340)={0x60, 0x0, 0x8, {{0x96e, 0x2, 0xec, 0x4, 0x9, 0x1, 0xfffffffe, 0x5d89}}}, &(0x7f00000003c0)={0x18, 0x0, 0x4000, {0x7}}, &(0x7f0000000400)={0x13, 0x0, 0xdbb1, {'!@\x00'}}, &(0x7f0000000440)={0x20, 0xffffffffffffffda, 0x3f, {0x0, 0x5}}, &(0x7f0000002580)={0x78, 0x0, 0x401, {0x1, 0x751, 0x0, {0x6, 0x9f, 0x2, 0x3, 0xfffffffffffff000, 0x3, 0x3, 0x100, 0x7fff, 0x4000, 0x401, r3, 0xffffffffffffffff, 0x80000000, 0x1f}}}, &(0x7f0000002600)={0x90, 0x0, 0x7, {0x0, 0x3, 0xee6, 0x97, 0x0, 0x3bf, {0x0, 0x6, 0x101, 0x5, 0x6, 0x3, 0x3, 0x401, 0x7, 0x4000, 0x0, 0x0, 0x0, 0x8000, 0x7f}}}, &(0x7f00000026c0)={0x80, 0x0, 0x3, [{0x0, 0xffffffffffffff0f, 0x0, 0x7}, {0x4, 0x95, 0x6, 0x3, '](:-#{'}, {0x6, 0x0, 0x7, 0x1, '![&,\xe3++'}, {0x5, 0x2, 0x0, 0x46}]}, &(0x7f0000002880)={0x158, 0x0, 0x3f, [{{0x4, 0x3, 0x2, 0x2, 0x7, 0x9, {0x6, 0x0, 0x8, 0xc68b, 0x0, 0xffffffff, 0x7, 0xfff, 0x7, 0x4000, 0xff, r4, r5, 0x81}}, {0x1, 0x810000000, 0xf, 0x9, '/dev/dri/card#\x00'}}, {{0x4, 0x1, 0x80000000, 0x5, 0x3ff, 0xff, {0x0, 0xfffffffffffff801, 0x5, 0x4, 0x8, 0x5, 0x2, 0x8, 0xffff, 0x4000, 0x5, 0xee01, 0xee00, 0x400, 0x3}}, {0x4, 0x751f, 0x2, 0x55, '^-'}}]}, &(0x7f0000002b00)={0xa0, 0x0, 0x396a, {{0x0, 0x2, 0x3e99, 0x6ca5, 0x800, 0x9, {0x0, 0x0, 0x8, 0x1dcd, 0xc221, 0x3, 0xbf843abd, 0xff, 0x1, 0x4000, 0x0, r6, r7, 0xcc, 0x5}}, {0x0, 0x5}}}, &(0x7f0000002bc0)={0x20, 0x0, 0x2, {0x99, 0x4, 0x80000000, 0x1}}})
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r11=>0x0})
close(r9)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r10, 0xc00c642d, &(0x7f0000000100)={r11})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:22 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0xfffffffffffffffc, 0x4002)
close(r0)
r2 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000400)={0x1, 0x1, 0x1000, 0xdf, &(0x7f0000000500)="75c9af2903497554d62fe6a39fdbd06acd14f16bb59fbda54614d26091d30f12c4502de775b503231431e808602d2dea136ed5540378296f0fb31cc96beefa15cc241b92441d450f613b657062abfb8c6b9fe7dd7bb50e8f95976bb7b23b2fe95cd20ee72e2c2cb43677e527d4ad0db49b38d9164ff85fd6bd387678940e3c38fb5e0afd4e019bdd4ace697ea4743b27f604f636768c74650caba4546f32a95831323ae8a13f1e59e69d3d592e3d56b98b4cc2c40e9157a6a6cbcb36f5ca675026e24c64e9777b543895b7c960bec3cb726cedffda7b95c2f5e1da47f00ad3", 0x8b, 0x0, &(0x7f0000000280)="d338272684d3907e3603053cf05557da8101223b013541c0e28ca1aae1a791776b16625a7a824982f27495a525a10fdb7556430882d30626975a5babbd2e064f547de70c6c4c71b3fb6435f2a2c570cfbf285b68a79eccd77fd47caa47cf3dfa389e3b1bae802f0800e5909a744f99c191c97da1c07f16154da0f2ef55db92497fdc0067f91377978afa0b"})
getsockopt$inet6_buf(r2, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CURSOR2(r2, 0xc02464bb, &(0x7f0000000240)={0x0, 0x4, 0x19, 0x4f97, 0x5c, 0x8000, 0x2, 0x0, 0xdf})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r6 = syz_usbip_server_init(0x2)
splice(r6, &(0x7f00000001c0)=0x200, r1, &(0x7f0000000200)=0xffffffffffffffc1, 0x6, 0x0)
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r7, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000480), 0x84000, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r7, 0x50009418, &(0x7f0000000680)={{r8}, 0x0, 0x16, @inherit={0x58, &(0x7f0000000600)={0x0, 0x2, 0x64b5034b, 0x7, {0x4, 0xebd, 0x590, 0xb9d8, 0x6}, [0x4, 0x4]}}, @name="a93e95b0589684accfdfcacc8e3c27b18ec346989720bba7a99271e2c28559cf2ca95ce556e53687d331b1be0dcb0a640d4c2148b388edf1af6d56c0c6514e30461f00feea9120eb6eda2c61b1b2dfca637642e888f0cc856f12e233d8354da8237170455babbd3f9ddf44a6997ae91949ea9412f3f697aefdb9ed7cc35923ef84b4357bbd0c3f284af71ccd1a1bddbca1a295705c93e7db595efc769fca1ca846a3c5c861f23e4b7c189292baeeb630491a5e300ea924bf6eea338f4a09a1aea3a3442f0b0ce15a1d926cfd16e7b01421935aa035edfc5b5edb979f0230aa1e09768e3d1b1fd2d59447704b8acb56e25b8b86aef352f7877311f6ca2e92f15dd8c8d50623693e801a5e3b9c82f3e3ae1591dfd4ceb27c22e9290e082347c7747353d1d7ef3dc78673e0873b4a13ab3c1b9093d460ab1dcc3e9c927081d93d76520c269cde757ececcf65e609444e4da037f472782bd229f2172e06952070aba4b65987eeabe318d67fcb38d1480c6c4143ad4cac0ddf440321275e9cb3b8ac58ea02e9c95c7fdbe4657149839f1607344029c42e80a7df323af2d0f70e08bad7bcafdfe17fb5fbf5a2edaa6be6e0716e1e5dee176e121474b61a92d070a8878c1139800f18dc03a0c0fdd23e4269ceb2e7fa3ac281e8478e4179d7517825b6b33dcedca73de5d52f7a84d77a73ca1f8e158ae116cb38021fb39074a3695f9defc6d542071775b7158566074003d4eb82752c65253e61b193bdb4539f0c4068fdb88991899b32a30e6db1e8a17097728b3b80f1bec8b5b9563b02d1a96ce643974c8e707811ab5b01e948ffe6bdabbd0d5ccbc2aceb3eb889a36d0f912101f8d1898309fbd076af27eec3f6ea57ab8987d92fd309fa565da1fd8de76126e4ff26e711f2aaff765c772e4d082b4d59f9712b0e9e12582b8ac2c9c18daea8821a693440086d309f5ecce4f10dfc14faaef24beb285eee480cfd13d61b2dc0b172b88512b3a8d3421bf268f0843a7f124d16355258cf6883bbdf4fa8ba07d081621a064fb61b96847cf7001e4b890f43efd0dc84d495d5bb9b6b1f31fec41c4e5e79ba7210f04abfffc3a8dcbc138ecc543f95a9d62ca9636ca5b8ce6ab7ea2ecf25b6c82d15f354038aca8d95b21a1d928233628ce05960e890c7e7b21bac128819e42f52b3bbf60f0ddd3fcb7e6ecb0bfc4fb76da5978a129c1155fbd905c389499abd2df940d3405e6d6d253edf5bf341ef86cff513a2a531b8df562b66cee2ceb4f69ec6e662cd8baa6142889beaa6a8301467fd5ccc3a3640554525bf24cf1a4384dc756a35184a38afcac1fce632426da6b8244f6a8175faeb962e6cc0af654bc3c9c442071e8cb85ca7633a3d02c655c1beb18817453d19c78d37e32b6b37292f2bb53f44781150993c591dd7b5a233ca6e46c375c6a7e9e1054981ca2bac70bc76444bd1a14e48b99dd5b49dac6cc7a8997f026f24b5ee4bad3ccc1658656915a8eef8ad143da38b0cad11a8e1b72ff18abf0e3ae2450491ef0de7c0c0c0511009cad62e8063259f6235d5bb909da4d5362dfbbe15c29e41d324ce0caad2d191ce752b5e9fa80218960fbdf155fe65ffd25c6af276fe12c10c318f4859bbdb81106b27c6b102f3a170c6c2e95a2e5fb6a5678cafc8f89e8c1aaf7eef71f336b08c7998b7ce238f303c02d16c321be60631c7a422becba73840ebd3f5b7cbc5679298aaee827049e1d5edd9e64888951eddc42a9fb90c1aafbdde482963e9e8486cbe27d49e638a21e2da91ec9c9635b73183e0ba1741d2ee47d4eb3840e9f23c27aed62242aba8e7dd2a4430bc6787a90b548c58cec51463e76e872746317f8b416cb12e618db662762c4f093c9dc7c1d51172b48c53d65d82dd2e83b2e806d61d11437b21f253502aee41c7a1ad5525a5ef7671999f9514637e7424355b0fb5c580ddfb71be9f5a6561f1223c407cb7be67e887f458666cd0703e8d170cb69305c5b06e8d318ba883164f11ca8d1e686179cc106778faa5bd1ce94af34e4da27a515d8bad963859fa796a8adbc1aa94662403bb43df797b1931d65aa5ccc9040f829af4812c28dc771047d737a752955cb63b40204b4f900d3cbcbcb50d7f23e5b426e82b637d5d3859b8eec1940e4045c97a620adeb8cf57a20f5106d01b122cabc8f9044ff1adb044cb1d8aae80ba60670967983d873f1649eae3a5f83b516d4d6b9ae58711cbd7119b89fd9bf33e4cd984065b7b5543aa6947ba3055bcf3771455fac5dced12b6a0b4e425f6a2751cd0870a131bd368a9aca87d641259cb69f1b127bfe25932ea180c20910cf3a934d7fff2a1600a4c8721884997955625a6b714fcb5a7d37309e2291034370e3142040092b381d36aa66ae70fd21bad282337a85c738d185cdb92d889e8981383d0761f635e4bd81b8ec876155dbd5379198172935345f81f8ad7232c591bccab606a8511e293ed350df6589183032862f0847cfc5323ecb066c01606eb04c4248b6263efd0c9ef880ca7393ad1f8449ab9de8148859a1ee4c2290e317cecd65cd9d0de77c4ab883299843a82e9501623530b559bd7e21f5d2ce030236c3b17091587ed24a70026df9a1f3aff63d5d46fec74ae1269d5ad382e4c45e440760cfe7757ce6d3ca8bb34e791e8f5ce2832ca13f302c9a5bc03b082eded64e4fbbb552ff65a8fecd44640a1614f425200884505e5f6518067d27078d63ab4d76f573b37296b91409c0566403865ebf83b0d1b52857f328516d1fe58f83288ad37314317a9a931fc18917bcb5fc70dd4f84de904ae618121ed963d7d7feaa265ca6511e0f20976fbc9a2c89fb9543a290fbec27120c902537e3c604b4d08232ea17b99dccc94e4654dc9a9dd401b194528b74e85e8fe01761923d9f1772214fc8c9caabebd99c5280f1538269883b40e35f0d5ef74c55fa3fd87ff52d15b722a3be572d98e5b85d727822c99e9ace530eb5efccd4c701888145d5f29530e0c8372161a3956d6b8f122a4f4ea2d9d4cb46b8839aa3050c2bd2e566b79b2bf63a45ee293312d5a9b073cfb19fa6dd1835d104d28a29b914006fea02d523cfb3cee553ec51e89ec51ccd5ab8cd9c0806b0a9452de5f9d14316e3daebc17052c9bd29ab029fbe99f924e587f7bab0175a69af702ab44c8c16914455b7b93d770580ad89172b1049112f12c3a2d6f05c98247cbe01bd8f5febf1edf3cbcbab8c988713740f0d671b37c9426d8e2db225cea3ecbd99ec1751908618d9aa53ca5c9f3a168bc87b4954c4c5d5e24a2a2779c7fd25005b62c3150fd0b102e900f49b4dcdfcae161406486b7e3912285f5ab72ee7552aee5f7567aaea9c3e7e8fcbfe087ea050fea6f312c50d2779c6a06628de004c80cdff8baaf6c431017672de85f1a299ac8520a78b8257e4560efffa43598b3ca7235ae96c9328d269a280a2a914dbe742962b09fb038403dce3a3c9d2c5f02b2b51b39ccac56277a1dc9c91fa4d0e11782ca361dfa50da2962964dfffaeac40564d42cfea3355e4218f26988665a92565c2291af58ae3d6a85fcecd329c258831d9768a756117ac39cb2f399baa0e1aef7273534873f5b14358cf520a4c1c38e42a38655a43883662531db0dab0a11701ee1487ab7152103096604f3a3aeebff41c12626167e39e38ba2229d29f24a4771e6b835a84cb6bde8be496383edec8e9d52820966da2620016dd2fdce918ff0ec8bb29c3aefec636dc52907c935b0a15385c36d32a26a06519dd128878a7ca172bb8d927fc76b58583e0fa1ac5d502a60a7d6cfc86c12f634b3c15b266fd4a93d4bc3fa1c906a0f432401b71fc2291d70f6af20b8484cad9cf78d4aa9afd118dcfe721075ad88dc6ef7f7666c693c69512d0a96e0b78f2094ec48fd53af49a6a8a5f18799ba72596c03503b0bb36aef8f0ece22ef6facdd87e829d800081797583c21550912f7264076738404c535348d56b45975f57cf9d05c8211bc776c73a84e8d15f7f290f2e1c03340b445f1242b63ba09d3db5a7c8e9d4d754bbe778d71f2c5c739179a7400faa7ec1f61be3a534adca6f4c72bf37a936712fc05153d8f73c43585fb010f02dc802fe80d5d598fae00dba4ac6d87189a6af30b7aae6d29081b1fa98ff08ea8f4156da859da7257aeecee8f8ae789e86787c48e7c28318bb10c5d77bbfd358c3a5f3439abb2739f34a23e98b65441e84fd3f23ef9d738f7d027cb719acfe907935a1b3abe77dde8d5a9217cc8cd90439ce0567085f404cb5b95c2bc6efce01094908e961769bbdc474cbaba16d10c71663de188ca3794523fae7e6b3f9d7b17c485463712cadcb281f8ddbb209d04f019962854e5ecb80eb374beba402eef801e4c8d0c708cd147d54d305b4634a9e55b4899ab56ac5d46cd0302b81145e0696b706747a4319524eaaa1bd8b3db37370484528cf110b551988f63e64feb51706fb40bd4bf8367e105c9787e19612630edea3b2a098d7c4ac828b7e0c5bf66ed1d9e1e91f769e02e4f3e318de3738c20cb813f5ff2915c591fd4953b3648d04831cb1bb27b0ab5840dba7337addc0ea35f282dd5c99c9f0f41c0dd2e8529b20711479d27ff9b2acecb3d6a7deb911186d8cbe195a75ffa89766828f8e82115ce434e8cb3c0a064ac922b6e2edf653193e1efb6ee6ac0a7079041595b24261420732d4db3b1d7a88af16056c6b7dd2a62a51f2ef6082ba7cb24927e7b340d0c0ce77ff281915f3de5194a55763970c3cbd91ba03c46273577495cd6eadd9f90bd4596545d06362b6c04fff26254eeddc89343707f5f3b99c1463fb33edfea2badaa889927c2359e0c15e1f5595339bbbe0281708331333bb66e2bc16b0f1c52e6643eae812b2da8dff4d1fc933b323e043a92d9cd0974ebe2e416774928678476c8b7a0a11e2ce4a735b6c96c5739b373bf44b710c7b88a295843407e38aceeeb337f103b33231c4d002d65899c0c325c72045317d65cc432e9dae6fa6e6a4a159c36743b6019b7997654e7b3d072197d5617cd08dc023c15b8ff931a2c04e16bf316295290de5fdba9deea0faf660e5404656c478aeacf78b2cce1e186a0d4cdccb049ed7dd6147d64461f3748c44098ed3df08875a61a898adc06c4631991585c57a1c7a601f37cb40416fdbbda1106eb271f1e84aa886b0a835b21ffdff6925de97a833a3bee1bca23eae3cbe4da3543c2ed8f048a444170c49c458842c9d9fa8f8df110028b00f3ae8707afb901ae3f0dd9f52d886465d2f78a1dd92baba97491da8e0eae99c69cffff2b245f9e890b2b44a1c1c37e8d26999d0947b8aa1337cb2976943f999ff2c0b159df6eeddcd56ea919c8af6de465c80e3b3902f95fea80a64a71b67b13611b68da7dfa9b05a6db9666cccc72c76e1b802dfcb0ba4b3861ca4803818639d02c2740f62ab8309420fbe2ef2fdda1ac870d6f39617d2faba19d5be2b5a99ab62d3acd82a827ad99ae45e13d686f9ae59d3ef7585e9283d779e1b138da42aca4e90ad62994bd733813360c884d0993ce1d6f3b13d00a843438dac0e62d3589cb514a02ff2a42abb18cdf72bed1f712be38af2ee0c7e1c1b536548ede326f5d9bd63ad5c64c0e92e59acbd4184589d45dda8954a730764734935ae02b48e47955d569eefca6f43eecf50139c9987feff6402ecf15500d4911944306d75fdf946f2bf2f042f36"})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r7, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000040)="1a0775e28d41497e", 0x8})

[ 1681.759784][T16133] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[ 1681.769614][T16133] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1681.864657][T16133] vhci_hcd vhci_hcd.0: Device attached
[ 1681.884398][T16135] vhci_hcd: connection closed
[ 1681.887212][ T3747] vhci_hcd: stop threads
[ 1681.962671][ T3747] vhci_hcd: release socket
[ 1681.967230][ T3747] vhci_hcd: disconnect device
18:12:22 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:22 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfffffdff, &(0x7f0000000000))

18:12:22 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xffffff7f, &(0x7f0000000000))

18:12:23 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x0, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x20, 0x202000)
close(r0)
r2 = syz_io_uring_setup(0x7c57, &(0x7f0000000300)={0x0, 0x5286, 0x4, 0x0, 0x201}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000140)=<r3=>0x0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000002, 0x13, r2, 0x0)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x810, r0, 0x10000000)
syz_io_uring_submit(r4, r5, &(0x7f0000000080)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index, 0x4, {0x0, r0}, 0x4, 0x4, 0x1, {0x0, 0x0, r0}}, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000001, 0x30, 0xffffffffffffffff, 0x8000000)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, 0x0, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r8}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4080, 0x1, {0x0, r8}}, 0x1)
syz_io_uring_submit(0x0, r3, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4007, @fd=r1, 0x10000, 0x401, 0xc73, 0x8, 0x3, {0x3, r8}}, 0x7fffffff)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r11=>0x0})
close(r9)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r10, 0xc00c642d, &(0x7f0000000100)={r11})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xffffff8c, &(0x7f0000000000))

18:12:23 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
pwritev2(r0, &(0x7f0000000440)=[{&(0x7f00000001c0)="6a94b00291bce98ed5fac8d404ad79fcb6e46d6291cd818afe1f8e66b65d648977bc788a98b8dd509020d0efb6d0f282b7cef13b5312438d4913470b0183dceeef864f", 0x43}, {&(0x7f0000000240)="5491107a9852424d18f98ad317ab06c0976ffc9015d8768cce0408aa7420f0988b6245db53e6d93e6ddf2a979d8e0ecade66fe03d449137d3f31ec1feb8e6e6eb37b45acbb99e06075469c9d74e567cdb7cba20aef4e9b635ae2d1ffde983fce53d6f713949e9dc69cdff5aa45687eda7ea2881451689711e7f6ac2c9c1f6da26b05a2b4464625890a4e98d18c6a8905febec897d04ff236800afa3f4fe2fe1b5741b424905bbdc46bafaab7e2ba3231e151a420e1d189d2c9f7c362b6dfb98a87236fea1289f597a8cff22130a533de256a856c4cab0b7b38c2a19fbae3", 0xde}, {&(0x7f0000000040)="be240ca4f40ec007ad9d61dd0a50b608e7aa3049653267a6389560199b81d630e9142b9fd7bc5df01bfa41011a", 0x2d}, {&(0x7f0000000140)="7b77ed9b875889edf674f7dd8f", 0xd}, {&(0x7f0000000340)="7c1bf774707734d9898607b072c22807bb650e58a812bee2b8e92a09f85bc158ae15197ecff790b87692de06723c9014560e815435db19f621fb2e5cbe572ee1e8b7f12dd5da8e2e890fcae9743eaf40e8ba294de77969080f193ad7061908b1b941fdf3ef95adfd5e26de7977e88419584981721ce014be63543a39090d83bc749020a7c8f80f10bb7be17f2619adf66044878fc17ae35c45570d6719a39f52ba220266a207801855486b8d0f26b5793ccd122af88936a07040f4440a795a618fa56c46e79cdcf376b20888392a53a9122737e50f983811ba7f2d308177eebbb6b9fc3b5a3bbce289d855c9fa72541b", 0xf0}], 0x5, 0x5, 0x2, 0x4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfffffff6, &(0x7f0000000000))

18:12:23 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
pwritev2(r0, &(0x7f0000000440)=[{&(0x7f00000001c0)="6a94b00291bce98ed5fac8d404ad79fcb6e46d6291cd818afe1f8e66b65d648977bc788a98b8dd509020d0efb6d0f282b7cef13b5312438d4913470b0183dceeef864f", 0x43}, {&(0x7f0000000240)="5491107a9852424d18f98ad317ab06c0976ffc9015d8768cce0408aa7420f0988b6245db53e6d93e6ddf2a979d8e0ecade66fe03d449137d3f31ec1feb8e6e6eb37b45acbb99e06075469c9d74e567cdb7cba20aef4e9b635ae2d1ffde983fce53d6f713949e9dc69cdff5aa45687eda7ea2881451689711e7f6ac2c9c1f6da26b05a2b4464625890a4e98d18c6a8905febec897d04ff236800afa3f4fe2fe1b5741b424905bbdc46bafaab7e2ba3231e151a420e1d189d2c9f7c362b6dfb98a87236fea1289f597a8cff22130a533de256a856c4cab0b7b38c2a19fbae3", 0xde}, {&(0x7f0000000040)="be240ca4f40ec007ad9d61dd0a50b608e7aa3049653267a6389560199b81d630e9142b9fd7bc5df01bfa41011a", 0x2d}, {&(0x7f0000000140)="7b77ed9b875889edf674f7dd8f", 0xd}, {&(0x7f0000000340)="7c1bf774707734d9898607b072c22807bb650e58a812bee2b8e92a09f85bc158ae15197ecff790b87692de06723c9014560e815435db19f621fb2e5cbe572ee1e8b7f12dd5da8e2e890fcae9743eaf40e8ba294de77969080f193ad7061908b1b941fdf3ef95adfd5e26de7977e88419584981721ce014be63543a39090d83bc749020a7c8f80f10bb7be17f2619adf66044878fc17ae35c45570d6719a39f52ba220266a207801855486b8d0f26b5793ccd122af88936a07040f4440a795a618fa56c46e79cdcf376b20888392a53a9122737e50f983811ba7f2d308177eebbb6b9fc3b5a3bbce289d855c9fa72541b", 0xf0}], 0x5, 0x5, 0x2, 0x4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0xfff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfffffffe, &(0x7f0000000000))

18:12:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f00000001c0)={0x0, 0x0, {0x9, 0x800, 0x1012, 0x7, 0x8, 0x8, 0x2, 0x6}})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
pwritev2(r0, &(0x7f0000000440)=[{&(0x7f00000001c0)="6a94b00291bce98ed5fac8d404ad79fcb6e46d6291cd818afe1f8e66b65d648977bc788a98b8dd509020d0efb6d0f282b7cef13b5312438d4913470b0183dceeef864f", 0x43}, {&(0x7f0000000240)="5491107a9852424d18f98ad317ab06c0976ffc9015d8768cce0408aa7420f0988b6245db53e6d93e6ddf2a979d8e0ecade66fe03d449137d3f31ec1feb8e6e6eb37b45acbb99e06075469c9d74e567cdb7cba20aef4e9b635ae2d1ffde983fce53d6f713949e9dc69cdff5aa45687eda7ea2881451689711e7f6ac2c9c1f6da26b05a2b4464625890a4e98d18c6a8905febec897d04ff236800afa3f4fe2fe1b5741b424905bbdc46bafaab7e2ba3231e151a420e1d189d2c9f7c362b6dfb98a87236fea1289f597a8cff22130a533de256a856c4cab0b7b38c2a19fbae3", 0xde}, {&(0x7f0000000040)="be240ca4f40ec007ad9d61dd0a50b608e7aa3049653267a6389560199b81d630e9142b9fd7bc5df01bfa41011a", 0x2d}, {&(0x7f0000000140)="7b77ed9b875889edf674f7dd8f", 0xd}, {&(0x7f0000000340)="7c1bf774707734d9898607b072c22807bb650e58a812bee2b8e92a09f85bc158ae15197ecff790b87692de06723c9014560e815435db19f621fb2e5cbe572ee1e8b7f12dd5da8e2e890fcae9743eaf40e8ba294de77969080f193ad7061908b1b941fdf3ef95adfd5e26de7977e88419584981721ce014be63543a39090d83bc749020a7c8f80f10bb7be17f2619adf66044878fc17ae35c45570d6719a39f52ba220266a207801855486b8d0f26b5793ccd122af88936a07040f4440a795a618fa56c46e79cdcf376b20888392a53a9122737e50f983811ba7f2d308177eebbb6b9fc3b5a3bbce289d855c9fa72541b", 0xf0}], 0x5, 0x5, 0x2, 0x4)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:23 executing program 2:
r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x13, 0xffffffffffffffff, 0x8000000)
r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x10, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r0, r1, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x3, 0x0, @fd_index=0x2, 0x8, 0x2, 0x8e0}, 0x34)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/exe\x00', 0x40000, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r2)
syz_io_uring_submit(r0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x402}, 0x1}, 0x3)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r6=>0x0})
close(r4)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00c642d, &(0x7f0000000100)={r6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r2})

18:12:23 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xedc000000000, &(0x7f0000000000))

18:12:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x7, 0x100)
close(r0)
r2 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r2, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
r3 = openat(r2, &(0x7f0000000000)='/proc/self/exe\x00', 0x200a00, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f00000001c0)={0x0, 0x0, {0x9, 0x800, 0x1012, 0x7, 0x8, 0x8, 0x2, 0x6}})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1000000000000, &(0x7f0000000000))

18:12:24 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xc000000000000, &(0x7f0000000000))

18:12:24 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r5=>r2, @ANYBLOB="00000000000000002f66696c653000458b50a72a5847fcefb4a9a240e5ff4009c7700122d9d42683693ae6d99af0d1783ef067e87e461d0be56813d86aa32a"])
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE(r2, 0xc01064c2, &(0x7f0000000140)={<r6=>0x0, 0x1, r2})
r7 = fcntl$dupfd(r3, 0x406, r1)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD(r5, 0xc01064c1, &(0x7f00000001c0)={r6, 0x1, r7})

18:12:24 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {0x0, 0x0, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:24 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xe000000000000, &(0x7f0000000000))

18:12:24 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x40000000000000, &(0x7f0000000000))

18:12:24 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x0, &(0x7f0000000040)=""/18, 0x12}, 0x0)
syz_io_uring_setup(0x3ede, &(0x7f0000003740)={0x0, 0xe39c}, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000600), &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x5, 0x0, &(0x7f0000000040)=""/18, 0x12}, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r7, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000001, 0x30, 0xffffffffffffffff, 0x8000000)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, 0x0, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4080, 0x1, {0x0, r9}}, 0x1)
syz_io_uring_submit(0x0, r5, &(0x7f0000003700)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, r6, 0x0, &(0x7f00000036c0)={&(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000003600)=[{&(0x7f0000000240)=""/210, 0xd2}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000340)=""/118, 0x76}, {&(0x7f0000000040)=""/48, 0x30}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/181, 0xb5}, {&(0x7f0000003500)=""/240, 0xf0}, {&(0x7f0000000140)}], 0x9, &(0x7f0000000480)}, 0x0, 0x20, 0x1, {0x3, r9}}, 0x9)

18:12:25 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:25 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x100000000000000, &(0x7f0000000000))

18:12:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:25 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:25 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x180010000000000, &(0x7f0000000000))

18:12:25 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:25 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x200000000000000, &(0x7f0000000000))

18:12:25 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x30, r1, 0xf7935000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE(r0, 0xc01064c2, &(0x7f0000000140)={<r6=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(0xffffffffffffffff, 0xc02064c3, &(0x7f0000000240)={&(0x7f0000000200)=[0x0, 0x0, 0x0], 0x7fff, 0x3, 0x1d4aa9aff2ac1fbf, <r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r5, 0xc01864cd, &(0x7f00000002c0)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, r7, 0x0], 0x8})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x5d, r0})

18:12:25 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x300000000000000, &(0x7f0000000000))

18:12:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xd, r0})

18:12:25 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:25 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x60, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x8, 0x1, 0x2c}, @flat=@handle={0x73682a85, 0x1000}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}, 0x40}, @acquire_done={0x40106309, 0x3}], 0x2a, 0x0, &(0x7f0000000300)="5cd867d7d4870475e6f9e942db0c76be37a327afa8105683c57d922e4c479b8484b52300153938057c31"})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r6=>r3}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f0000000140)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:25 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:26 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x400000000000000, &(0x7f0000000000))

18:12:26 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x30, r1, 0xf7935000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE(r0, 0xc01064c2, &(0x7f0000000140)={<r6=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(0xffffffffffffffff, 0xc02064c3, &(0x7f0000000240)={&(0x7f0000000200)=[0x0, 0x0, 0x0], 0x7fff, 0x3, 0x1d4aa9aff2ac1fbf, <r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r5, 0xc01864cd, &(0x7f00000002c0)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, r7, 0x0], 0x8})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1685.966545][    C3] vkms_vblank_simulate: vblank timer overrun
18:12:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x9, r0})

18:12:26 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$FIGETBSZ(r6, 0x2, &(0x7f0000000140))
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f00000008c0)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00464b4, &(0x7f0000000040)={r7})
sendmsg$SOCK_DESTROY(r0, &(0x7f0000000340)={&(0x7f0000000200), 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xb4, 0x15, 0x400, 0x70bd2d, 0x25dfdbfe, {0x22, 0x1}, [@INET_DIAG_REQ_BYTECODE={0x9d, 0x1, "82e1b516e84f7dd1c5d3cc483133567f52114f1f30d1dac4069d632d8b8eaa5447e311fb6027f76125733e88a8eb04dd0f6bf7577abea6d762328d53ae56ef207e6806d508c1220bc6e9994fcccc9c78fc316b03cfdc740a9c883979b36dedf72a1bdec80d343131e6d61a6c91080c4e5417f65a8fd59ce8ad761748951114f8deafacf8bb0f491021a5c466289342f6f8498af48bde2b5b22"}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)

18:12:26 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x500000000000000, &(0x7f0000000000))

18:12:26 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:26 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000500)="76d3b040d862607b817328b20b29acd1b345bc2a3190c80f8166b0e2d025a6e865532a015fea4c86bfedc4f0da5938dcd1eed7898dbd098bc23085b84f3b7b520c29121affafc6a523a0141698ccab0aeff92e49b6080b0aa454808fb717f14afcdcf80d500ffb6127fccbd3102e691a69af33831e53281a3685799e5fd62aabcebc723689699add382672c2875e806ad5ee623a5e40bc39b7571c9b025aefa0480f684ae31ee0171a7780b1db917378679aa7d86b0f5808dc46248a3b93a524be3bfa4360f6da94fe4450b97f0f49caef2bf2afb09251e541f04e2ef31a5eb49073a6219b60d6e4f350ac2bba437583485f2673581d8723da5b776f06ac287b25252878a87ecdeaf297cbcf055fbf43aaf3cbba037e435d825b19041254492fb0543ae35fecdc094121ec4add505ab624dfa31c78bda4901081d7194c31c69a75da8ee2b4540a16340d92c1f235be6f44b3acbb3d164af62932e93548fbe75c1cbe4c95c19156600fa22587981b112577977e3ad7fc44049da487d12fc23cf38d17ca3d7ac520da3915f847a12f690b618c7a14ee1838d1b4ed67933490c53b67371970558373cbe2043ee8f30f319ff90b17c2f2cb41fd11786cc1b9156e05fc0dd2f915326a4e867d368e370bddc98e7b0dc417ad80c7100240db7c9487b929cace2a892cc0ad821c801ae4fbc8423855519291af7cffee75040f535868f17d03889a2b355b0ff8c79ee49dd3039687a9a888476fa4b02e3008fdb55ac1f397ad868435cf211f043d18048da89cbee976553a66804a3a8a83e9c2d039aec4edfaa9c3913e7b115cb9ed55c76673d19727bb0257124315b1b7124fb8dd123442f5f4841d9d92cb6952e5f45ff4cc9aa1d9e87d2589a0d8c6c085f6ac3f037779a199dd25238304f16294622a679f0ee264a058fb8451e30abfce48821c82763473a67ac4b4bd5b71c804ff60e09ab4359580d079618e17206293f5ffe4592e7cf11867d1ee2c69fadc4b7cef2330d7b42f90f14c3d4da1d3001b956461b7ac8600b2962db18ab8ed83c5c739fcff5ca78c042d6b456577059fb78374d49c1151a1a035b171c697776f26e0a1c6d0cf8c24dbf3aa833d38561c52d97842f7c2d181ed087e2103a2f47eea870cff24b01f8a5d371687b4630f536b0b1feb5c2c329098f09b3c643d8a37aea40546bcf723146d02e01961556dd429f301efe198f6bfa0648025fc36ad7d8618af7820bc270daff80361fb15278356f849a8237defdcbc476a0292e2f9b20a634706f628561cbe119bcab49385c97be193f00215e9704755ac069b85f19d80c07d408bc62ae12ee4910eabe78e5bfe4cfb473cb772812b4161cfc19dba46e92c10110ad1c6fa2cf06416f2ca0d82ad7a3f2c17bdee7f6d0bb66d1786b7cc47bcc5ce6c18380014a0af66833fa65416f958fe386693c1fc5ab1de11477c4387ab92a674951c68649200f36ed70fe330e0f50fcccddc5e1df02614d2c3b58dab89e5550c853ede4605b6ffe814a5355a661c94b84d7aeeb4e663d734377f906d5007e82d95828423299f173b52b38e4602fc6e3839faabae99373c28591d0bb8c6c6058668429f48e8d325d52a66b57a3c72706cb86aae92e5c72581ff524087e3a0e5670df4441722c8b43d1d66e375db9cf5cae423ffdf4f4f16db114c721e424707c2993da4739f67f01c4c3d04ed399d8f74cebc1f664c8124da153974505d40c8e2de905bff51cb02a7875d3f3d956c148983725fd85214e71be42ca2e5d7e2df3bfa228fd7698f075122458515c9d94745a18cdf7ad8556dc1f508aa5476d9f2b36dfb149176bb3ff531aa1038878fecd5f08634d036812d5c69b45a5f200426e680fc6c4f692d73b6a6c3d1230fea9c029285f07573b741b8d5976afd93631bf060d97f1b1f2bc94f3ad63713e224a3f97f3622b9d49a66aeb3c1da6ee7c8cd3dc45dd59f581c75757f766fe43108bdc757ea2fa8c609d7c8caa9513d873b97208b42c7e5a96c7c889153be4ca7cffd129a9d8c35b25f2cf2c75415887b2258ecedf89101c069b16b48e575662032289fb959de09f4c46426c9cac41d9cb1be4b9cdc6c176aad7d390298906c99066445d1ba4da369545de5a13a68a2849c623ddf9f3170731cc87ba0aea88378c8e4f5246b69e4846f2b8d42c0c646920a650e6f83bbc40be70054505006f650be16a925ef2656f3457dddaf78933c499899bd9beab324344d74f869eb62d59f4c1be4d5006a7806d745f96d730b8ee8de57b53b929a9125d93a805e2aae6455929b818421d6daccfd3c11cb7d5de2a689983915e79ab5b9c7093ebd96f2ba64f6949a19237bc6c56def392b0c21f8ca871443063631345ec6f2eb6eff03b7591bf4e49b79f7ad4981a1b30721c00e538ffd92941ec1b5d5c99b7fa5569b1785e95b92e799a62a39fd920a88539e3b2c25b891e258a1c6dc199a8e8d7f4500900c1d76b64b6f51de8f2f7d8c421f730d7f6e713916d1706b1e917b4b85af443f7a664660df7f81c089f7dac813ccebca808a7e32c9de084c748c78ca46ad00e4227f33ca8ee907462fc2158ec4a0643718a0f43a81ef7821f5ed053aefb529a95e221d30fac305381c6859240bd03ab77e88160765d8d3080e28683ff388d4672f23f9411b0d73e6929b2f88087f253e4745097c99b24c960bf36ebbdbb6e471935e89bf49b7d136e72472f318f612be8bdd15978673e5f3382495fdfc2f31e36689a6c8f6aca4eb9f7ec883d9fc971a740c54be1a9416d913d0db893f35a233f7887cc9b7d896503b784e417fc582e0522620efbc38ff47ae721181f738cf44eaed107c110068d0b4e26538debccc3c272da8b87d3118bd5a17c0d04a8ec7430a92090fc54b83cf981059d0600d2a679767543ff1e140ea71f540c03d7aec1ef31f43d710d2d3cdb09a56428e634ab1a26e1b1036a553b5c369c4ae1e313a6b9b5d72ae872558cc7fda8e3fa3923ac50b9b01bd616b362101970907cd8f49029c73ac81704a5c43339b6a2806391adfcc3d927cfcdf185be7e6eb808fffcfe354f16bf9a3efa59213e8a3e74f18007d0b50f974736eec1eabdf8d5e55ee955fda6fb31602fe79bc39329209088a180f3b1bc4396388d17e261fddf2323d5229b6f5917595f4611416249b59e621dc2bcc309d64646c915d597a35e4333a297975ed40436b83fe6d36e89e1ea2f00256592df447ad465f2ec29f50653c9516e8300bc822af2b7a995e0d1fe29059e156409c2728d07b214d6b18b5af6b789214c2294eeee61b1b3d7c7c7d945e79a612d785029c79d7aeed683f28d5888ff357cf1824677f8784e3e441f507ce923eb9da0d978980f791765efa2614efe8d1b42c52fbe13ce22cc019db5f1cd4b95ac98d1aa6755f7996d1d0ab65b1d5061e3d5e000821660425481dfd75b021f436e884492cede81c109b7f1823929c78c15ea02981f43778a709860404992f8fa613e7f17619efd60687e5a1718591ddf14733345ddf46d76f631a55a8e572577c996fc0722a28e18a6c0885df770fcb936f8a56f0e71c35a27981cb6d4eda46f8b5578b85c6b751763691cce59a4dd3d469e0fff6eaf35231fead8a232961d4b08bf484cae3b6c6048d6a39965e17338dd9debd65de0066cb5cc5b9593575ee58e53ae3190b27e563c9b08dfd75cc2ebe9100e701139de1a762cfcd77069254cb1b8478d1a2989845defba411409595d5484ce31c5dd504c72987b7ca86211a4f691c8191edc27dcd9db5599b9d96c1d74de9d1f2b7473347466c26edf41520b8c0ab7a103ec6b9b9e9b2e2ab93e15b5fd246f7f7b31241e88f760e58c725d73ecdf9a1e6e3606e99a8a08f0cd128789242879372e7634b1a392350ca78bfacbcbe85c6b15abe5e32564a05d638e5423bd18bdab91619ce749e55ab6c2e8f0f499fc084ca635609534e580f2ac33c70a5d3250ba187c5300db06824d5ed2465e30f85a4385a73c5d1581e8a7d5567b4fe678085fa5fd817db1ab206927d80f35f5a097c22c94a92c425d7fb9e8d6f9f68cdd37b27858e255399b14eab9f66cf8517bef42eaf59fc1069021f32b49ca83dfb264d9a80cd1231a3ec1a86a29a77eb16e5730bedd8f65233413d6736feb42e12936a6f7709ddbb491a33edfa173dd4aed3eb6d6b8ef620af8594fc7583097787d9cfe190c64b9d9e2aa7e979261f1539dfdd8078aba3b846899c2247aff68b6a1ff58323c68c2fb38400ace08a8242205d2d09d261f91deae48902a07edde91abf8de7175ee4a75054bfb6f72c1b2ac01ab7c8a132296af3b7783e09a7516de9c8417802dbfd12d9525ca95953e2848dc49b25905dcbb8f352daa967ca16ad1644e2837e31e228ebaec770efade34d6d27f3af23416384e39f917da2491362e9b0f9643effed0b46f1454979d46854c0585842ded6055be56697e9f9733a396517b5df22028bfbbef4264994884c333180f1305047d2a09cdc83799ed62750c9d44a510b54a45317ed9b72dc25579a69f5ad75965d6ca76cd717a9ba29d6ced496d4ff0a4c3559ef7dfd9a8eca4f24fbffaa7179280b2998433ce87f0efc68611dfc3a567c73cd3ffe54234462ff60a7ecb1e246a09329e40c209e43a162d02cf14fe45105a8408911d27e17c0379e9594d0ccaed118ce5932005398538ced70b7126adae31bb9e0020f4063e0e51e678bae24d97075a6b3695e2ed1d1e5250b20378388dc7805dc431c52691486d532dcf53c42dd643972f184ff5631e8b5d848e10ac9f2b501da8f0cc00db193b2226e7a5cba47523b63561b0886ea793c79ccfae0070ee4b5c4093c840e5f564abe09500f52e7d3e41949717bb04886b4b4b67b50096822ec52a26f01f99135825a46f6149c9e19c92a138b29e17b8d246ee41c3204bbb10659ba83b7108aaeed8dc9c58459065d9f5c0fafb13637074a4b49992b3f8c5aae16b2cade82f7fa134dd528e9134dcfa60f7c658b22f99011f4125b29ec235bdd4318fa1bb6817511a3185ebb73472557c51d0d48012037be7764756092f96eb6f9011c7979b768c5cd4d388a167e9b61427d2557ef5a6c503e5d0ed2ea659f282ab3153eb854140582392a09e481f962ea6545bcd147fda094bfc30c9b2785b48d32a77c2c725ca9cf9010833df25ca9b852cd15685e1f7c7b64e67c37b75a2c8ec0ff745b686e070015f18a3ed3c7d7089fb3a34e250d6c8ea18dcf41350fbf92e0ba61289496f3dba8669f926ced068ce41f114a0cf41f3253aa35148aa960ba705d05fd4ad04d7dc626fa090917966cf0a47d2a4ac3140442a9e786e5011b938258443a836b39cb3c7aea72112cf68b992c68b4aa48c4e79826343eb7a0e693abef42b07994fa07a188f28758cbc8b45bc2b5448c4f4aa778176808a9a115d4c3b89c13504533be21d6ef899e2206f935ea9c887620cae2c9888f07894cda6097a06ab9eebb133cf03f54737e8f84344b5259e01b2441f6d21e7b0e8cc18374bce35d7c09e59235648b71deb3f5dfe78e853fcfb85fcc61e2fbeb6658ab3cacc89331f54d7d87082a89c0edac5d0d95eceed146418e7a2838987967b6d8a31b24f11db8d5fa3f4883ded0ada56e82b016e0109211496f3cbdb32f91476dc79699a52dc3ddbf178dacaf647d66c50db6d578e3f07786491a77a72e09edbfdb9fa975b2dc8194821e5552fccf5ac91b6404fe088dc03720f0478d835395fe7f99fb9a25faea2ca20adeadc3d25780cbfa1fd4d1be3e9e02df24d48cae", 0x1000}, {&(0x7f0000000040)="833713d240f279dd136cfc716f6548fd248475efd41b9b907c584c157be34d39b9c3146d93", 0x25}, {&(0x7f00000001c0)="9f0bb39bdcd6305c57c623c2644a00af2698192b78cf5bd39d2f6608da552cc859558d91c334e487a18105e57db4c75df7abc51e6a4c69eee00308fff7387d2d1a9a6c116a01baeeb9d11f828c619dbbe417fc74258dd488c1ab2ba7255a4610b452417dfb6119c20960e1c364", 0x6d}], 0x3)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:26 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x600000000000000, &(0x7f0000000000))

18:12:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000500))
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
mount_setattr(r5, &(0x7f0000000040)='./file0\x00', 0x8800, &(0x7f0000000140)={0x70, 0x20008c, 0x40000, {r0}}, 0x20)
syz_open_dev$dri(&(0x7f00000001c0), 0xba3, 0x2)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x700000000000000, &(0x7f0000000000))

18:12:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000500))
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0xffffffff, 0x0)
close(r0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x800000000000000, &(0x7f0000000000))

18:12:27 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd2, 0x0, <r4=>0x0})
close(r2)
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0xffff9670, 0x5, 0x3})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000040)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:27 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x900000000000000, &(0x7f0000000000))

18:12:28 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xa00000000000000, &(0x7f0000000000))

18:12:28 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x1, 0x100, 0x100})

18:12:28 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODESET_CTL(r0, 0x40086408, &(0x7f0000000040)={0xcd60, 0x9})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/zoneinfo\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:28 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:28 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:28 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xb00000000000000, &(0x7f0000000000))

18:12:29 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xc00000000000000, &(0x7f0000000000))

18:12:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x5d, r0})

18:12:29 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xd, r0})

18:12:29 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

18:12:29 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd00000000000000, &(0x7f0000000000))

[ 1688.965037][T16331] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2306 sclass=netlink_route_socket pid=16331 comm=syz-executor.2
18:12:29 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

18:12:29 executing program 2:
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="540000001c0012082911097e4575df25b9180000d8606db3af7c246dcc19a0e15f10e0f6e4ae3ab1295b891ea7d39401f7c753aea7775234463bb3f64afc4070f2afda481f48a70f10f7ae185d4813c7a2343ec2026b7bfd56be17ceb662e334124b4d200364f6a1e378081a20ea6fd85cd6ee91e18b8efa15e3", @ANYRES32=0x0, @ANYBLOB="0400080a060006004e24000008000100e000000106000500010000000a000200ffffffffffff00000a000200aaaaaaaaaa030000060006004e240000"], 0x54}, 0x1, 0x0, 0x0, 0x4080}, 0x4008884)
io_setup(0x202, &(0x7f00000003c0)=<r1=>0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x8}, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c00000002090101ed713262700000000000000000000000040800054000000020"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20008000)
io_submit(r1, 0x2, &(0x7f0000000100)=[&(0x7f00000000c0)={0x25, 0x3a5, 0x2, 0x1, 0x0, r0, 0x0}, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0, 0x2}])
r3 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x14, 0x0, 0x460, 0x70bd2b, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x30}, 0x4000004)

18:12:29 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xf00000000000000, &(0x7f0000000000))

18:12:29 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

18:12:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0585604, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:29 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1000000000000000, &(0x7f0000000000))

18:12:29 executing program 3:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:29 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
read$FUSE(r0, &(0x7f00000019c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r7 = getpid()
r8 = geteuid()
sendmsg$netlink(r6, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@cred={{0x1c, 0x1, 0x2, {r7, r8}}}], 0x20}, 0x0)
r9 = getgid()
r10 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
r11 = getpgrp(0xffffffffffffffff)
read$FUSE(r0, &(0x7f0000003a00)={0x2020, 0x0, 0x0, 0x0, 0x0, <r12=>0x0}, 0x2020)
sendmsg$netlink(r0, &(0x7f0000000380)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)=[{&(0x7f0000000500)={0x1494, 0x28, 0x0, 0x70bd25, 0x25dfdbfc, "", [@nested={0x1ec, 0x34, 0x0, 0x1, [@generic="257955b3d8a63bbab62836d73f18db722a8e62919977317f6f1e67dc", @typed={0x8, 0x5e, 0x0, 0x0, @uid}, @typed={0x8, 0x1f, 0x0, 0x0, @fd=r3}, @typed={0x8, 0x35, 0x0, 0x0, @u32=0x87d6}, @generic="26ce1c4d48ef81cfe7130474067c3581bf9c17aa084fea460b231d5c63d82dc47336482643a96bfa26d95495fba7951fc5d81b18744ddb0a065723325e697cac0f5e59f5d3de2e6fcb244c1ae1f2514265bf83d9232b86abdb43b87dd90d7ee7e79a1ba5499b7b6fb9346e6779604354ba6f9d02b1bb83c96736963eeb08fa7741102b1f77b49bf005070286dd04520c77db22964944dd652eaadc5bba8b7155b12b0f", @generic="8b99be55ffcecf58757f44daf714f8e434d30285f2b019bb35eebc3bb6f1ed4435bfa0cad69b57769b54764d694d1feb02b0f41d02bedbb8a8202fa03f3b28d30ec7c248e1bd3159c9f229bcb099a6e72b98b8796201e889e9f92860ca494fdd137fe7c49dd5acb5fb29aa47e0ac0dc26d664998e63c91776305d540c7e69f6067e0eedde143a60d28ab61f989e9b373513b54f9669ecbcdea0d829407ae73fbd303d1719e4d44ea1e4189af453423a2f99fc7a70f34084db43994bb7c81aa5ba4df4ba19693ceea477d3c21897e5fe7f5f80dee7755a443813d055445db9585f266f4f4681a4014e58c5ffc87", @typed={0x8, 0x81, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0x8, 0x1c, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x14, 0x4c, 0x0, 0x0, @ipv6=@private0}]}, @typed={0x4, 0x26}, @typed={0x8, 0x5b, 0x0, 0x0, @uid}, @generic="4a50fb1559e962bdee1d0f2ce89077b87e807a2fdc7ef01985560d0bec72111db59e2a0f595c0633425a82fe22ba236716d37270c8ab596b3bdaf0829073636f60359b1eac3effc28103d0c0", @generic="e6a19cfd4066956bc7b451febbd0d22eb003590245db317837a0e2eae84a37df40f407aae4b1a77c255ec3bc0bfa6420f713b0c954fa014a2fe1f342c73334c8a71e83801a2f9642cf51daeceeaa084f397afec7205c8fcb2c823dd8bbab26d51bc985e37877115ecbf1fa1550cebb2373f558383a366dca505a0443e875adb128eaaf3fe6f5ecb34c8946f27a364ce5f4b6dceeb3869fceb79bcf3a4efb0372c9d4b6f7fc1dec526b6f07a8a9624d5cdfec285726195baed537f5dbe3e21966934a3c00ae4995856e282e608a421617ac737340a04b5ca45c8a", @nested={0x1164, 0x44, 0x0, 0x1, [@generic="91e60791aeb584387c224b4aec0badc2c57077674428f7490bbdb1c83e60e92797b1941199ccbd28b15629c44aa58384c3b4fec3ce140a9589db919a68f1fe7381591a123b4773d5abc900ae52b47bd1771d9c4fed8207eb972bd67cd9eceba1eb5b5e594a44549f9faac532116d0bb25703c9a4e352d6ec6bbc78990388a7244fe9cad24789bc", @generic="a2a6368d620c422d2fc7136952db44e3d452d62113ba46a252bc521bf5bdacc6369c7d96af749817c6b782ec61606c27d3c545db9bc5c47a16784cf0f10f99ac494960213e40b4a93a518f512dc38601d7286cb88ae3be8343268f4bd5a8a64d25b733b02b943c830170fef69646bbb26335b52afdd8517c6500abc5633f4ecb00f9d72e4b27e74aec2f1f1cdea35a83f7b8958eddd48bddfc932e43779fd3b90afc1939754211f96f822fa8f9a5b8280fa745c4d45f03b4cd841adc20f6079bf84739920058cf888c5c6cbe45968fce311682c525447dd188d72add05985ffb9a37b2750b97e0eb1edf5c1a05450a7a9167cf0eae7248c3cb7df6e10ea7bf9a6d7bf205ce8256c8206bb5327206e8e20e97ade07113b4be528e8bd0754c4065dbe802a0760dbb90d233af95e328f2756d5420feb1de0adbe618916fda0c69bc614ec30dfcf7558fa799b625ac9d366fc812ce439ab55112742b4ba4a1fb7ea975cc80a4f3c05088d39e2bd2344a565876106672962080f0d08bb6f171cc93a1a61912a4dd8377203300d0e5135f42c095d4b0ce2b691439b55b36c8c641f0b763e4e1edb4f6303ab334890a2759b83a4d553819e8bfd8976898b190323bbcd0d5831b866520bca71058fdf3330ac5fd9844a20c1a923ed7193b12f1f6c2b9db191e222f87eab4f439cc002126115610c3d9979b9da34974fcb7ac1a42b69c333fdc0c5293712646879a92007697835135d56df1784fdc70db5cb229071dd0e891614b28b2e930500e3f1193bc0d7816e1b4d4ee4161681aea1c78043583d3b8a87ec22cb008e2d37fca6b685b46c9e15664d66b314be01f62ee2272d6af6bd815ffa03050dde281da88959e80e5df53fb4cee945f3963a34526b92090e0118cf5f3a716e62f3846a752771852def46666ecf5ad69a2fe8d9880f0c1f5ad0c8c0af5f6ee0fdf124f8a45ac648b4d43c7e0cf9c6bd1737a7361427f5eb3cea7def1800563ad2443da07678e47d7eeed20058bad195eb79c21a8bb1d613282d6c5f67073ed3401dd2a063957f0945146b194afac000413c8b187681077c1facb600cdd120ddeae9cb8f72c60a5c0fbdfacdb84a1e1b29625f4cba176b2f77e337c986e686e4948d769cd481af8bf97ec02ff1326706c2fbab828381d172c1b08124e932ae085224c86f947367d493ffd651f778d709ef9ccae5176ab79101ae0365c486aa4ed8714008b18219479be917a6fc3e01243059c351066580aebc04aba3bfeec64a11bca35d7f5bb9d4983567ee116f258f4f00a1f5f38c15224bb9a56b42af9f1a5be32a5274ea69d5e2b1dd59ed83991a361f1877ad6ea4d5f0af6b8946074902b22fb4d118c15b3a90a261def57f29c842d141365bd5800146a8f943a182f8b9cd5d7d02178a130c175436b9aa63f9e57483b93853d021e318508a995759d61f6344d7be5107237d17a3418b545f6facdb7460551a9bc92e17ccbb52ff70a07016f3e364cc994aabdbc7ccbc03b7a8200881ff1a4df3911bb797305202243ae5b2124f385285a4428822bccece52fc783cf97493ea6617934e6733c412cca20e2c53f5348e4762211936c150bca3ae2f4caf8ef5d3e4128b24aa723dbbbec93fb7455aa7521f9151863d72c6f10ec2ec60935b5524ff9f0201d3bfefca342a261d7c48ae9cba11d98ed9cf0bb8b952b3d85de95944ac17c4cca0332d43f09896e86e2cc100f746a333f5df20582f5d4c98fc54073cbada594ba961c10966ed9ccbd74bb66ddd5aade09d1f6812fc5992d9b636f50123a96dece014d6190954e7d6998c5d832a18d6b744ce87932e06ed470a7aebe656f260578582698bba8a41f10914d6cdff19481cf9dd141dd1069be9e90e7f26a2ac72c9381733c3429ae83deb3252bfcd0ce62012a07b5cd2247c123d3ab5b95a01c3ef3e238a9fef30d7620888e769e4b217414934ec1e30d7db707b90bf4bf966ea1441004837438842acc33c537773701c09f4da637022b59c3b52d7de392382530207625c099f1715012902ffd89cd43301d825b768914e09c2d8516009544b1387823f939253083b351866aadb5df3b3ade4473f6b5514d8f0bbbf232691a602a7efa99f0f1e796ef94c59c362f68f728ea38783202ef63c9d7dcd4f4282ffa65796086207b216a5860418abef6af99c1fba3a0259a2239b06ff1129cc2800198622de149eec20c90d0beb93bd31918302c95477d8b572dd23324f70bc4df06fe1064d7e97069ad3e966eb25f939aec3c70ff1c197bd280f7bf7139632d1b02546aabc07c522e197c0f9fb8bccecc7196730b987da0f9c0c4bc26d93832312d9e3fc9c345ccea0eecf53e06d4896a532a1d10d140fef6390c4abed8a57089f27b33a46ec97ab0867ae7a9b2a63ed660a85bed620bef617541e85cced55f02022aa35ac48740aaf6a5dc80cefa77b75645a48d2fc37408254dab40e3a9efde9185e101202ee2484cc1e4b531142b7e32c302ab69a9dc20ada0254917ec2f20881464e9351b74a5503a8e61c69f9645c8e701691b12b5a65ef037f5d5d47f72fc63c52e77df2f2491c0923b0122112cb441f55432633ec28c9b55113284e979aed3c748a6deec6423ea47ef8ad5e06fbe10d006e507af0a9748a205bfc49a2a79ba3ebd60acafca50ea8f84496b04bb8677a15324f35dc0038923be5d1e2bf5d2e9ee99a353264518d1560a92b929c6b2fc3b110ba05535a9ad7ddc3070ff5096e7ac904c0569ac7a17bf6fe9d4753febf4a53a5a3bebc272aa4d920548465a15548a949761fffdd896ca76d26c21807716bdf21ba794be61fe5fe7758d90e5589b55a911a3fcf832f18071775be0f09e30d38838225a3b0b02ef6299c34d51ae5339286b039a4e71c0315446a0ba7350a697bf5fbf3055417ebfa4625be4477d400bfba341423859b077a1a28bb3baaddaa839242c307cb39c7c856e6a3c7157323b8f45244bd4b12060f24761ece0a1990b3f7ba9cd4f2dfac71ce4b204dad53770562761281962f7892cc3b67433ec745edee3facfe87abfdba2210cec0653e9a4829c13b66a51d348dcf931374426fe7f36172eab53174cf54d1557992fc5c36013fa7b0a02743f1c2f3cc40beb8d07e6c8aac8d7eaa43988f9d317ef779356a066b7ac6a043e824a064ed415b7f1885f2311385abfc294bca3af059e4e1fb7e08037e791a3ab573d66bbfef7e41076ac26e90f9a36057caf5816e8e4d36bd2d54251b3d3e1b6f2aca209d89aaef90a419c335b641090591cff2aa5a3bc9df4005b46a06927fb1dff8e9eda123b8d22ce3abe1749678605f05b4a916a45408edbc86706757d3e9852ad9999e86f345adda4382145f875d76a78de768274f50682415bf04e1e89bc5c8dbb7af8cdc2d7a18b68dc07870a99ec5f0143297097b1a2d6bd121f60a80dfbddc43239a047493dd7e6dad54305a6e47a60e3aae617ed4725140393cf3e5f3c8023f6c7573f95c9461aa986a14b1644dbf3d6ef84a6cbc44775599328d434bed264d7d276ee34aac55a156d6e8e6240a8257acae7a1e0210377377d7391189e4e5cd8cc504a5bc8eb218d1d3b5028346ed7ba4e8ecbbd06f92b53bc144ec5ec992d8c28d0c8110c2f7d3c75468b0484b2ea4f33af02849ed8fd32583da65ad0ef6c4b261ad35ae61c03db5ecb265a04741b2fc06bd7e2cbdfddbb107b59067668b62b820876141613ebc24280802dfaeb70e7eb97c36e8249a7d370b6b8a62cb01898e9d31a8cc5e1008b45909c4960bfe8a0c2750dcdd245ccab156137813b8eeab4fed64a3feac602ee8fd2fc2492694701a491d382d882fb31af876366992bdc4dc34c7f232cc2cee252c1ca057b213227d19c8fb0ebf0a742c3e998d4420892680adbf804a9a74244420de8b0d6dfde51de265f93b746d8107fbe41d63f3ad95cbef0e620163932228a95c08766b4a6f6089113ab6ec2672b90917a6d577133e2a6dc95b286b0c1033d614ed7bec0b01c04bc276878c4dce841b4c8d60bd387ff07243862a8af1057f21bd162fd7ff40a9946d1b4db1e04957f092364c0c0731213d0e18309b5ef77f115f8095f8d519bffedda4b5667c7bea3f8722dcf04c40a95e5a1040ab6a40ce30010d5a65656bb5587c71be80c816ab340ae9cd7ff99fbdc4f98dc07915c16139b6628dc862055fa3e64260852cd776bcd6a4fd12c033070d8ebb12711a4402a245ecddf77a25ec1b852026488b21d00dc7d2692379b2af49373313c54cdafcacd828434434cbbd8a18d9bda67ba61a5eb1ae38d9a1217f1266f9d6a9d21ad5385652651a01d8343d5dd2d462b3cc5f2c9f4fc0789aa6d4d4827ddf2886ceeccdca7bf484b4822674ca759fafb0a542c12950ca923988393f2f1d12dd2da4956d016097e304d51e6a9045a661fe68ecb843370b15a58c05be4a199a0fcac21d0d03257d2977ac1a1df8ee77c3508ac8c3fdae5a38c1a796bc7ffe77bd4a43d042ffdf7dfb954f7ba976a3fdd07e9fc4a8a5ae0c412a17dd628e1ae37ebe8e036da9bb311f32e5966b33263bce54c6c926ca2dd9193b1a25e70527b3af41410f8ecfa653a4213efc734476efacfe514f7e3ca8a7ef8108c31dc4517e36514f8ae9d25dee57bd85ea00261467609ffe311024fbe131ef84a9123e17762dd554933a20fad4dd49bb6a8c5a8482066cfd034b7ecfe512eede1cfc2f80af0150d8f86bcce701d3ab17b0addf813cd99cb2fd764b0eac8dab352fe605151013c404c6214c26bec887476a9f385a81706e3590898a75643588d0c41cdca1b93984271238b0c9a25585060526e8f105b08273db24a3d8ac9057a219e369214983e39460eda1698a653a91e36932f78ac58bce5f1cd0508cb66b95c1cf2fa12efed5fdc171cec5860b91d3bc3a7ddbccc3b8067ea593e5c738405422a47363b18ab5d3e818b76026be22eb09039bca9e301b3b8096a19ca69ff4da8d4683851259edcc91407b870e1d5b46513f9f72d2465d0c7385c3afddd7f76b4ad38de69d7d21f127f772b2c443374f389f649eaca2f55c1169ef1e1da51050c8f9476cf59c5a7f9f59385cb76f48cae9a22c45c92a3320d6b04e261a8b964a60f7e0e34679b4995fd5ae9e42e14968cf48bfb2cb8bc9de5387df74f05fe9f669c1891f04539b337df6dbef8f661dbd0e11efa1147d05e343a18871324cfc59ea8794c8198c7f6f4195a0986d51128e16d45908c0fa3936559a3e7c0bc3ed73d1127645d4a87a213b608d6843819b7a005214d6032d67c2a614b8d9eb2b879792065407db9785d51381cb110f3ee46a722b82fb3712158ea7d5c70198e855c9a789020377d873eb8e70662f984bef607403fa815590e9b26536ee87d8383538a8ef5a72f190c4506a1d40f4bf00cd9dc67e09c9a4e243fb17f2255bcc0f5d5d263dc7283dfdf3f4dae11042c24ee40cc41d602719f3fd99edcc01e04c38681be8bdf39a8c2a69be0ab91e2c8dc801705a970c4843d677e5a984d18fc03275e28b0d6035d090e05d188472b4524a1b4482b4561b2561409e8eecb6b1026e342ab93da29eb26545fe5f10988a54dd64ad07ca08d1a1b64f7cd59c944d16189632742bf9792c850f0f6791b0ed34830b4803096cf7c632ee1aaac5d5e1adcc625f86dd03ce0f874489fb56de6b2f60318cce8af759c85e1b5109b76a67a166e0fe4ddb4ccc7f1aa6866c594f4176d38a4922da808cd903a6d2f85ed0f2e603d1a13fa3a519803b8ebb34240c64936a1be17316bb2746b9a74", @typed={0x4, 0x10}, @generic="9feea6660b1f855584929749b8c7dc6d2b71971535792828107b08eea69431ffda77ec94b8830d5e0d926ed43de58ec0485234c53e87d99c575c7afed2c37a5c30781ae81ef9c1ce8d5fcf1c707929059629ae43dda215bb77fe0eff7b7497e205b392ddcd5836bb8e5862cae9d46a305fb27d594e8ad4f5b565f9f42742ae73e6f71658b23deb4f4e66362873716b14d1e8975199c28715b51765c0176b56547bb896071767e183b057a983b83d800b81bca2c14634310e647bd5cf6aa5fc7c8b", @typed={0xc, 0x83, 0x0, 0x0, @u64}, @typed={0x8, 0x21, 0x0, 0x0, @pid}]}]}, 0x1494}], 0x1, &(0x7f0000000240)=[@rights={{0x14, 0x1, 0x1, [r1]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r5, r8, r9}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r2]}}, @rights={{0x20, 0x1, 0x1, [r1, r0, r1, r10]}}, @rights={{0x18, 0x1, 0x1, [r2, r2]}}, @cred={{0x1c, 0x1, 0x2, {r11, 0xee01, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r12, 0xffffffffffffffff, 0xffffffffffffffff}}}], 0x108, 0x4040}, 0x80)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 1)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1689.331344][   T38] audit: type=1400 audit(1638036749.854:1648): avc:  denied  { read } for  pid=16340 comm="syz-executor.0" path="socket:[172126]" dev="sockfs" ino=172126 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
18:12:29 executing program 3:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1689.388292][T16347] FAULT_INJECTION: forcing a failure.
[ 1689.388292][T16347] name failslab, interval 1, probability 0, space 0, times 0
[ 1689.502958][    C3] vkms_vblank_simulate: vblank timer overrun
[ 1689.503518][T16347] CPU: 0 PID: 16347 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1689.522380][T16347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1689.533423][T16347] Call Trace:
[ 1689.537577][T16347]  <TASK>
[ 1689.541346][T16347]  dump_stack_lvl+0xcd/0x134
[ 1689.547103][T16347]  should_fail.cold+0x5/0xa
[ 1689.552669][T16347]  should_failslab+0x5/0x10
[ 1689.558386][T16347]  __kmalloc+0x7b/0x4d0
[ 1689.563479][T16347]  ? tomoyo_realpath_from_path+0xc3/0x620
[ 1689.570390][T16347]  tomoyo_realpath_from_path+0xc3/0x620
[ 1689.577273][T16347]  ? tomoyo_profile+0x42/0x50
[ 1689.583323][T16347]  tomoyo_path_number_perm+0x1d5/0x590
[ 1689.589817][T16347]  ? tomoyo_path_number_perm+0x18d/0x590
[ 1689.596430][T16347]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1689.603551][T16347]  ? lock_downgrade+0x6e0/0x6e0
[ 1689.609649][T16347]  ? __fget_files+0x23d/0x3e0
[ 1689.615360][T16347]  security_file_ioctl+0x50/0xb0
[ 1689.621496][T16347]  __x64_sys_ioctl+0xb3/0x200
[ 1689.628208][T16347]  do_syscall_64+0x35/0xb0
[ 1689.633781][T16347]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1689.640996][T16347] RIP: 0033:0x7f2c65d45ae9
[ 1689.646988][T16347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1689.671421][T16347] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1689.680038][T16347] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1689.691277][T16347] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1689.700769][T16347] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1689.712345][T16347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1689.721040][T16347] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1689.729324][T16347]  </TASK>
[ 1689.737322][T16347] ERROR: Out of memory at tomoyo_realpath_from_path.
18:12:30 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1100000000000000, &(0x7f0000000000))

18:12:30 executing program 3:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 2)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1689.871347][T16355] FAULT_INJECTION: forcing a failure.
[ 1689.871347][T16355] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1689.886033][T16355] CPU: 1 PID: 16355 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1689.895229][T16355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1689.905689][T16355] Call Trace:
[ 1689.909306][T16355]  <TASK>
[ 1689.912467][T16355]  dump_stack_lvl+0xcd/0x134
[ 1689.917405][T16355]  should_fail.cold+0x5/0xa
[ 1689.922804][T16355]  prepare_alloc_pages+0x17b/0x570
18:12:30 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1689.928813][T16355]  __alloc_pages+0x12f/0x500
[ 1689.934496][T16355]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1689.942583][T16355]  ? find_held_lock+0x2d/0x110
[ 1689.948356][T16355]  cache_grow_begin+0x75/0x470
[ 1689.954423][T16355]  ? cache_alloc_pfmemalloc+0x1e/0x140
[ 1689.961113][T16355]  cache_alloc_refill+0x27f/0x380
[ 1689.967298][T16355]  __kmalloc+0x3b3/0x4d0
[ 1689.972382][T16355]  ? tomoyo_realpath_from_path+0xc3/0x620
[ 1689.978306][T16355]  tomoyo_realpath_from_path+0xc3/0x620
[ 1689.984173][T16355]  ? tomoyo_profile+0x42/0x50
[ 1689.989368][T16355]  tomoyo_path_number_perm+0x1d5/0x590
[ 1689.995536][T16355]  ? tomoyo_path_number_perm+0x18d/0x590
[ 1690.001393][T16355]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1690.007855][T16355]  ? lock_downgrade+0x6e0/0x6e0
[ 1690.013093][T16355]  ? __fget_files+0x23d/0x3e0
[ 1690.018701][T16355]  security_file_ioctl+0x50/0xb0
[ 1690.024482][T16355]  __x64_sys_ioctl+0xb3/0x200
[ 1690.030072][T16355]  do_syscall_64+0x35/0xb0
[ 1690.035473][T16355]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1690.042352][T16355] RIP: 0033:0x7f2c65d45ae9
[ 1690.048269][T16355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1690.070194][T16355] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1690.080253][T16355] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1690.088172][T16355] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1690.097059][T16355] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1690.105114][T16355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1690.113129][T16355] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1690.121236][T16355]  </TASK>
18:12:30 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 3)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:30 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x1f00000000000000, &(0x7f0000000000))

[ 1690.856854][    C3] vkms_vblank_simulate: vblank timer overrun
18:12:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x220201)
close(r0)
r2 = signalfd(r1, &(0x7f0000000040)={[0x40]}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x101, 0x8, 0xfffffff9})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:34 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x2000000000000000, &(0x7f0000000000))

18:12:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1693.711975][T16374] FAULT_INJECTION: forcing a failure.
[ 1693.711975][T16374] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1693.726219][T16374] CPU: 2 PID: 16374 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1693.736404][T16374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1693.747385][T16374] Call Trace:
18:12:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x43)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1693.751273][T16374]  <TASK>
[ 1693.754936][T16374]  dump_stack_lvl+0xcd/0x134
[ 1693.760324][T16374]  should_fail.cold+0x5/0xa
[ 1693.765555][T16374]  prepare_alloc_pages+0x17b/0x570
[ 1693.771329][T16374]  __alloc_pages+0x12f/0x500
[ 1693.776301][T16374]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1693.783694][T16374]  ? find_held_lock+0x2d/0x110
[ 1693.789772][T16374]  ? lock_downgrade+0x6e0/0x6e0
[ 1693.795320][T16374]  ? do_raw_spin_lock+0x120/0x2b0
[ 1693.801262][T16374]  cache_grow_begin+0x75/0x470
[ 1693.807187][T16374]  ____cache_alloc_node+0x171/0x1d0
[ 1693.813232][T16374]  __kmalloc+0x32e/0x4d0
[ 1693.817922][T16374]  ? tomoyo_realpath_from_path+0xc3/0x620
[ 1693.824670][T16374]  tomoyo_realpath_from_path+0xc3/0x620
[ 1693.831261][T16374]  ? tomoyo_profile+0x42/0x50
[ 1693.837003][T16374]  tomoyo_path_number_perm+0x1d5/0x590
[ 1693.843098][T16374]  ? tomoyo_path_number_perm+0x18d/0x590
[ 1693.850760][T16374]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1693.857099][T16374]  ? lock_downgrade+0x6e0/0x6e0
[ 1693.861471][T16374]  ? __fget_files+0x23d/0x3e0
[ 1693.871277][T16374]  security_file_ioctl+0x50/0xb0
[ 1693.879034][T16374]  __x64_sys_ioctl+0xb3/0x200
18:12:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0xfffffffffffffffc, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1693.886661][T16374]  do_syscall_64+0x35/0xb0
[ 1693.894385][T16374]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1693.903929][T16374] RIP: 0033:0x7f2c65d45ae9
[ 1693.909657][T16374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1693.935249][T16374] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1693.946187][T16374] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1693.957136][T16374] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1693.966861][T16374] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1693.976739][T16374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1693.986835][T16374] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1693.998558][T16374]  </TASK>
18:12:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:34 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 4)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:34 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x2010000000000000, &(0x7f0000000000))

[ 1694.282792][T16397] FAULT_INJECTION: forcing a failure.
[ 1694.282792][T16397] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x1f7, 0x0, 0xfffffff1})
syz_open_procfs(0x0, &(0x7f0000002ec0)='timers\x00')
getresuid(&(0x7f0000002180), 0x0, &(0x7f0000002200)=<r4=>0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002280)=[{{&(0x7f0000000140)=@file={0x2, './file0\x00'}, 0x6e, &(0x7f0000001500)=[{}, {&(0x7f0000000340)="8a32ec3522cdb4088f05489b2d67a6f549c271de7cac31ad0925ac4cd50c150fcd7402dda7657bad2990ea902917be1beb06f8075562f38f5f68a3a35205a4e83a89dbffe0182318e08bd3d6acd264de5c3d37624f798cdf22df1f640490099a29b94e93218c56429f2e38c7b42b3ce71449bda21b37855c2cb251d1f2e1a7e5211455a0193ac7c278105e1893ade2fdd43fb7d09a13e6bac8444e6966436c96bd06fac423f623610d7a33faa30ce896c86527c5ad387e22fb42be655da6c5596dce7fb5531a3213708c0f18c902532ac0b218879ae82aebdc11de1361be46029ec615b2ef7bfddb8342244d88750898d3f42b3d83e84aedbce9130fa357bd13c282d225a6d13fdc8d82e29f50639c6e686e00fa7fea2ace7b8fdf7d584c07cfa5211d53fcb835770ce3136d5a802652c08bbf7c1469263d0a592577b8925fe6af65ba3dedbc8d9ec452527aa8459ae63bb58b10d90db89141d0885fe0525c2ef65e4566bec9d1beb89e0fa4d093aab771f265c3a42401625096f11f6489a87bbbce5a3705d4cb3bdaf1a09bfbea25e76a19746c214d0a059e242bb21d9ccadd6a94920cdc52d6f954759fb81a7e13edad933873d169dd34ae435df98e2f357610c9bb17cbc212c65db453ad9c997d85843751973c86fa1fa8d983b24884fac2967ce683e259ef85d638f0ca6191ab5f781bb551648dba386fc1ac874910c6569ff28b7213eb7602082a7fee7d9bc228363e39839b0aa02855839e142975ac7cbb86f497745d1b6885db4f61361d4452d9194b2c488815ae4e2bd6943c29f10e6689a40de424f90145abf9e1989bb3886bf794afe31ca8e81615e9d92c4fc1241828ebaedd8e1548968a6cb5c78748a6f1673cc113ef76dae465ebe5b0e5a2772b74d00c2820d22af33a271b3723a59482b4d6b099f9632ba37e94f2a1a0d26071461955854565eb9171fbd884817b261aa2f7e2856931f8d874d9a44823193da7fc26590027ac7d62e60b1124ca174abfce6cd64e501f3f78af86458e437f9e9adad86bd20449723006f1165f2a82cf024d4d8197c813b7ca25a1570dcd28696673dfd94788efc8b3a2bc4f9331a78fbbc6b738aa920e7145c790dc9442f530f6b5f48c9ece1d10b5659b68167da06d2fd30d8e7f9e48f87964efb0207c20e218efcc3aa8466399f073795f0945c2c50291c627f52f12b6ea58bb9d3956af760b3e1d3b8023f8356af8b5393dc8be2a9219226a98075c90d87507c402cf56edc70fbb387a486783bef7d24666d6376203ebf1e4764f5edc8419b1e0ae970954f93cf1c36d2797287ef5f83d373b860e15fd56f2623ed6a7bb19d1db2be1b071855f09b5ac5727ea97e818a937f2db8b2f0cbfcb7e028afc1354066f9bcd46d2181a0571ab1a8cf930184a822fb42ae9b70f47fab8dc09e7975bb80fb32907ec64955a29d36dc1672c6addbcd521bbd5fd9ee7b14324bc9e0c109b4a7fc9a8b75876de82fbbd586c2698742c7612c87a68484c301398edc6e93917e3ed113f36e91657efe76e241f30692e5042ccdc99fece4030c8627fd25a9dfac36fd09b62b78e03da136c321ae06a473838fc7ee5b544c1b945204c4eb8090cdeafea457ab086b097c8b36fe26c27d73de246213006133b03c190f7b6af958c0f6f57e59deca7f8d6096f50a4887efa4a7b611f754c8eebd5e0150fad3e67ce248df95f9f3601ab338178866c3128cf98627388a1d8c1211ca522320c4f82cec98eda690600ff18e8ec502d7e363b6f3e934062c887eeca9f6b0e462f77c50beb2202149c2fd064cc3f1ec89a5992343d902e50228f5b78df9205669adc050e25dfef5e62d124f8e7d8efa21f841722c01596136786c54d2cd31afcd11badde036ff5b0635440b31e345c0b1dccdb4f770e6fe141843697eeb8fb26ee45d1c03b1e6a35420ddea787b9b82b327416ed8ef5165f56296fc7ae6c22dd77e17047dc7b2d2d759aa9d15f87633102b45371235b4f57744dbd142f3610abe9465bd7f8ba0329391fd24de3492429e82928f49654321ce72fb2cfed051b253bfd431b34a12bd82bb369c96cf8d94a79a5f3a10ced4b24f2b8596b443bdd095ee239ecd167b9604fb094fa9c650da5f00322c834a0c63d6df2f1e48e374b2db197e81b1ed59d955b0478b237c60236c5246f034226a8102a9986c3c70a15c583b42a6e5f1f40a0d58298112436baeffd83f4ae4617bb7b8e6e91f076ea63ebb5738a87be8d5b692b818b37f8475f142dea662f0eb79adf68739b3a6cfb3e44a27985ea03a0165c45d7de606b5b7a635258228d965dd93f32e0f48feaac7656374310616c579dceb8cc07f2c26bc48f0410569dbeee44a795bde7dae4f874291a3bcb375e359b85408ba4adfc9e5a30db5274ac19c4969c270860031646c9f7848624ec6466ef94d476338ce35a383606a6447c543020108d6f74220e8d45280282b2d250f633c6d57869f034f7abc07585ba76cf1789e96762ec97bb2c5dc354859031388c85642915eac8eefe87efb52f92339680f512e1eaf04d934dd6af752cf394913b8648472b45ba443f9081f7ac83c3d0d3a7e27897a3b4b74668c63f8051bd3d2081c17b8d8779dcc617e122f0e3c81affef23f01a4c2ba2068d8e8bf3f5515110cc360f39d767798ac3d99d34aec37a32f139eba14fbef271c1153f5867486d86bb3c1157d8dc68da4e95da4e66d076036a05547e1933c5dd6896abb2ee590cb49fa7fcd670060f410392f6f58b4246cd16dd0a77229366f8c44975ad13b0ca83fad9aa05b0e8bdce72fb6c9b73b2e17bc645bd433de2f90638af1877ee21f8825e95ab3741d4aa72be47dc56f4d62ea04da714928d982744a39406d15db231d241c30939b0d0e1e05645ed7d7a26856aa96d94dbe4d8cd0a24c3ecf94bc7d4c25820c54bb35c466c97505568ceff82dd5f7801a19789f52248ef633098552b8a33f7930c91401ac4ec59ca6149865d035eefb46d7216b028f4c9790b0c019eb8944b2869cc84f2a43d53b3fbf63778fa21f7d095fc9f718e50478ec8a20ee3bbd2c6bb83b273f4ac61bf983307ae60280149aba2474fc6cbc6040865d5255dd16d9587e0b5127b25f1958011e1fc11a794071a9711dc014e86a60c7ce08ee35d295cb4e8d78eeee05b17a1983ba90da4c32dba9e959b943325a93f7cfcdf097f497f12c436ff4dbe953cbf6e14ac0f3c2af352921126cd1e9bd983a88e520cc9268d32b9408a3781757fe67a7d7676c86f68cb6a3dc717aad8dacc116ade8d74fe7de3c768c83205402a6931769ff7f4d2e6903a6dc2ea8c949ad3083a1ff6b5a334f16a92cb81a0e2be741da7686cb4749b5a7fa44d6c778741df5a928112e36787049e3561143817aaf90b3ea38193ca753518b75fd1c854b280a78f8873fe436922155041de021047f3128b73e18a9d4b5d5f386ab95d73a03feaf145cfe2ea7cd7321b2416ddade9f5eb2ef0244df55dafd30b571909b47c887563330ddddea341f2fe8a67c52724dbba3f5bc1d49615fd03a6caffb0f59a7009e1a82fc9e0d484937afd75e3c800f8a64d72e374849efd2cf8fbdcb55440eeaec72161afe426cac3982168d1b192ce0eead42022a63005554ca682fbcbeb2dfa2b48fa70a1196e7b52fa9589a644753fc34b5a53babbc120aa61ce6ab558a257526e2156897d1dd10f1734a8d471f1c7df68bf435cb7c77e03b9102435e98fd1d0d93aae777dd40b50862ec3bd75bf598018ecbc50fb63e876036b38fc04a344d21265d9b390c0e975fecc6918aa1b4ea71165d376450aba9e456427f174788c67b7fe15823158ef9f522ea6b73d0188714f482dd19eea4a49cc4c0aa626f401eccca8b8981dc77c57fefc575c68787faddb2e2fd4ae393d917019b80cb5ec7ec82316939b5299b0769b77606f8ece77b741d130128c76cbe240c93be7d065cecbaa44500a0b7fb23e7321cd4bd452d0abd9c9f5b7ffbddba09a6fee77bd0eaf9dce31497f5b19dce33a87dd136c8468a338ecbd9d5bb70317e62dbb33e6c1721ecdcba3d2cc80f720f71f63a775c6b70462ab4b49dc102ff7dc36d08157197f19eb32e6d18f7008093a3b86a41c630c4847a1a91643e712d26731069e898629380d8ceb3933c3cbb0a909ab6366361ae4ca0737c043ca2eab5f8a6104ecb2566d9dc7080867af9c861fe647e5669220f4d46b72b0dcb1fc3d0ccab6e79697940a8432b0b4d53d1fab5d0564b49f3232a46e5f732ece367edc29c65009dc10070720d97298f7c48a7f70732a0000c778f2a9adb4def8b1d11a30f9ea00af79bfbc8624bbadeabe92eff81e7724ddbc94bfeff83aaebadf8b0a577cd64ad44ab504b9b6a799f8f2bc65075f971253774e0a5ea2c85f7c5ebfa7e2eb7d7883756511d201cd9122ef32018ccaf5bb2c8c0ee501424f42d0f878f3fdad74a396238ed865128f71139fa85060aee86250660453390ed917d6e5bcaf8c360671d1168e5443b742c385bf390c68f1d84b13c84a75926147a6fb546d2d7e14be0305be8889052090b5dd14da46df085fd2f5b391bf2de123bfcfe6b35597441c30743862f92f82e3ef85e701826bcf882ba6f018acf64083ac17beb4231696016958e4044509481303eeb7ac7da893dffb252ab8196cf350b7a2b263cfe498649e798c2f2ff0bf2fe536e8512449d7b0270237eb0f05b3f55a9834075f3c03c59d19dea96068a890577536378907aed93ec253f79032e88b56d336842d7fbf6c4cffd1407220f13d1af82dd55b1e425a0c46fa2da7e203145908edd273cbc7b2c621fb58b929524c5bc18337eb15cbf848f666cf67a25bc98f2fee3f43c04e25a671ff03d285838d3430b3c8f736694973f53ab9c74100559e7a89d6203a2324be0d86e7184036341326f274654ce2bb34cabcc2eb34516a6cc50d0cb67db08ab7eb74cc7df113b2b330d8efee901de938948180a99bd89926d797b969b4726e11b1d0292539e17ab670e36f5d2cc1f9679f72c8cf4c400856cd1d630b080a97cbad7b9856e075fbb7673e3883b62b7dcb309981039a626f0c9733265eefffbf47be96426f41b668cb97b8df6564a0b764d04b8217c0dbd65f8ef413605058b8b54fca5b176aa480831a5db5f4a0a9bf6c1477c3e91fd5d036ccc94806540843098506b7b3cb9db1fe189bddcb9142ec8f82b5ba48b16300063a4c8d8e68eb15cc92ab6a881e49f4c181eb5447a35761791ec00962754ee20992f05aabe2b3e2cde85a4b8cc90e92778ead8b62eb30df504b1c6be95a9078040c9fe67112c0865158599528fdc4c37e0b6e5e6d656512da1defc8068bca2a8999ec877b25978ebb4f23d6c361dd9b1ee511a4225a8cbe82dafc45bb878088750bde10ee71ebc5fe2628fbcdefddf5e66ba764431467dc8c7e3f3ac5370434cb9e1a93cfc8d25cf2039393b0857e51f5f498b6922e772b6637d64339b0c5637f894bdbf5fb66091048d4918c5fd3dec5173a71bcf32f53dde007e4c80aba5c22367d2d998c054838f943a6b3a94fbb061f1eee91dd043045417115bd67c0f849321ffb19ce56e0056d2c1622f042bb753d71d6953d412ad8208a3b9d70aa9fc8f80518d4060fa3604a5e322a54b368db37684b79ee3cbf28c816012d90dd679b656020562a9df6004ba3d5953ba7ec3a87438afb3c0b097cb727c13784c753f26d4bb11ebb8a0c84da21c14e8a18fe5b3d61e3bde56f0a84f608eb17c4b77c16a8bc32de457e4acb08", 0xff7}, {&(0x7f00000001c0)="2c1f90bbe813301f5a49bbf3785ee1f39e1ec7004bbc2cd9eab864a38e0924edb10bf074843d2e891ea4298cae016a049c88dd3660fc7d1b2a7cd463f9a908b7f5cea88211a4ddcd682aace37a467ac68afb0159795dc53d0672c3606e00e4c50ad079d27a464115185c523a457cdd909c4cefdc84e05774cf8c8f01128560ba86bbb151f043d6fdc7a14a6a50d226edf5f679a27ba1a542f12eba25adfab97ec67cb8d80d48520024e935a57f6e9f813146452e80c9cdcb42db7f37432bb199172c79b606ec87f93bad268715d2f2e6", 0xd0}, {&(0x7f0000001340)="2722b0df817988d4dec19254751d042a45e484379c6d22914b980dc571c73cf3df4195b426562f0ac3331e1d0e24cf95e773ab6f166bc0a14e4ef1561e567e78e9501111f4e3d8552951e5c34706783cb7c95248f7047451512b0a2ebb7c6d5a144a479e0c243c8a3a31d05bf6c31e62d97b1c84fda49f87b273e71af37df3f4d07edf93bac34e955347bd5ae1a2177a40943e94ca72d110def43ec8", 0x9c}, {&(0x7f0000001400)="d30c662accbf670d50eaf0d7aa54bc0283c61fbd901cd74f16dbdd0880c6c3960485e27ca3aadc8db885dc0dc65640d3d7808744ac609e136438534787bec6ff75fc7ec1f1a2bb2b095393104ba4b27788b6433d318ec38c0e9f325cf9087a1c99a5cc28dcc9b5b1eb985daa0f34112af72663c0218a204180daf7969964187e4e88780fd8ea054859f99611fb0231f00409e16f26918df1946ae38a49ba05251a39bd08e71602a648e5d94a2e6227d236a0aa8895d847d545a1da6fa14e538a535e7917dc60f65fb1b335e9ef9dc5006363ff620c55883be5466d1015da418e2624ed010f4092540807f6d1b7", 0xed}, {&(0x7f00000000c0)}], 0x6, 0x0, 0x0, 0x400d040}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001c00)=[{&(0x7f0000001600)="e4c29cd9bb98abb20f84e5c075956c191529c0490bd4887033cb56d3", 0x1c}, {&(0x7f0000001640)}, {&(0x7f00000016c0)}, {&(0x7f0000001740)="82c18f7216f584e240681101ee2f8e614d381b0f803e174ff955267ac55dea746773ca28b78950302e6b29a559da16c7b151068d4d02312485f74931dad8d8020a54b87469a1251c13ba765c6edb5f56ced51dc16dcb29dd8e81e9b3da45a5d12e62c2043cfef57bad5b348f9d9e7e8024a849020eb7d3afc28b08c70042ab31eb5d1871142a50e1f7ab9dcc94fe3da1064847ba9ab992dc81415bbcfd8ca7dec2c0132045165419fde3a2af442460c41033a3b7721a214a187ca127af17e1", 0xbf}, {&(0x7f0000001840)}, {0x0}, {&(0x7f0000001980)="6f4e89b2237df19379c6102ba33ce53678a5da36434ea8cf49d2a8e9dbdb547c2c92932e066c122fb2e954174111fd7e4aac3e293527ee4859e34f8c5488ef7adaa60ec3bd14259bc3fa1fcb69a42535bdce8c895f75ba20a2e6bcac7842195617e8d471da32316b04515890760162a9c63ac5e56df699293c56e563ce69ba587f6fa721d39a7d1c2d01a325e2", 0x8d}, {&(0x7f0000001a40)="512927857984c7d1998c5df38b665a48778592ebf79dc6e25bb730ab1d4302024de0b27c5e696a62211632e2bbd2e453d8b8e985404e", 0x36}, {&(0x7f0000001a80)="b4fe55877feec678472526287b3d119b9872d89e3ce6355fea7aa42ed7ce5d28cfbdaaea19728628ca8d8ccc9d691b988022e14c81019f9c52338f193228259aab4c7e2ed0d8252316658eabc7e42f38865caee606dab1974914541ac6396dee41bce310fe17affc46e791b8475a4439e566d006b66949055670f76a1649039a20bc62dcbbf7c74b071e7f8f79d8c9ec30e8add378f15b4752fd9da7a4e5a2dae5d38c7cd6b43500c8159955129c5b9e6de9428af55422c1eef18eae4f90d803be99bc2d09d359014f93d1b147c98d6cf9d7f3a296e920e43716729fe0a60dc4440ce79003f53be995bf726c881e", 0xee}, {&(0x7f0000001b80)="50fda49e6a843fc992f57c170038311bfa029408b89557985ae0a899787c4dd2043458c7323fb093366c5505574e6134bafd7bf58d3452e21595a980c06f984f0ac044da65650a16c7a9be", 0x4b}], 0xa, 0x0, 0x0, 0x80}}, {{&(0x7f0000001cc0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002100)=[{&(0x7f0000001d40)="772f7bb6d6309fdf00139dd233ea526375e1cec07a9f89730fc29b21ca736128bcb725b51e6d9cf1535950bc9fe037f09e74bd", 0x33}, {&(0x7f0000001d80)="5123d2e0e0cd4f708e5b33c1bc74b0506ec6662cfc7c473b2ef03bd979fc2111346e14daf88f06661f55e056ab5291e708dc971f6a783dad06107a45169eca6b7e118156d053a49653201afc76d67d875bf88337685db68c07a1e38eb5b836bdf699b6e71ac26ff98c41263674cf32e4844f32bdf33dc7a7db252c605e376f80a7d93cce9d1225e596fabe3d497ff5ea266e1173c881fd8369d719aff01cd7f0db", 0xa1}, {&(0x7f0000001e40)="25122976d0154246a7cf55ccb7ab14bc5e68f4a1e6da99f5891ef0921b0e9559a0abb8c771c812b89e50840793d4cc07a3b99c1da26f461df9db0ea8f23eefb488548fd0b6edbed39fdb515c3b326b80b7a6e6f346639ea201b1b9f37287f4eade89a0a4e9d7cb744d32d62dde84424556a0b26a0f53f15125d8103f02ad06e7989e0697cacc6eac9dd6d3c243047608e55c5f", 0x93}, {0x0}, {0x0}, {&(0x7f0000001fc0)="f13f1cea0e6005363b", 0x9}, {&(0x7f0000002000)="0e42f8fdbb2d30e804408772b4ac766e97542443facaf716eb5e9a1840ec89bec803bfbccc0185d62ed6ec71aa6a69eda73ac48902d4a3ed6366ce1e0b1b6ab23ee1dbcdb934e8fd7c64befd78bd5376b7e7e50b2e28d9d5cd7bcdb8d1e3cab558d122fb09b6b4c12e9bd0f3f75a7580f0401096a8c135a1609ad8c7eaf62c8e186a20634125faf438e9322df05d4a7ad6d697d6a267784049a5a3776dbd253d9a53e81a9cc3674ddea83708c1234f29cf929237c7a2efcb0ba1cd022db6b10864d8dc52fbad2668e570d6859228d03407ff17020cdf7dd1aafa2afb07947506fe43588a", 0xe4}], 0x7, &(0x7f0000002240)=[@cred={{0x1c, 0x1, 0x2, {0x0, r4}}}], 0x20}}], 0x3, 0x4004001)
[ 1694.312038][T16397] CPU: 0 PID: 16397 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000540)="a809c6fd71de6132f1585bc50f97d8e260ba76b12b4e243547d1f1bc25eb55901f9c16d864a991fbc85da472f0151b5fec7e43bc108140296884e4b413b2c087dc2587699632b192b527550216f5a3738738e36fa68147216a46b6dbeebc799bd5d42235860ada03625d6e12066a1cb467fe76a36d95105f35b6fede18193012e9be491fecd594ee5a1b5d017efecad5218a2e9a2eda875082e80e695456245c03fdc4110c72a0e94908561e076bacd44117c3f307d6ecc6d05cf2cd66840336e9c5f0fccd4f58514dfb7d10616fa1c760aa1021813b8cf7d73436f7ab8c68f16dea32bc26db32c4899f4edd27dadd431e73c8a9cc783ab3f44c5f918da997e71950b9721dc936002d40416a23c16cc2513a516f8c0bfefa2cd7b381e1e2dda8412e1cccdc8d64d1d8c6a9a5ac845094fd0007cebc6a90788354e62663d74e457c93090123b7cd560228b70509220145f50cea6629fd01e931b46b8c2a5fd8e0b3574b45ba2e4aa2338291c19b45525128b5536874f5db2a9aaa029048e81fb07f246b730353aef7b128a72585fcd6f84c50b3638439a17a8452d5bea753805f1cbf9d4d8ec79d46e4f8ec3148c78048708a9368f7f3e2a867cbf0c793f271557fe9228470678e8dbb4f191d34c75fc879df7aac08d496d22e27267b6030f7d56dbd08ce7ab2870c3bc4162bdd46a8f54011693540ba489bbc44f964424dc6ee280198d889bb348af74e87859296b0464a6798063cd1f68d67633e1f774bec4c2d7fbdf8b43d5508c689df94f29401a9819dcb97c00089ff47deb49b9ff41eda603db9a36ccd1e22589a8c3ca7c5b104eef6c59581c10460a3e108808fbdd8a94fbc095c458b2ff2428d797a240342399a29097694de649273243eb6acf0d671ee3e8eb81106f1a3873e1cf3a664470b2fc2e07bf4447d167c96dcbbd84583b31ed3b94a9635cb56a2da54ecb44bc70898002e44cfd6e9078c9ad4dbedc162551c92c01a72d1f74505d6ddf732b0a6d853f68d901980c7c444b92e313764da4986c2ff67819dc3f1ed8c28a4792b0519609c5737a9010309f5492d6b8101a2acf2042376a7e1a391a4136300cfee210805ebf59faf758105e7e91bed0996cc9a0c3a63655595234388e474a08f19124df63da13f3340352c3dfc808b205b856e93b459f273f2c5129e96bcdb767d383d4e28e7861ca681136eb82b1ae53facca54a769e25fb7c232a0e54b2b42fc7f2ae4a02c956743855bcaf60e5b5d02ac8468b7f6e504f8af3c581dcaeb3bfd85d372f60d4b23a27e74f86e647fcaf4a9c39f38c40433c29a803f339ce5ded98a79bf093ae347971efc0b0e677e4c8c2b7a60e445e97219781d8a1d5c6f2040138a0b6ffa35104dfc91ef086625df516025fdbe6990e4c87779ececdfb32e0e5c2699392583a023184743c34acff8fa8b22d8feeae6ff4647e702e17b763201491337866d1b6a8a890a5d95daf6f34043a0f2277065073e023c5500074fb5695e457a87e76c39ec67526aaf60d4d086ef800aff0c1bf1bb4d70f053285ed1c950c580fdea9aacbb8e815798fafe283c6b603fe701704151317861f53dbeb09686f731ecada6b455442996df04c3762e48ada9a298e0d3bd4c4ce4a98a01ef5fab2d21334fb6e58df7f71b0db86adf59d8e6112b99791841c5d60f84ab0c457bf898ba65ce46c638223e6148b42ba2b682d936c9657f6e7689618984898b828ec6c6a4695bd9c7d7abec41c9d30960f6b202c99a280c3b01f183d00bfb0d89265d90e8dd3a5ed561def40fc8a7b7f8b2c17bfa5383bbb96b7aba2197b0ff1abf0223220742b9bce94ed482d6bc6837955766a5f7a0dfed61d08ee13a8c0ca79a1997967fb78ae5ce0247f683323eb490b2e40879ee6809fcdd55de9254daffd69f4f1c6137b51df4c542ba1ebfa95f747543caa473927b4f4d3294ba99caed4944704c3486b1e5c25618617ce347547d3093319551023bd898cd0e0a7f93dc897b3feb4ae1cc2109ea89496534aa5c75ce3fe27a25c3a8aba0968ed7e82ee71797260ff9b1b5209954338f3b9f904cf1464d3f23472dfd886ac323ad73f62822e1667a625fccc3f4d1545798e0e68d2e132e7e9a4f5fd2771304090cb40f06e6ca24f8d6e54bafb976e9f2358bc60233eafdc8ade16d216fe11e27acae8590832b81843436ca53d86885c88816fc8c463a630867f0b5d23506d8f1de46dda94b2062d6a02cb02de9f3bf9748606b5e07c0165600109b525d47ee33d536604d10b74c1e2efd8e8c2144211929624cd48af8784e064837fc64dbc7233594f2aba987acc937bfdd1c045aaac76fb18c0a31ea3698bc998eefe8ffab1968cc99b1b3c3aa1a18018befa32b037c6edf4f1acb09853ef866d2876e7adbdd71c30673ad3a4e3ccc15d17f362cf72f89d5116b5278d60d1069f2065111b629ccfa4f27d2e8773aedc9fc8242b100a22770ea2471cf8a081343338a1040b6fde19acf45385c3462cd5135edca6f2f11c2769469deccdc4f9250fd8d7490856e9d42d042fbcba56297f3a7a544ad4366dbd7513c135d624be9b3a541dc39f20a5114988b520ddfcd6341b88c7e2248a2c5e7a6d45b4ee9fdfeac68b21f6cc4cb9355ea92bb97a8f3915fe5fd315157b7db8d2f120e8cb29fa2eab6fa06dc66b8c9287d0cd7ae1b7f91c005204a385d9ee09ecc87020f2da46a17ac3fec933be5537c582623c881b650467f5df130f62f4ba7802a6498cb2408810a88ccf90995d148de26ba1b26e776ae83c74db135f99c1b237be9f005f3b05e9021cc68c1b2c853c35bb0c3c50b94c14fb55d6972320c144ecd57651a0c8bf005d51b10bf0b21bb4c73a0b0bbd5eae0653d7499891b328cf64414773eaf8791fae08d61fe06f9f15dac0005dcd501487096e2a81fc10d2e8ec288480bc8aac4f1301007d0f0d9d100741d7ad8c5aab677991231918bea38a1c69e818b791cc31430a0822b5456d4ed8d9e7f47c0e24a5c2228095ff95659571d7cb86056d5fe8055df4f790366601db33e9010e6d66d3d8e628ba4efcfc5b5c4463ab6837046933a26232a3ce4be4817a865e5cdd11b459533ac2a8345beda60e7391f81c6eb99dda5e063cc65acf491e1b0b7f921960e2ccced1233f81d1d691e32692d30adaae8a214d56a8d8fc6cc0295ba3cb28e7b957b772f3164545ef445e75b81a523b138b50983dbffa6c50290027f330e17dfa9001e8d2eea71d5187d26efb33cbc68d4b74f76fadf3800a47f63b40ac55910300c849087dc0b5cb024d712ec3ef44fc1a798d1ecbb5d5660ab0082f892a64734e111a9f860c4f67144a882ec08de4087d9c92e7325b97eda23d3e359cb51b0de9fcf93eecbea3dcc5a7bcfd911e0d7d0b2ae78fd3b279c52e8221bf74a7da4c50222b555dbb79d3011a0dbf99a7bae1ac85595f603675108d126071ac528d2115d6ec5ef238b92a3669163e47a39cd6402f777bdd92f5096f8902db0e1abe9ca2ffd983f5995bf031d935059e3d791140832a6dc5c7529f4183ab2faed35cdf52100b2b5095916c9dc303925545fce6828b65c83aebc7b82bcc79dabc82480a268ab38ce837fd02a9a5b2688b5199faca20ab45e76c8979033a30e6561bf83b585ed48131502b3ea9484566469557bdc99ce3758db9f660d73eae2a7ae8ea9ac2b1acbdd000a2aaec6c50d0ee8987c6244a11ccbb3ad389722ff7e6ccc6e1bb42163e461ff1bfe925161836beac5313d409dd68ddf29973ed13650d1218176ba78d26f852bcaea259bf4eac5bc3badb5ccd3128f27db2bbaaae96585b01114c14b59e07f2ea42ef0895ca024ddd958739389c31cc411183123ad52452ed65bf66e62f1ce17314dcd4f59e603af6100c819a900fe9f7649fd932d7a26c72166f4a0ad2275a1113a702fcfbd22418070f4184b3c96735171bf2fc2fd0a4099f50114533aa241891d62bcdc48649761022582cc779e7b7810b2da5155481fc3456c9ab53dac7b9432b6c29dd03e130ba726ca5a58d6a2dccfb67f4fc109f2e4ebf654c9009bad3a94acf4ce6b87ca5fc65fb5aef6ca84c60cbbb046f91b25c7417c80d2cf063c89c5b5bd11b2ba293542d303985ec39a00c07df5066c48c5faf63ec2d025b2983bdabb15e4228ec571421e524abe2ae3822b95251eec7d6c03708fc676cb73541e4d70632dd56e64f099ee8a79cc0539ad7e51c36cb56b768db8f84227778f0702dd72acf386632506a60ea4e65f2df6b48436ef6a503081542603eacffedcb63ca75a9e6e2714a2763b2f4935a325ddf3190b9637e9824b1492cd62de3b602206f5d75192a677440dfef8f98c1014d1921f15f2ea8c2a10802b31231a0bd0333a7b2e462bab391fb0d84e9f40919922a5894bf07598be73e100c8267c10612fb9a5abe6b9741569c04c13adb14cae5728bc5073927a34ac4b022e0aed7d794954f1a616d7ceaf34c574e486343046cfd31af959cc771379adeac7c04cab74c54dea54024b6ad59e40d78f0df9290152ff484da5f88bd11d6f1d6e391e28bf340e30f15b332cd415e865b530e2417f208cb56f6fe29aa2dc80a5ba526fdbcc21373fd0b347d8a030a7caf89618b456b89e40afa8fcc4a8e59cc01fe0146c8bf7e0d91f2ada2f0d6c2e09f3d7fd5e25b8e2f7524404f4d726b738868829b5d2c90ce3a368365cc75ca487265626fa00713a371884a3d8d54d9f046c5aea5a28451e606e6ed9ed3b8b114945da2419aa477d380e5bc051725a86a478fbc1b633ab5c16b81aae97d93fe4d51914631383b3a178d56ee3c4b4af5ec26167e7538e37748b792dbcf61196ae7185fa828bf8f15a06cbf76c1fed727a310e9ac4e1acda0189dc962a0a8b1f21d3b42118224e5095046aa4c3545db989362b590d94d63be6ac3d1c117f5631e3ced31c2fe8ac8641c9e037544e529c5765e687ffe87d09e5427381219cc4d71e54a852b03375cde1b534d61f909d9a27e68dc9bbcb4d91925a5593cb8b891928ba136a9e3f4f0d2275ff3d16589b10dcbed069a370b24305525b80197358c7bfa5c200552fef7f485da7101da2d254149cc94dcdb501024eade40c0b07fedbf4ada952ba1851dcc95450d8bf096e90b2143314d900cfe7eed7d67d83d4f4e995b5eeae9fe69326c568adf00330e2eed1b138f74fc3358aa978ca67145b09c2ad57bbed78fb2521568a7e63b9e60692c2e094a00553bf336d884cf7a2a53f9e4bc8d04e2b5e0452634c7a522fe97e6c20e9f931317a5208f640eb2419d8be1e069de3dda6bbecfff73720cf97462ca13411d9c19aa9320077e7e0b806038317113cec1bb845b75023de9b3ff8351671c2e615f5fe24f8c3b736b77f41f42ede72b7f486f2bc1e4ddae0004d1f9da8f83796f331925e745e3d14d0326aeb6e847692eeb2aa23913ff975c13d1bbc4fd96c7af832db225026bf1810eee8bed37a1f0c33e202246e9f42fe55e0d0b3ec9a9c148ebdbf450f31b5e97e2b08cc769d99a6ec3173feb9b1df411bdb715afbab211b3e186472b0a00a69d0e44cca8c8775f7085ff1503470c2c2fd6d3feaa8a9c61ab1a648a0414481c5f85751f57217db07bbb8b9b09a3c6b7ce40c491500c542c4c391055f0a60691c6728e90928624239fe5d44b52ef381cbaecfe9ce871ce06705cb3034f2618b7165ddc5a9dddb12b90c5c4d939b8c0743df4dd8f476fd491fd6b0fd6520b9da0075c64a8355374477072e174d758ec722da7ad49eaeb8149d10011bc9f805f917fc12cd75cf8bc70bb3231a3ee5b5281e4c2580bd88c5e95d19ee9b282c76816df6e3d9df946e2d15cda86550ef32dcf3ef307f8558fa60acd5efae4fb600fa9891216c59cd1555b07e2dfd0e5332a6b4269583a4dd525b6a0f8fa22642bf043ac1354eca22bb51e41c944753f2f8fdb179ee871f1fa0243f45d614f352831da6ce08753dc59d57706c6cbe997d0a98d29eb861c085252c0f1c94b88998891442f967e13dfe967b317263779886d0c9170d6b58ccf7fa147b314d207a40d76b4b33c32af29035739c547dc7555549ec09d41ec4cc3b9fbba65911af0dc70815533a81f21792c2c5196e020f01b784065452a5afc9f075213ea839a869566cceb246f45392bdb456f87bb6bd08c9ef3d1ae79358fa16039da0cc4ecc4c3f5c9c08d7522903d59902d578d234537950551dadef19f0515754420bcbcd5e13a76893733024ae64cab15533c8abcd9c90e0fae6b0be145205ab49e1108b716d904677e79180f12853e44a1cbab233653c34c577dcf29ea48f354916f7b79879b1110ea061ac5a993fad572247fa8293948173869ebc62d862b1e52d2bb1cdca33f317fda684d75d1fcb18418f92713b77ca2f1e6bc1dde81fb2b949d6d52838903999fc5a36e5536df21cda229d55eb029969b972add39b574f25429c1e089ad70ee561251436e317a7765f13c249493384f9608397f3ddd58689aa7361196221a06d7d3caed82b32af1f9cedefd75dd8377d812fc2dbaf9e1c5bc4abebb06a5461a2f7ac3c36d529bca9fc19e167d946a07b55af46a0011eb8d8867537540c5351cbe4f7736e2795ce5c70221943ecdbc9430d48cfd3677868c2564f92a3d296a8dd0cb4268da019105f6cfc4f702695af939c674e09b712b1fe38b8e2dfaae7a92ba951bb860cd1a502f27b48a6ca55a5013f1fe70555faec8346d097b0838d2c1395f2f78a772d1230122b3a050071e81aad804a622ab98adba8e3b5d5313fb28b656c36e4983903ce4e9029c8213642b2878379558678ac37f3ee16f0d908a867712fb07370f3c7bc9100359b1333a9ad9dc2e59a5c1027c30b179c5bd35d757e6142c095895806f9ec220ce7e92b39add8d508a6d240aee06dbc682faec8246a41ac225310233a70d98c0141fa565e35c1bb7878d591d016bbab26a870ee9adafd48c6d962c63727db9576efd812a8a37094c063e449d47796198c6fafba8e103761db8c87bd71e37814585b930fb08f7165ae3d913db9dcad39488ecdc39e86e5c66b24a2b9e829d06c0b5b300005561ac2410cdd6114b0cec0d95c4e33e9183263ce4bcf064f204cf29d3341648713c453074a8f2376f4409e9ca89647e9cfac2e7273b50e03a6955b171b1165052a68570ada73ce821ac50528a3793345e21433de129534cfce7fed71a9845a7c2e062e9188d522d8f5e843ce00ce074ba753229943ba282968529d89d8d29d8d93e92320a9b53b124fcfc24b457822c435070fbb5c13c55d88030b1253314832ddddee7fbeaa60497c0df7949b18083bbf5bd5f25c8f7c082f297df570dbf4e8fb5e943ca3aee850e29a3cafd910798025e01e6cec969468706585f0e948e7381040fa3c8a2ba319368f64c4c2b0f5b1a73cae9b84664de6b6f68ea021d56d3ff3352c666c425b926f9f07c117af81cbe94d8d3169a2acbe85d3e803c5371876f760013635c438c8a66fde9670cae94194c7eae1a7639f82e3f08f0fc33d45da8636fb372986660d3b5f783ac103ba90ae7b24de17ac18d175950eacf3f91e348402fb38330c81b7169f169ef436b16e1121feb809b6e752eb202349ce72b622f8279e84c3fc4403d14b0873ba178529f3002007b8e2b90960e0f98b6c7cbad54bb9816542d5bffc507719fbeb5cd9b0a30d8d62efb1721cdb7c4393a8cec2b6d98241704e6db63f1347c6d8c9ce5172493e1f2ac5fbb5e13d05a6249804492759fbe9c53f2c4474d52dceb49fb26c5179bc624d4dae6514f2c291a5bf190f2a7363b42671153664a1621d3710106f483c3cfc06c8337a826d0516f6992a58243c7d0ef116b27724549f5f58b380c628ae583c8ebef2361c41bac73a2a807a78b3fa752773e51d7b2f1c391edc86dbccc04ca21fd9e36f90dea86ad46ac20810ab71bd30bc78c1c9a0356f6afa26e33766e8d047083a5ba103093d4adf59bec432652948472c2cdc9289bdcbdf155b86ce269a123ad200eb992d632384201daf914a0afb7b8765d3cf65089d059fc29ce97e9793fa76a58e7c3ee8c28046d908b6d29f1637118a68051f4b4461af196909fb1b842a76961f92b1d19fab665ce55c6c5ec8df000e04b10051ec9cbbc87f2f68b746d8048acd78e03f22e5e7e44a2f683b21f7adf7e222ea572dbec855cf86485511b6ed1e658e1f588d1305f96ba6d1789fb4b1835c1caab4ef0713ab7e055beafb88aa1be88ad98f49a09ab9d669a895c7b9620c6daca57f8aeb1f3222b46196fa8dc1cbd372bebd5af34ac6cf02ecb20f613475de30e6698284ec8ef15e39a227d36836469c883835a2139cda98671f050c40020211e29fad14c99a528b1c47d0abe6af10cc2299800924f0e1bdca5dc498a1df3c4a116725263fb1cc2bb52921a79458da69dd11fc9724d3469fe5b7cba07c2ebb2e92ddddf931b4ea2ab48aa8cc1f637588286819b618d11291a77fde816f7a686a9a248bb730904fe57d7417ab980a6ee4ab8bbd6856901338b0cdf91b9800da4492dc2a7ebf978857bdca2bd36acad25f657dfffb807e2e51c7b8a47f6d2d31ad55f8215c647842a9c5fb3e9b6a93c062c3ce4df3513a0579ee202928cd1ff015588d2ffc0cec3392ccf5e2751e77ff2f3d4a3ea4fa4aa5856987070fc4256d368ff6cd6b6292020cfef27b42dbb7e3e446dc03addc10ca6f6d2bb9d94b8d8ae5fce1ecb6683c4b32d4f6def8425d43bcd91cca2e8f414d4d0144bab6c862df2c05407507e4f1b02d5fe937a70832bee4b5e5d2e72f505c3de9e6e59a685df80fd8480c227a5b3a2f702cbf05fc1d32c46cddbc36b7f6e74f53fcd2d5f9fbf6ff46f3472f119ea0382cbabab1825a1395cdbea9acd4e0219af078ef9e106bdad4ed49905d2af37a92d043c870c0277d192d545c7057c74e5af6d3023d5dd2cff1aaa9dfaf15ea872a6c4be31a158cbfe27ef4a487b84ad5af078dda3fa96f45c0b3b06b08bbd0696d3134f82db29b97d1547a7316e0571b9bceeded906d0099e9866a0906facad0eddb7b3ef52e2ab38d8e1c09d364cd38d4859ea72cc638d48d9836e416585a15265968b463f4331764754581866f3ea5f3c89baf4005af09e93c6308ea60b2f6afe3fbd27b819cd49ee96034c0cdb4f39ce06f4b6c1ce662a44e376abe7620ae95e010ba4ed0affa81480eea20bf55f4a24e76390007fe2e14641af285d10a81039723a7b98409c81999c7fc6c1ff25b6a96f0525b91bea524fdf2e4e85da00bd7c3121f83f6ebd4b7e6e9e0b43171935f4a9be4449f7c5510f60b4d8e2542f102e59ea022a1d35bf75ac360f780287c2fa94bcd52957df75a070aabd418083052231f3872491853f04c7119c199cf08193b2b4f902e8cdf29ad7ff932ae69aed866fac0585b3f60ff6786668984281b97a67ffaac225fd70885af786e4ba777fdcfc33912c0879b985ce52935505dd4044682908182e5486ff2a4428e72a3d171e9aa11ceb804df47347b08033405386037ea0b96a1efd26394b7cc9652d0c1f18f5bb12723ffcba88151e446cf40901cc199ea05db5b95f66234c4525c0a87c8982c6e7c5e4bbb08312f4881c71f57834851da701b6435cd5a0fcfe15dcf20bb54cd975b8d4fa35a0acfda1438badef4bea9ac88e0effaad00f20c5b106ba1038c09a0e062d140c2edb34205840c9244feb774991d98d3a1eba1f371962160a8e964fd4fada813c518b1b67fb53aa220ca12bd49de23ec413adcce43b51362d85d049b0fb8aba60d7e0af051fafcc3a4ac69371e2a2a310aa946357c740c5388e38a9a1039e24255fd293731b820567f8ba902e38105484e48c7eee505b9cb06383faf421c1ab79dea65bb22e58e3f9f5fd63b7ecf52ee66b13d8102cd05f313db75df39c1547c61809d8a30648aa4468f3788785ff78d63de65673da1e567e98575fddf38f2c00a3ce4bb349001fe4f64486d742b6735f76c3919a834bece3a7e1acd5b0cf0021f2e8ecf9c96516c002a9f39b442eff3f191758e5034e750be0578f77d38da7143bbea12cbb0040def79c50aa8df91e6a5dcdf38140f06102968a670f9a3e6b16c69e80e1264f28cf7983cbf8e0e52cd10b8fd991420c1116633ea95b434b3dbd22b1b91ffb54872ac7441483a8b0dbb9c18cc981593ebfea8434c8bd8f286228cce093eb6a4f03bfdd4b1dc2f8e303d4a60a8fe4f39e9737a9ec41c4cfbd5f694bf618988b50ed3073187d0ddcffc44651ce498698b9466a699202e96be2f5155ec17c7062be99d9992d6220299995d0210f90cd6d7dc887409c94949fffa8fe949089bb89b76e9ae6c15f67fc58162b2af7e732ed86273e7fa761625780bae6972743c4dad6c1e05258ab16e4bdf5496d6fa24216d5742fb5cdcc65db40d98744376bc5e91c5041158ef7ed2d9ced1d478803c6fd538cda61ce84168f49a9917d4246100336789587b42168c5dd9b30b7b38ca6ce184aee0c42f974cddb1add8e09211d2cefeb5d00fdf7376a42f60dbc53776a16a564cffb61422aa0ccccfa94f5bd11c212530fd5fb8e5a970c5280d2ec17bd5d705982561d1018ad8a1f655fb1628b389db093d8c5c0efb6fe81631708da53e9c18e7300ccd978889750ac26f0c3592664f38120fd13e59c0f039fb9c21943b137e7280242ce65be5dbee5b2c482ac4f72e5b141e0cadca4f4749d8b038eea072677c22ee1c58139a7c1e4d186aa159bc1701d3bd35f4e677677160a6f4770a52a07ffa7b04c372c3c840d534612a89ac129dd233e5552654417077daabb35e43f8af898655cfb7c599d90db834b5cd70d48832ee8a5c6dd029910551eecc95be02a10872499e237c60f8e1994ad560bd4e85d97ffee4d93cd0a33e4d6ee346ba1ebdbb49065cac5115731cc6d80227a67846c5c4c0bd013cf272ac88886fe122314f99a3d0b1888f223291f63cd3dfc864fc3062205f0fdda5b1ae53952b48749b423c28221042ae4bba424c028d5a870fc45b71540723964412238f0722c97e65f87c5f9ba931dfe37c0805dad8382b4f7b4632015c748b22264f032a9863ad6aa8fad83a58a9a046dc09393ac1a3af456faeaabefa2810dee13a31b1d42ded23bd9bf3eccbb315c9bd5d786dfba2f3ef3a11d19d075c0b21cb51ce413702663486a79c7d2e5421e42bba7f75644fd42da71b9e7cd59438274c888c2c628d2fe4bb83a804afd5787e9204798e3b7a01dd07c79223b7ea02d1f7cfdcbe6c42b80049e2b5465b98e7d445e7b509cc740bbe2f15aac7d9367a22eaeb9c0247d85f741e63ae0529b19bd50a47d0ea88a349ac8acadcba5c0f61432dadc9c0a8b5647644c060fa6d3dc18a7d91416567f9462a6b511c9c99b5720e278079c2a4f7b1d30e7b7094ff14f066ed617e612443eeaf62583445451af607f0aac980afb03dc474dc18338b3416827821652bde223eb7a83556e635c891b7774d96de795dbb96757b7b4247839e1aa1514766443b7c2536cd6c32468ca34fc4597f0ca90e2066705e3eb7f8ec38fa7cf799f8052e31c148a4b349477e9c6abcdcf36d15d6b6514f9537f7906f", 0x2000, &(0x7f0000002bc0)={&(0x7f0000000100)={0x50, 0x0, 0xb04, {0x7, 0x22, 0x7, 0x8000, 0x742, 0x929e, 0x7c8, 0x3}}, &(0x7f0000000180)={0x18, 0x0, 0x8001, {0x941}}, &(0x7f00000001c0)={0x18, 0x0, 0xa00000000000000, {0x8}}, &(0x7f0000000200)={0x18, 0x0, 0x3ff, {0x4}}, &(0x7f0000002740)={0x18, 0x0, 0xb02}, &(0x7f0000000280)={0x28, 0x0, 0x28, {{0xd33e, 0x1, 0x1, 0xffffffffffffffff}}}, &(0x7f00000002c0)={0x60, 0x0, 0x4b9, {{0xfffffffffffff2cf, 0x7fffffff, 0x4, 0x1000, 0x401, 0x66, 0x4, 0x7}}}, &(0x7f0000000340)={0x18, 0x0, 0xffff, {0x6}}, &(0x7f0000000380)={0x12, 0x0, 0x8, {'}\x00'}}, &(0x7f00000003c0)={0x20, 0xc36e5b0edf830bb0, 0x8, {0x0, 0x4}}, &(0x7f0000000400)={0x78, 0x0, 0xffff, {0x7ff, 0x100, 0x0, {0x2, 0x1f64, 0x7cd, 0x5, 0x80000001, 0x20b, 0x8001, 0x5, 0x7, 0xc000, 0x1ff, 0x0, 0x0, 0x2}}}, &(0x7f0000002540)={0x90, 0x0, 0x5, {0x5, 0x2, 0x100, 0x6, 0x4c, 0x3ff, {0x4, 0xffffffff80000000, 0x200, 0x820, 0x4a7d1642, 0xfffffffffffffff7, 0x0, 0x0, 0xfffffffc, 0xb14e2a481deea0f7, 0x28, 0xee01, 0xee01, 0xf67, 0x6}}}, &(0x7f0000002c40)={0xa8, 0x0, 0x9c, [{0x0, 0x2, 0x0, 0x400}, {0x6, 0x4a, 0x5, 0x7, 'task\x00'}, {0x1, 0x7, 0xf, 0x7e, '/dev/dri/card#\x00'}, {0x0, 0x80000001, 0x2, 0x1000000, '}\x00'}, {0x1, 0x4, 0x0, 0x2}]}, &(0x7f0000002f00)=ANY=[@ANYBLOB="980200000000000008000000000000000000000000000000000000000000000001000000000000000700000000000000040000000200000005000000000000002c07000000000000f8ffffffffffffff07000000000000000000000000000000989f0000000000000700000054db00002b010000006000005e000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000000009000000000000000500000000000000080000000000000006000000b70c00005e80295b2c2f000001000000000000000300000000000000000000000000000001000000000000001d0000000000000006000000000000003e000000000000009f2a00000000000009000000000000000000000000000000040000000000000000000100ffffffffff07000000a0000001000000", @ANYRES32=0xee00, @ANYRES32, @ANYBLOB="0000010003000000000000000100000000000000000000000000000005000000090000007461736b000000000600000000000000000000000000000095b800000000000006000000000000000000000000000000010000000000000007000000000000000900000000000000010000000000000005000000000000000100000000000000d200000007000000020000000060000084080000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001a000000000000000500000000000000fdffffffffffffff05000000040000007461736b000000000200000000000000000000000000000100000000000007000000018000000400000000000000080000000000000000010000000000000300000000000000040000000000000004000000000000001e000000ff01000004000000001000000700000000000000000000000000945031375dde3c4adeed39e8b53370e955c2813dd78e2d2faefc4bc8d03374a7c1c38ed2631a090f3002a28e9540f4975aff9ef298f24ce3c512fb243cdf866c5281ddc1049ef07efcba8aa20be5b849983c87bbc891532d4793b3f0cc7b21c9d92b7a64682658a42215bd71136b8cca49d0b9b2d86542ed9958b86d784167e673591b89a1e239f026b2b25cfb04f42ee92b8bea7d60da5e3d", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="feffffff0101000000000000060000000000000009000000000000000c000000d70200002f6465762f6361706932300000000000"], &(0x7f0000002ac0)={0xa0, 0x0, 0x80, {{0x1, 0x3, 0x6, 0x7bdadca2, 0x3fb, 0x102, {0x6, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, 0x10001, 0xffffff00, 0x0, 0x8, 0xee00, 0xee00, 0x902, 0x7}}, {0x0, 0x2}}}, &(0x7f0000002b80)={0x20, 0x0, 0x1, {0x0, 0x0, 0x7fffffff, 0x98e}}})
r5 = openat$audio1(0xffffffffffffff9c, &(0x7f00000025c0), 0x501043, 0x0)
r6 = syz_open_dev$video(&(0x7f0000002600), 0x7, 0x400040)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002680)=[{{&(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000500)="148f35c069f5f1d0ccfb47193138787215eb01cd1bd90b61506c701901ace191f52a282443761f9e30e4dfc4255036bf25380b4368836998cd2929427ffeb2916200639955a17bd3780a912eb0bddd2b4200fb0600d8160030c10986aa0254154631cd17e817e9c0b182d755768bf91121133403289d6c716e0462854195ca7445d00a1380fcc7de34480ca6b88ef5d09d67d9054df24b9d0daf8d7a4bc7b038c91706ba6f14ba9994ac386eb0394ad76f088e74acb7e44f30d20141f7d49463b4a4d6c3bff6311a108d4d98397d0b119ce4c71398c5169f84444ddbf63cdc0132a6764a1b034e1bb65737a5e5b26df49c69b7d361adcbf3650973ab06d106ae96bafb88ebb7eea79a9f65d487a6745a9c64b0eea1fee5af6ab0f1d74ca4a38da29233c038d5e1a175ae9187cf58160348d09b8fc85d1083319f2a1b4fc956b4363aa8de86864fa247ab60e94c9b9e4c4cfe12c9d0078535ec89727b108297ad5e99de9524d75a7b7e93952feb900bf68b798c3886ee111a719688d110ebf44b7bfeaccb3c80328f9c0e1f521e77fa67b0ef108a2b031174156a9753d151e01d1964d665e3ed883d1987902176d21500180dd8230cefc5a57679327fea84ecdd2ab4e8e968dfeeb0a7901615d950d38c7b377325efd0aace00033acb0feb515574747aea0b7d75f2410ee39bba0dd1c03a301f51f239f1b4ea60836709d5f9c77852d2f17fdb35476069371f60a93c4d913531d6518086072d5f6a1122df915d0106c73f9198e118e39fdcea6af06c357c96c570f32974429f5ca7d29cd75afe355b1a2066554bb2821ace9bbe80470e92363ad3e8d9cbb88553073c50ce0fb3dc81bf7bbfc1d8513033a2a4b389f4ad995f66f96f2f38aae8eead97dccc210120b39ed0afa58d41fe515aad2147ab19838642154ea518ffb8c5509e50d0095c681389652ca7d78a7fa6984711af7d231e156bd63dfaeeb8fe230d3a24cae85c31e525c03bf5af76274dcea90be4950ef15eb81087d4505cb50a1557aaa3c5195c854bf422b7aede160caaf25904bceebc4d79c7dc561a82a1cf892e626b459bd740ea8f65acd2866022cf33a154ad68d006c77ea9632a661962aa2ff3f50df1f267f9f0cd829b96957af8a48e2df02d42c91a6004a838655c307bd22647f29fdbf3e0e17441442b99d7028c8509cbf768ec2f7bce3149b0bcf5c5d56cc42eddc88ebf258ad7816658eb288fe3c528ab178c6f607aa5714202220bef495716973fcc209fcf50d1ae597a757ceff2cf69d1bb43662dbf28bee1286caa7777fbe1542c65c89b9d475fab19ae9c39ef1c555b7add596db1dcc313f221a9c9a85ddbbcfcaa8fad98756d4c9453f9ca2fc173d6be1eabaf4c0f210caf1edf95ff2f100c9e2af490ba64ed6ad45c33cfa50b76086c1077f8332cc448ad5f7c443a22d65292b35cb56494340932f1ff01786b5ea8af64f67e2a52480093a2bab88e31d71db8f0305e9714d2f62f778380c7818829668de8c177509b9ad0450890df8265a1bcb325dd7a9a79733fcc36e0f8072ccffb44d21a66f52f8c1c3e0b627ed1444a3addaf560378a919f415267fa912bf13fa6510a611dfaec6c3fc4a6e74232ab2dfcc01f95bbd54e2de0c75dfb68d932d053d13c84492700a004c11544af105c5ecdca9bb7972abd8b0c32b2abe868e188eff4ea16756cdb2b255ff6b48a3f9d71af59d1a46030df7b696d532be56f63b23f519bfe5425e5bf92b2fc5ec30e127748ecd513c8e0d72675d40264019b3974eb3799aa9b91db2bb73ad03d801738991d23c1ecfbdab6be1f5702bc15e40ebbd68f056a41d9257176c15cae9d49d43cd709fec2da17996ce3cae9f4d9c2236d5c97805aff3c9dc0b86222746e0dd0e745aafa06f5667a745c39f0c4cce3fb31a84907cf8fc3c48fc6e2fa12693df6dba8aaa7fecec56525c50e0600fe6a14a11b98612816a920bc423091b8c9a05260ceb329241a87529bf678b785ea266f3cc3fd1a931c11a855db133bcd25568860de6b1540d6f2b470c8dd11b204159f1f568aadb052a2ea09e8530f0589c4f1cd7b48a2522cdaeb9da4139c593f4ba85467a70428b88052f02a5e02d495595c25bc2c56a90949bd8d1761a229556029d6adabc8d79fa7036de11d4b722216edffc164f17e20865366157ad9d202e5ced67ea40edfa93d19e8c8abf19899c1b3d964c1689cc116926aa1037458b5daa5c61791fecfc4ead29b4add1adce5da8c160ca5a32699c5e9e393f56c733bce94a1eeb52e3cc349e1406c107da2e2320d1667739f5102c056e39fb70a70d843c8fd2b109d4d135eceaf516086e91e604593b42171e275360c18348a4d09d14c36bb4f5ada9e3dc42456ec7f76bfbc44422a7f21c4b43ab345a5193912bc4ff2464cbe001174a3cfb488618ef4fec648b93cfa4beae53ae4422b5c405da0217af4981e75b9b04d19471b525afade8bda69a514874cc00df6ae43c788596badc829b006e8a09fd009f9c25e3ca64139b1bef79149636ff25d320fa0a3b933eb03afcdf4ab8b66db0bb178c61c2f640190576e3040586f1088a873562bd7d6f7fd73e32b00bfccb2b6c6351dad623766c841eea2eca5c7a0ac01487f4d411c782f4f674d96403ec864e1a11e7432ec8a6467a1c5a0922a1789f800977ecc8386f0fdd3a57cedd12a3841dda4fc55a7caac80a00729d37764bcbbb26a3b5550ab41cd923b347c612f0306c48a570eab07b2337c563961dff4a8387090ed444393a775ea7376e15477ff331c98135b7bfa46cdfef755fee04a08f57986678fe368daf9d4d56b73f18e6ba0946bee09174083ebc35b37a9c437afa53d9419d0d504eb172d922f1a58d1a64c8956f3557eb23639081b1c298782848ac29f6feeaa66c8c115723ef9b602dc571a62bfa942f8dcd11b16970da841c699658c52656eafb9f4cf15447900ef7388d2c159006d305423201f71a9c9067033ed96cfc6c79790aeff9a7bb4457ea409f265cacf6333561f10dc3f0470c51bcb071bf84645d2594ad655c4804b672162c0ac891756553aca52a51e09bef7bca2f2d129450b726062a831f5e9a8523748068f85084b3b2757da47de6b163708f6aac9e6da3a799c54123184762519e5f8a4910e802685a0cded6e12c7f414dee2d2c3929423cfb333e90f84a3023f18a846ea1d40ae53ae7eadf6574de9378a73d51ea8e7ea63873f2b2e25d5d7886bf691bd1ad98d294715865f66e3550c275b65c279af95610872f7083c90cd47471cec51846eb4f31005bb515d2434aa5507a36ab05fdacded74ef80c0475ab188e1fbb07720e149195f1946620486f79db7405b1ab4be356a042a18b01189c2f032821a4d110079568830490ddbb692a0b3ba961efeaa76d32403cc57a5ef7c868481134b5c57d639c78b26ae33a0d40f94c8fc74601f53d92df56364dacc65bde1c0903350bbd3c45f1584d7cd9a44638fc743d0a1706a8a9ea560881d237b18ba051efcd364aed14e29c2c3be8dbf01e680235d9217277384735a5be3f23c56ac97df293a5ed040533b02e2fc07cefacb12724f6debf01140b9e272c86cfc3e5f0e3c2d53ffac970395648ff5da8fc0ec877ef16e7d249f31890d40bb6b544f33e3791de5a9ec3ef76a4d071cdad63cb09353d177c79fece4db26d55ea2a05ae9739173c7905ea9b0c0272a947efa66c68615915c35dc6046e14860cae62d44170e33b09976f46e622f463237940e5dc2c1f208f777c93a6bfa7f42c3ee82e9cb166a4f61e78747fe3a9aca0fe7b605ec10e378b9fc01cb08eccfafbf13145ce26611fce1907387093d771d2de13ca9ab888066faf84c82c3f981491d3c4e4e65e5821333e4d689ab7ae47508d24f462fc5fd6532b5bde9b7a3fe531f15bf21c293193ab3f741e1d62981641aebbedf498db11434bccf32e89530fc8b5e4f16f15a978a9aa91357fb88885d88ff75e2e918f50657cd8bf0b93519dab51fb078657d960f27e41df27c9f9bd544d03a372207760d41b55d202806fef0195be37e73aab0948fcb761e9aeb2264be963d143ff81c895e2b278dd4def60d021ceae0f88390ef1e757cf1e696582bb5d71d88a9d977e345fa7f67557a6bd70f8edb2b4a145660cdea87def5cd5793876e339a9d25c6ba1a2fd4fc377f0ae214c17098019c881469f30550e45f4ed426b6a0cb9d4d70d6bb16fa87b111fd8896f0d17f3bc5c59167644ed4b30cf76d0fafdcf1f90c0470cdaac7fa8d67d28a647558d3d7331159bd18ff7574de4221f3e32553eabf17795a17c07fd7499e5c208099a09fe9b111d018811e587d6d0e86cfc1dede452b490af533b20d6c10958104182ff7f805d86b069eda2a7bf8c8686411a70888db28164f679265d6fb8fc77126e6cef120b05c11f5b06b2ae9eb07d846be90f5ea1e808fecb6c88d5dfad1bad48c226c157078fab22b13495efbd781ddc77877750f5c4314ae7af3d703870a16516c12f76d8d323966d1a27188b1d5cb9bce9df5ce386dd77cba1c92b63627b91d0e2ea99e4a68d995cc6ea99f610f28372e172de44a36535c422cb009ca53fac7d9d0fe0a4daf756cb6f754351ca55e94413ddecd1930aebacf324fbb4b82999818534b766844f2b6352831d2621a8b44e4baabcb45cee3f862347e0145083007ba0cbbf919cd9ec9ad4e56bc3d6d2a45292040bc0a1c9b4507e9c68a3ad51e37c450586f2dd17edf2ce1d11977c04a37f5f56d488e28f0467e28df17de1785e44a11c39f2f68214dbbe74b066b764070647015657d2b54ee459c27754946ef4809387074c7a3d7d83f40dae6ea479dbd9517727d4e04fb7b503d14040b980a43350e769ce36a35914e16c91bd3c1314858e2203922ea52516dc0928ad4a5543f367f327589ae7c7267dc81514c633be9152ab7f7b961f6ae64c26babbc4bf020babef64c69b72849e29a4875d0d7dca49151b44404bd16dae712de53b3f7c098a8979e9ca7a10f947826d5c7298f2d26cdef1d65964d312a35300a46a3d2b28ce17ccf15be5b2fc857a10894c7f5d3dd453ad3770004454fdb9ad6edbd1eec660afec1b82058e14e420f46c62a17c71733d8d11619f5cc0c370f7c358ed094216b074f1a517dae6524c05ac30af37b7093518b1da6efd808875a437b870516e06a2581e57dfe39bd5bb2aabe450b25bd8d34717b79fb65e5344fe65beaf26785a59aefed73ecdf25e758f58c781d3f02dc00369cec5afc9b6839a6808d0aa7f03989927c5b189abd8c57ab9a632b53e535209dc305665534ffc5d7530c20ff6e553a9b20f27b9d09e7c3be333d9a0378983fce428f7e55a33db9adcf8ff72938c798cf41764e23e87d589b90397f838f369e65c70a8f2db9b10aed1beed29c2b55777d57de7fd2fd88dedf7b55dc19d0940f51095c11a771e517bac2f8b2bdbdae4345212685710c472fdfe3930bb33d93e9bbdaf8cf03b08091ba9258b3bfef7a8f4f395b0cabf13478d1de500a1588dc16c294e935760099a2c19fdb4b0b257d5f4a94eb45b98556de1670e8b15a3000bae18c0209334197223cd5836332ea1dd593af5cf8da92c705596e2c352a6d7b02e37e1664334d4eb660d3a3fdf189149f9f55f51d98b882b34011f6dd8b1c704eef1fa7b006e059a3dcf4e142636d1da5a55576ed4e9485daacb19aa9de8485c7b7e935fde6ed470bd7b9db37dd48871edca1bcc50fa3c9f6d58190b13f821ae7c1e22bd89f81b91fe370359dbeca0e7913ff7576f1859", 0x1000}, {&(0x7f0000001500)="98f2acbb1560d7f36c9c52e37bff48a8bb755fcd49f8a5bcac0745b9a0c2d8d8baac5675f0f628759de3d50581f258383eb53a46bd53286637bf8537be75658d41175ea7dce87f4e5769c36e1314ecf85b10286f6f5ab3c80e008fdcdb1a2478995bf18505040c65aa9309595202dcbc39fc527653ec26301e4f3578550dde866ed5a7a76c2eefbad9519051192334ae84ec0569564ca2d34fbb4c9580da9896bd71f6e94daafbd4645dd162002c62ed7270dcde541f2345d0de16d5292f45211f00", 0xc2}], 0x2, &(0x7f0000001c00)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [r2]}}, @rights={{0x1c, 0x1, 0x1, [r0, r3, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [r3]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r3]}}], 0x88, 0x4000001}}, {{&(0x7f0000001cc0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000002180)=[{&(0x7f0000001d40)="c9383d2b84e7f1e75af29ce5379b945cec065931f0bed51cb92e72edc4f0e53fc782f3a4441bf58abd3644ab7435b02337293b1f8483defc804331ebd9ff1fa4d345c1995e225bc09482e3aec16ae5a168e310f9af0147df0a3bc110172a3008d5248e8467e7c3b7f278c19b12131aead78c8a77e04707e819a5021061ad943bbe8550524f3ddbb7fb6ce58fabc57ef395911609b5e7c364a30968a4ed97455a5905c214d46f71eb26053d37329adfa16c580b62700edb806bdbbfec67159e", 0xbf}, {&(0x7f0000001e00)="404b1a9c141e61dc89ffd76a16b52571dc0e03ed476459214c31fa92fa5377b479cfe13d2a5c6b17cba6cc93e973ab7bd775688c", 0x34}, {&(0x7f0000001e40)="d8822529a743cfaa0ae5c596369c3aac11c5379ffd269db8e3be91f59e05b42ab27933ded55af51e0335bf3f6bc47573fb9d78f8de4023fb14c9506336d515bf866db0e74809725570fc735cdd3bc2f9b63765ce248d78ba019686707454048080b1e60aa6b1c05868e2fe2405fb4058573b80e94d7b9282bdec41773b87924d31339186ff7609", 0x87}, {&(0x7f0000001f00)="c07b799071168d7b66f2aed47c38a35e73f4da24d5dd47dd49fcb461e345631c53b259b6f600de78df8b7d185a11d6be699a61bd3cda39a32b503a41ffaa8bc299156e97520e17313b1d131e2a62da2087a281933b380cb8c7b4bcdae4a53b6cecc72178f8a5e7617ad3a39ec86d6136c138710085af2c49e325896718bb8229485a37a0224085dad9ebe8d183e50f103a3a6a9b16732416e438e9ac3994e45ed515f6f76ac4b187", 0xa8}, {&(0x7f0000001fc0)="881a17c248d9e016bca9052c22a45dcf50dbf558aba96e00f20373bacd54f0c8617a77a52e69d52a2e75a3a2e0559643e457b1f82c1b6e615baff61d66e9819f039ec7b199d2bcf922b46fcb45ff70ce8c43147662315d6dc544c892dda7c73723ad33e1692c445a7610b447", 0x6c}, {&(0x7f0000002040)="1153a7c2f93cbd96509ab957c0f59fb3e155cac6565dcc55f938c132c2ee900abb86ed7ea05b25515d19afb59bd5b63e6b24188c3403a2e01c57b1f7102893e8b14edcb0b32c70c57d398fa81d9c648d33b06f76bb4422d48b851b010e8c4e1118fdf7cd2f", 0x65}, {&(0x7f00000020c0)="a95d278bec647c7e042bd471c6e59a5735b70cfe007241ef8a05d4b8255a2bd64f88fdf3fc23ed4e4f9ed2aa70f362c3", 0x30}, {&(0x7f0000002100)="8c10e28289cbc000ce91912a160a7227c1d1d3ee374642fb57cccd1435296879dbf6dff6fc33980b845c6ac4a07164db8668da7f52bce19d3a6f8921ba73168661705045bedb9422a2fc71d93d816f95b0", 0x51}], 0x8, &(0x7f00000022c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff}}}], 0xb8, 0x24000090}}, {{&(0x7f0000002380)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000002580)=[{&(0x7f0000002400)="4f6647d84eac5a9112d62152400fc446eaad045bf500d1ac695788d1ee46fe3aa773d0fed0119dea2deef4a6bd8578584708d064b5ab0a47fdeaf987e6435176ce1e98f9e7e469b9b4df8924d0431872e1f84f21ab9b99456f5890a122e5074b6873c2f61074120f62284ea67cb81d0e4c0fa1ea56c4ecc06d4c67a092767b57bac4a88fe749c996da0cf389139958988820898c8f79959a8e0a00ae2c904a1fb5e46a11e9fd902558f20bcde75af034dda08e31b0dbd50e27155dd399d0", 0xbe}, {&(0x7f00000024c0)="e96dca4dcab6691f0c44c5d0f20f9880b02144777cb1849bb9528bfc35be52ffaefc78e6301ddb262ba829cef7bef0bfcf4b51fb629fc1026b968374fe53bcd66af3db7a1fb47dbbcd2f6c560bcac3dafbdf4489f64b7a448935a16828dd08f452a3e5fde3c6b93c232c0e578a01a166a0", 0x71}, {&(0x7f0000002540)="3bcd1a3b15c2008c7bcbc0daae03dc7e13856105460685033ad97a22789f3242bc4d8355d52362ac2abd3d3cceaea088c838a53745503fcb65fbf4794a1a1c", 0x3f}], 0x3, &(0x7f0000002d00)=ANY=[@ANYBLOB="200000000000004ae4df268abb072700347d08a82fb446db013b6bb72b42104d1205a4e570a19a634775aa984cc3e40018f25a01107d30331029b37b88f3e4f929e06a50eede9d4e5f59762863727070a8eb4129a3a05a74a1fcbf173f85c99fa3674948eb2d00ce729516c73f060aecb5c531acb786c4e8ec11b4b11e7e6ab47a1fe99b9385e65b5defc6738c0a82", @ANYRES32, @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r6], 0x20, 0x800}}], 0x3, 0x20004000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r8 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2d, &(0x7f0000000380)=""/18, &(0x7f0000002640)=0x12)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000140)={0x8, 0x3f, 0x48735ee3})

[ 1694.325655][T16397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1694.336418][T16397] Call Trace:
[ 1694.339765][T16397]  <TASK>
[ 1694.344965][T16397]  dump_stack_lvl+0xcd/0x134
[ 1694.352494][T16397]  should_fail.cold+0x5/0xa
[ 1694.357373][T16397]  prepare_alloc_pages+0x17b/0x570
[ 1694.363325][T16397]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 1694.370664][T16397]  __alloc_pages+0x12f/0x500
[ 1694.375703][T16397]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1694.384440][T16397]  ? __kmalloc+0x32e/0x4d0
[ 1694.390469][T16397]  cache_grow_begin+0x75/0x470
[ 1694.396041][T16397]  ? mempolicy_slab_node+0x1b7/0x340
[ 1694.402641][T16397]  fallback_alloc+0x1e4/0x2e0
[ 1694.408221][T16397]  __kmalloc+0x32e/0x4d0
[ 1694.413330][T16397]  ? tomoyo_realpath_from_path+0xc3/0x620
[ 1694.419707][T16397]  tomoyo_realpath_from_path+0xc3/0x620
[ 1694.427361][T16397]  ? tomoyo_profile+0x42/0x50
[ 1694.434650][T16397]  tomoyo_path_number_perm+0x1d5/0x590
[ 1694.441641][T16397]  ? tomoyo_path_number_perm+0x18d/0x590
[ 1694.448364][T16397]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1694.454236][T16397]  ? lock_downgrade+0x6e0/0x6e0
[ 1694.459091][T16397]  ? __fget_files+0x23d/0x3e0
[ 1694.463479][T16397]  security_file_ioctl+0x50/0xb0
[ 1694.468406][T16397]  __x64_sys_ioctl+0xb3/0x200
[ 1694.473870][T16397]  do_syscall_64+0x35/0xb0
[ 1694.478724][T16397]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1694.485268][T16397] RIP: 0033:0x7f2c65d45ae9
[ 1694.490855][T16397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1694.513871][T16397] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1694.524993][T16397] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1694.534363][T16397] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1694.543323][T16397] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1694.552519][T16397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1694.561104][T16397] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1694.570320][T16397]  </TASK>
18:12:34 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1694.583635][T16397] ERROR: Out of memory at tomoyo_realpath_from_path.
18:12:35 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x3f00000000000000, &(0x7f0000000000))

18:12:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 5)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1694.814745][T16408] FAULT_INJECTION: forcing a failure.
18:12:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = syz_io_uring_complete(0x0)
close(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000000040)={0xcde, 0xcfa, 0x0, 0xb3, &(0x7f00000001c0)=""/179, 0x9c, &(0x7f0000000280)=""/156, 0x46, &(0x7f0000000340)=""/70})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1694.814745][T16408] name failslab, interval 1, probability 0, space 0, times 0
[ 1694.832248][T16408] CPU: 0 PID: 16408 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
18:12:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1694.843648][T16408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1694.855362][T16408] Call Trace:
[ 1694.859602][T16408]  <TASK>
[ 1694.863352][T16408]  dump_stack_lvl+0xcd/0x134
[ 1694.868955][T16408]  should_fail.cold+0x5/0xa
[ 1694.875698][T16408]  should_failslab+0x5/0x10
[ 1694.882773][T16408]  __kmalloc+0x7b/0x4d0
[ 1694.889049][T16408]  ? tomoyo_encode2.part.0+0xe9/0x3a0
[ 1694.896264][T16408]  ? d_absolute_path+0x127/0x1a0
[ 1694.903047][T16408]  tomoyo_encode2.part.0+0xe9/0x3a0
[ 1694.909537][T16408]  ? tomoyo_realpath_from_path+0xc3/0x620
[ 1694.917068][T16408]  tomoyo_encode+0x28/0x50
[ 1694.925555][T16408]  tomoyo_realpath_from_path+0x186/0x620
[ 1694.933210][T16408]  tomoyo_path_number_perm+0x1d5/0x590
[ 1694.942571][T16408]  ? tomoyo_path_number_perm+0x18d/0x590
[ 1694.949222][T16408]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1694.957267][T16408]  ? lock_downgrade+0x6e0/0x6e0
[ 1694.963244][T16408]  ? __fget_files+0x23d/0x3e0
[ 1694.969586][T16408]  security_file_ioctl+0x50/0xb0
[ 1694.976603][T16408]  __x64_sys_ioctl+0xb3/0x200
[ 1694.983719][T16408]  do_syscall_64+0x35/0xb0
[ 1694.989888][T16408]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1694.998348][T16408] RIP: 0033:0x7f2c65d45ae9
[ 1695.006400][T16408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1695.033736][T16408] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1695.045093][T16408] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1695.053507][T16408] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1695.063042][T16408] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1695.071125][T16408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1695.079842][T16408] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1695.089717][T16408]  </TASK>
[ 1695.102690][T16408] ERROR: Out of memory at tomoyo_realpath_from_path.
18:12:35 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x457f000000000000, &(0x7f0000000000))

18:12:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 6)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1695.271945][T16424] FAULT_INJECTION: forcing a failure.
[ 1695.271945][T16424] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000280), 0x5, 0x1)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x10000, 0x0)
getsockopt$inet6_buf(r4, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r4, 0x7, &(0x7f00000001c0), 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x8, 0x1004be, 0xfffffffe, 0x0, <r5=>0x0})
lsetxattr$trusted_overlay_redirect(&(0x7f0000000200)='./file1\x00', &(0x7f0000000140), 0xfffffffffffffffe, 0x0, 0x1)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r6 = socket$inet6(0xa, 0x2, 0xdb)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x1}, 0x8)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f00000001c0)='wg1\x00', 0x4)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000100)=0x942, 0x4)
sendmmsg(r6, &(0x7f0000004d80)=[{{0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0xffffffe0}}], 0x300, 0x4000000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r6, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000240)=0x4)

18:12:35 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1695.299962][T16424] CPU: 1 PID: 16424 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1695.311643][T16424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1695.324578][T16424] Call Trace:
[ 1695.329181][T16424]  <TASK>
[ 1695.337622][T16424]  dump_stack_lvl+0xcd/0x134
[ 1695.344681][T16424]  should_fail.cold+0x5/0xa
[ 1695.351984][T16424]  prepare_alloc_pages+0x17b/0x570
[ 1695.360634][T16424]  __alloc_pages+0x12f/0x500
[ 1695.372880][T16424]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1695.382512][T16424]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1695.393994][T16424]  alloc_pages_vma+0xf3/0x7d0
[ 1695.402101][T16424]  shmem_alloc_page+0x11f/0x1f0
[ 1695.409976][T16424]  ? shmem_link+0x360/0x360
[ 1695.416285][T16424]  ? xas_start+0x157/0x730
[ 1695.423580][T16424]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1695.432555][T16424]  ? percpu_counter_add_batch+0xbd/0x180
[ 1695.440847][T16424]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1695.447060][T16424]  ? __vm_enough_memory+0x184/0x360
[ 1695.453445][T16424]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1695.460886][T16424]  shmem_getpage_gfp+0x643/0x22d0
[ 1695.468001][T16424]  ? shmem_is_huge+0x2f0/0x2f0
[ 1695.473902][T16424]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1695.481441][T16424]  ? shmem_fault+0x750/0x750
[ 1695.486136][T16424]  ? __kasan_kmalloc+0xa6/0xd0
[ 1695.494456][T16424]  drm_gem_get_pages+0x291/0x5d0
[ 1695.500618][T16424]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1695.508753][T16424]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1695.517105][T16424]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1695.526907][T16424]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1695.536680][T16424]  drm_gem_pin+0x64/0x90
[ 1695.544347][T16424]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1695.551524][T16424]  dma_buf_dynamic_attach+0x206/0xb40
[ 1695.557737][T16424]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1695.564529][T16424]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1695.570264][T16424]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1695.578795][T16424]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1695.585815][T16424]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1695.593012][T16424]  drm_ioctl_kernel+0x27d/0x4e0
[ 1695.598436][T16424]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1695.606668][T16424]  ? drm_setversion+0x8b0/0x8b0
[ 1695.614380][T16424]  drm_ioctl+0x51e/0x9d0
[ 1695.620713][T16424]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1695.629309][T16424]  ? drm_version+0x3d0/0x3d0
[ 1695.635203][T16424]  ? __fget_files+0x23d/0x3e0
[ 1695.640921][T16424]  ? security_file_ioctl+0x5c/0xb0
[ 1695.647728][T16424]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1695.654070][T16424]  ? drm_version+0x3d0/0x3d0
[ 1695.659190][T16424]  __x64_sys_ioctl+0x193/0x200
[ 1695.665141][T16424]  do_syscall_64+0x35/0xb0
[ 1695.670913][T16424]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1695.678179][T16424] RIP: 0033:0x7f2c65d45ae9
[ 1695.683613][T16424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1695.713275][T16424] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1695.722798][T16424] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1695.731242][T16424] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1695.740724][T16424] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1695.752220][T16424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1695.765141][T16424] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1695.774898][T16424]  </TASK>
[ 1695.786361][ T1356] ieee802154 phy0 wpan0: encryption failed: -22
[ 1695.793418][ T1356] ieee802154 phy1 wpan1: encryption failed: -22
18:12:36 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 7)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:36 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x477f000000000000, &(0x7f0000000000))

18:12:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f00000001c0)={&(0x7f0000000040)=[0x101, 0xfffffff9, 0xe768, 0x0, 0xfffff6e8, 0x7fffffff, 0xfffffffc, 0x1], &(0x7f0000000140)=[0x0, 0x0], 0x8, 0xaa2e, 0xb0b0b0b0})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r5=>r2}, './file0\x00'})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f00000008c0)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f0000000240)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1695.974107][T16438] FAULT_INJECTION: forcing a failure.
[ 1695.974107][T16438] name failslab, interval 1, probability 0, space 0, times 0
[ 1695.988809][T16438] CPU: 2 PID: 16438 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1695.997812][T16438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1696.007539][T16438] Call Trace:
[ 1696.010826][T16438]  <TASK>
[ 1696.013997][T16438]  dump_stack_lvl+0xcd/0x134
[ 1696.018511][T16438]  should_fail.cold+0x5/0xa
[ 1696.023130][T16438]  should_failslab+0x5/0x10
[ 1696.027826][T16438]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1696.033721][T16438]  dma_buf_dynamic_attach+0x6d8/0xb40
[ 1696.039278][T16438]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1696.045337][T16438]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1696.051723][T16438]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1696.058904][T16438]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1696.066134][T16438]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1696.072227][T16438]  drm_ioctl_kernel+0x27d/0x4e0
[ 1696.077412][T16438]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1696.084083][T16438]  ? drm_setversion+0x8b0/0x8b0
[ 1696.090214][T16438]  drm_ioctl+0x51e/0x9d0
[ 1696.095564][T16438]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1696.102740][T16438]  ? drm_version+0x3d0/0x3d0
[ 1696.107248][T16438]  ? __fget_files+0x23d/0x3e0
[ 1696.111945][T16438]  ? security_file_ioctl+0x5c/0xb0
[ 1696.117696][T16438]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
18:12:36 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1696.124680][T16438]  ? drm_version+0x3d0/0x3d0
[ 1696.132062][T16438]  __x64_sys_ioctl+0x193/0x200
[ 1696.137385][T16438]  do_syscall_64+0x35/0xb0
[ 1696.142031][T16438]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1696.149236][T16438] RIP: 0033:0x7f2c65d45ae9
[ 1696.154680][T16438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1696.177393][T16438] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1696.187463][T16438] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1696.196227][T16438] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1696.204139][T16438] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1696.212082][T16438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1696.220015][T16438] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1696.227886][T16438]  </TASK>
18:12:37 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x507f000000000000, &(0x7f0000000000))

18:12:37 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 8)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1696.572774][T16454] FAULT_INJECTION: forcing a failure.
[ 1696.572774][T16454] name failslab, interval 1, probability 0, space 0, times 0
18:12:37 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = syz_mount_image$v7(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x100000000, 0x2, &(0x7f0000000340)=[{&(0x7f00000001c0)="b6bfa0e64de9b23e107205d2260025f25030bfc9adf29551f84854dc3da2ef701b8f1f9b2b870dcf9ba5ec5c775ce2156fff0d4aa494e5f64f7bf86c60b9acfcc57e8052e20fa87f154ca95139b06aa5b99ffa75c380a832ebfed5435292bb", 0x5f, 0x5}, {&(0x7f0000000240)="188dec60e2265bc00795fcadc0869553eecfae65acd7771426503d8805259cd9dff1bd7de8f6ff217ad0fad95801c9c2d8eea7b8007ee0c39093c6fb395655d4c85065d50ca4d13692dad4d733731084b596d4c54a76ac8b789391790e91e274ff5d77db9d39ae7827afdbd59b3d92c525a03f45ac12761749330925653f0ddea33d8bf357cf4af114b454304283c1d80fe7465c26a8f8d9dc128394c36222721d66d3bbe858563db1d9fe3afae8d91967a9c67b597c21c8904ee12a174e4734f6cc1035cf38f261e19ea449c2e1", 0xce, 0x5}], 0xc8011, &(0x7f0000000500)=ANY=[@ANYBLOB="2f6465762f6472692f6361726423002c40232ce677402f6465762f6472692f6361726423002c6d61736b3d4d41595f524541442c736d61636b66736465663d2f6465762f6472692f6361726423002c736d61636b6673666c6f6f723d5c2e182fc4402c666f776e65723e1619602544f99941d41b3f250bbf558b1f4ac991595bbad087dcb0bfcafae744c9cb8d9fddbb6d0df22dca322fa31c241405917e835e5839ce80e658c84ce601d2628dcfdbfe9dffccda84aa5cbd3db4acca0a91250f40aadc3554ab713110960c62b8af6fe15e68f081b2dd220643", @ANYRESDEC=0x0, @ANYBLOB=',appraise,fsmagic=0x0000000000000008,\x00'])
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x8)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r6=>0x0})
unlinkat(r2, &(0x7f0000000380)='./file0\x00', 0x200)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000001a00)={0x2a2, 0x8, 0xb7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r5, 0xc00464b4, &(0x7f00000008c0)={r6})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000440)={r6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(r3)
preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000640)=""/187, 0xbb}, {&(0x7f00000003c0)=""/99, 0x63}, {&(0x7f0000000700)=""/76, 0x4c}, {&(0x7f0000000480)=""/37, 0x25}, {&(0x7f0000000780)=""/167, 0xa7}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000001900)=""/209, 0xd1}], 0x7, 0xffff0001, 0x6)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1696.593046][T16454] CPU: 1 PID: 16454 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1696.604628][T16454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1696.622849][T16456] loop0: detected capacity change from 0 to 264192
[ 1696.628232][T16454] Call Trace:
[ 1696.628247][T16454]  <TASK>
[ 1696.628258][T16454]  dump_stack_lvl+0xcd/0x134
[ 1696.628297][T16454]  should_fail.cold+0x5/0xa
[ 1696.628325][T16454]  should_failslab+0x5/0x10
[ 1696.663039][T16454]  kmem_cache_alloc+0x5d/0x560
[ 1696.668647][T16454]  xas_alloc+0x330/0x440
[ 1696.674157][T16454]  xas_create+0x56a/0x1070
[ 1696.679076][T16454]  xas_create_range+0x246/0x6e0
[ 1696.685135][T16454]  shmem_add_to_page_cache+0xbf2/0x15d0
[ 1696.693023][T16454]  ? percpu_counter_add_batch+0xbd/0x180
[ 1696.699567][T16454]  ? shmem_unused_huge_scan+0xb0/0xb0
[ 1696.705018][T16454]  ? shmem_alloc_and_acct_page+0x33a/0x8c0
[ 1696.710957][T16454]  shmem_getpage_gfp+0x838/0x22d0
[ 1696.715810][T16454]  ? shmem_is_huge+0x2f0/0x2f0
[ 1696.720384][T16454]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1696.726214][T16454]  ? shmem_fault+0x750/0x750
[ 1696.730967][T16454]  ? __kasan_kmalloc+0xa6/0xd0
[ 1696.735877][T16454]  drm_gem_get_pages+0x291/0x5d0
[ 1696.740814][T16454]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1696.746222][T16454]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1696.751746][T16454]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1696.757071][T16454]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1696.762920][T16454]  drm_gem_pin+0x64/0x90
[ 1696.767147][T16454]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1696.772767][T16454]  dma_buf_dynamic_attach+0x206/0xb40
[ 1696.778197][T16454]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1696.784073][T16454]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1696.789989][T16454]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1696.796134][T16454]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1696.801875][T16454]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1696.807856][T16454]  drm_ioctl_kernel+0x27d/0x4e0
[ 1696.812788][T16454]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1696.818870][T16454]  ? drm_setversion+0x8b0/0x8b0
[ 1696.823690][T16454]  drm_ioctl+0x51e/0x9d0
[ 1696.828230][T16454]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1696.835523][T16454]  ? drm_version+0x3d0/0x3d0
[ 1696.840187][T16454]  ? __fget_files+0x23d/0x3e0
[ 1696.845030][T16454]  ? security_file_ioctl+0x5c/0xb0
[ 1696.850343][T16454]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1696.857585][T16454]  ? drm_version+0x3d0/0x3d0
[ 1696.864310][T16454]  __x64_sys_ioctl+0x193/0x200
[ 1696.869985][T16454]  do_syscall_64+0x35/0xb0
[ 1696.874870][T16454]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1696.886438][T16454] RIP: 0033:0x7f2c65d45ae9
[ 1696.891843][T16454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1696.917557][T16454] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1696.938046][T16454] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1696.949407][T16454] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1696.962797][T16454] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1696.975133][T16454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1696.989621][T16454] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1696.997997][T16454]  </TASK>
[ 1697.053292][T16458] loop0: detected capacity change from 0 to 264192
18:12:37 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 9)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1697.142310][T16461] FAULT_INJECTION: forcing a failure.
[ 1697.142310][T16461] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1697.158564][T16461] CPU: 0 PID: 16461 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1697.168419][T16461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1697.178915][T16461] Call Trace:
[ 1697.182625][T16461]  <TASK>
[ 1697.185626][T16461]  dump_stack_lvl+0xcd/0x134
[ 1697.191202][T16461]  should_fail.cold+0x5/0xa
[ 1697.196065][T16461]  prepare_alloc_pages+0x17b/0x570
[ 1697.201612][T16461]  __alloc_pages+0x12f/0x500
[ 1697.207372][T16461]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1697.214675][T16461]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1697.221591][T16461]  alloc_pages_vma+0xf3/0x7d0
[ 1697.226859][T16461]  shmem_alloc_page+0x11f/0x1f0
[ 1697.231997][T16461]  ? shmem_link+0x360/0x360
[ 1697.238471][T16461]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1697.245531][T16461]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1697.251992][T16461]  ? percpu_counter_add_batch+0xbd/0x180
[ 1697.258746][T16461]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1697.266499][T16461]  ? __vm_enough_memory+0x184/0x360
[ 1697.279195][T16461]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1697.285758][T16461]  shmem_getpage_gfp+0x643/0x22d0
[ 1697.294766][T16461]  ? shmem_is_huge+0x2f0/0x2f0
[ 1697.300136][T16461]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1697.306812][T16461]  ? shmem_fault+0x750/0x750
[ 1697.315860][T16461]  ? __kasan_kmalloc+0xa6/0xd0
[ 1697.320683][T16461]  drm_gem_get_pages+0x291/0x5d0
[ 1697.326411][T16461]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1697.333071][T16461]  ? mutex_lock_io_nested+0x1150/0x1150
18:12:37 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x517f000000000000, &(0x7f0000000000))

18:12:37 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x101, 0x4, &(0x7f0000000500)=[{&(0x7f00000001c0)="7154043806c0e21750b73db68a52426488754a514b199d6a636d1827cc13387dc0231fab350cf624797a25f08b854b1dac1ae413029629272b83aae95318373bbe4e33e6630a73052c11f8e18d61e90083bd9377e5bd0de17c61a1e7523f180716631e53caac8f9f55f2528c41a51ba37fdd099bb52ad1ec2eeae9daaa95807278", 0x81, 0x2}, {&(0x7f0000000280)="4f9b8637b035f7aa6e1b2d5ac7bb348e088a883a0b63702617486f907e0b0856448141ff2c07f65622a68576e577f70cbdcce6b3d310ded6746b112cfa9ea5b55e7eb38d3d27e472acd7882b03ed306213f86b865b314dcb0b8b70895cfac11dcb19e0d6205485f136cb44e931daf6b272eb174012af6a8050795ef55ca6cf3ce7d7d07a316348b503f9826a95d78f3580c5db58a89f3d59cd01a2b930e01eff5a92b2ac6ce174973cfa5dc64e044967c6bf892214068b2999d05814a7febd", 0xbf, 0xf6f}, {&(0x7f0000000340)="fe743ea5b9959350f5a2523c483270dc337d5e72cc02d7ad0a017fa2c04d0a35d827b113b124cfbd482a075774d4bec0a3f10f2c34ae304467b96ac0035dcc5979b85b8dbb2d9f5d4f6860bb5a91b5e723c7f76559e1", 0x56, 0x6}, {&(0x7f00000003c0)="d5a137ae54d2492d7ae9b4ac72c2b10929fc99ba773e4c5a8dca778daf44058004665f644ec59a52191010622a9c8213d2e8feab6df8c33da97cc576a06cd2be7072834f322090f4bbd3ef5c99261c531b74595809017a6af3b0fdc1cf556e7bcbeacfd005daf6a4952e9221e49dfb3e90aae50fc8831d94a58670bd16ad01166330221c501f533f914def6dfbc73e3e67b9f280da56885359c23c3cb23347ed9b7fea3e3b812684cb08f1c07f5d58856ecb605b367afe", 0xb7, 0x10000}], 0x5, &(0x7f0000000580)={[{@noquota}], [{@smackfsdef={'smackfsdef', 0x3d, '/dev/dri/card#\x00'}}, {@uid_lt}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/dri/card#\x00'}}]})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x5, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1697.341640][T16461]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1697.354640][T16461]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1697.362130][T16461]  drm_gem_pin+0x64/0x90
[ 1697.367176][T16461]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1697.374022][T16461]  dma_buf_dynamic_attach+0x206/0xb40
[ 1697.381499][T16461]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1697.389218][T16461]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1697.395930][T16461]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1697.402839][T16461]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1697.410627][T16461]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1697.417389][T16461]  drm_ioctl_kernel+0x27d/0x4e0
[ 1697.423353][T16461]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1697.432003][T16461]  ? drm_setversion+0x8b0/0x8b0
[ 1697.439095][T16461]  drm_ioctl+0x51e/0x9d0
[ 1697.444393][T16461]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1697.453586][T16461]  ? drm_version+0x3d0/0x3d0
[ 1697.459451][T16461]  ? __fget_files+0x23d/0x3e0
[ 1697.465700][T16461]  ? security_file_ioctl+0x5c/0xb0
[ 1697.472860][T16461]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1697.480204][T16461]  ? drm_version+0x3d0/0x3d0
[ 1697.485499][T16461]  __x64_sys_ioctl+0x193/0x200
[ 1697.491383][T16461]  do_syscall_64+0x35/0xb0
[ 1697.496539][T16461]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1697.504136][T16461] RIP: 0033:0x7f2c65d45ae9
[ 1697.510593][T16461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1697.536272][T16461] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1697.549766][T16461] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1697.559699][T16461] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1697.571335][T16461] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1697.580438][T16461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1697.588196][T16461] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1697.597952][T16461]  </TASK>
[ 1697.692795][T16470] loop0: detected capacity change from 0 to 256
[ 1697.709380][T16470] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1697.720084][T16470] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
18:12:38 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 10)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1697.744439][T16473] FAULT_INJECTION: forcing a failure.
[ 1697.744439][T16473] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1697.750133][T16470] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1697.759889][T16473] CPU: 2 PID: 16473 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1697.772120][T16470] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[ 1697.782364][T16473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1697.782386][T16473] Call Trace:
[ 1697.782396][T16473]  <TASK>
[ 1697.782406][T16473]  dump_stack_lvl+0xcd/0x134
[ 1697.782441][T16473]  should_fail.cold+0x5/0xa
18:12:38 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1697.782466][T16473]  prepare_alloc_pages+0x17b/0x570
[ 1697.782528][T16473]  __alloc_pages+0x12f/0x500
[ 1697.782552][T16473]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1697.782587][T16473]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1697.782623][T16473]  alloc_pages_vma+0xf3/0x7d0
[ 1697.782659][T16473]  shmem_alloc_page+0x11f/0x1f0
[ 1697.782696][T16473]  ? shmem_link+0x360/0x360
[ 1697.782716][T16473]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1697.782748][T16473]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1697.782775][T16473]  ? percpu_counter_add_batch+0xbd/0x180
[ 1697.782807][T16473]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1697.782832][T16473]  ? __vm_enough_memory+0x184/0x360
[ 1697.782857][T16473]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1697.782882][T16473]  shmem_getpage_gfp+0x643/0x22d0
[ 1697.782906][T16473]  ? shmem_is_huge+0x2f0/0x2f0
[ 1697.782931][T16473]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1697.782959][T16473]  ? shmem_fault+0x750/0x750
[ 1697.782982][T16473]  ? __kasan_kmalloc+0xa6/0xd0
[ 1697.783008][T16473]  drm_gem_get_pages+0x291/0x5d0
[ 1697.943127][T16473]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1697.949803][T16473]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1697.957122][T16473]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1697.963284][T16473]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1697.970982][T16473]  drm_gem_pin+0x64/0x90
[ 1697.975589][T16473]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1697.981068][T16473]  dma_buf_dynamic_attach+0x206/0xb40
[ 1697.987149][T16473]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1697.993063][T16473]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1697.999140][T16473]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1698.004771][T16473]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1698.010618][T16473]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1698.017295][T16473]  drm_ioctl_kernel+0x27d/0x4e0
[ 1698.022719][T16473]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1698.028542][T16473]  ? drm_setversion+0x8b0/0x8b0
[ 1698.034028][T16473]  drm_ioctl+0x51e/0x9d0
[ 1698.039014][T16473]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1698.045098][T16473]  ? drm_version+0x3d0/0x3d0
[ 1698.049838][T16473]  ? __fget_files+0x23d/0x3e0
[ 1698.054368][T16473]  ? security_file_ioctl+0x5c/0xb0
[ 1698.059282][T16473]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1698.066283][T16473]  ? drm_version+0x3d0/0x3d0
[ 1698.072918][T16473]  __x64_sys_ioctl+0x193/0x200
[ 1698.078730][T16473]  do_syscall_64+0x35/0xb0
[ 1698.084347][T16473]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1698.092470][T16473] RIP: 0033:0x7f2c65d45ae9
[ 1698.098730][T16473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1698.125897][T16473] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1698.136077][T16473] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1698.146797][T16473] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1698.157038][T16473] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1698.166842][T16473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1698.177548][T16473] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1698.187817][T16473]  </TASK>
18:12:38 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 11)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1698.259454][T16480] FAULT_INJECTION: forcing a failure.
[ 1698.259454][T16480] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:38 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1698.278046][T16480] CPU: 2 PID: 16480 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1698.289405][T16480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1698.300163][T16480] Call Trace:
[ 1698.304810][T16480]  <TASK>
[ 1698.309253][T16480]  dump_stack_lvl+0xcd/0x134
[ 1698.315314][T16480]  should_fail.cold+0x5/0xa
[ 1698.321445][T16480]  prepare_alloc_pages+0x17b/0x570
[ 1698.328344][T16480]  __alloc_pages+0x12f/0x500
[ 1698.334885][T16480]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1698.344269][T16480]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1698.351500][T16480]  alloc_pages_vma+0xf3/0x7d0
[ 1698.358819][T16480]  shmem_alloc_page+0x11f/0x1f0
[ 1698.364839][T16480]  ? shmem_link+0x360/0x360
[ 1698.370601][T16480]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1698.378561][T16480]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1698.385861][T16480]  ? percpu_counter_add_batch+0xbd/0x180
[ 1698.392815][T16480]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1698.398751][T16480]  ? __vm_enough_memory+0x184/0x360
[ 1698.404191][T16480]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1698.410981][T16480]  shmem_getpage_gfp+0x643/0x22d0
[ 1698.416245][T16480]  ? shmem_is_huge+0x2f0/0x2f0
[ 1698.420911][T16480]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1698.427139][T16480]  ? shmem_fault+0x750/0x750
[ 1698.431751][T16480]  ? __kasan_kmalloc+0xa6/0xd0
[ 1698.436964][T16480]  drm_gem_get_pages+0x291/0x5d0
[ 1698.441753][T16480]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1698.448165][T16480]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1698.454840][T16480]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1698.460258][T16480]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1698.466866][T16480]  drm_gem_pin+0x64/0x90
[ 1698.472648][T16480]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1698.479239][T16480]  dma_buf_dynamic_attach+0x206/0xb40
[ 1698.485882][T16480]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1698.493310][T16480]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1698.499970][T16480]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1698.506975][T16480]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1698.514171][T16480]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1698.521476][T16480]  drm_ioctl_kernel+0x27d/0x4e0
[ 1698.527692][T16480]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1698.535331][T16480]  ? drm_setversion+0x8b0/0x8b0
[ 1698.541327][T16480]  drm_ioctl+0x51e/0x9d0
[ 1698.545260][T16480]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1698.550703][T16480]  ? drm_version+0x3d0/0x3d0
[ 1698.555092][T16480]  ? __fget_files+0x23d/0x3e0
[ 1698.559663][T16480]  ? security_file_ioctl+0x5c/0xb0
[ 1698.585322][T16480]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1698.592836][T16480]  ? drm_version+0x3d0/0x3d0
[ 1698.595964][    C3] vkms_vblank_simulate: vblank timer overrun
[ 1698.598995][T16480]  __x64_sys_ioctl+0x193/0x200
[ 1698.613470][T16480]  do_syscall_64+0x35/0xb0
[ 1698.619238][T16480]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1698.626739][T16480] RIP: 0033:0x7f2c65d45ae9
[ 1698.632273][T16480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1698.657670][T16480] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1698.667550][T16480] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1698.677500][T16480] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1698.686942][T16480] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1698.696437][T16480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1698.706213][T16480] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1698.716511][T16480]  </TASK>
18:12:39 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x527f000000000000, &(0x7f0000000000))

18:12:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 12)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:44 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:44 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x537f000000000000, &(0x7f0000000000))

18:12:44 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
sendto$inet(r0, &(0x7f00000001c0)="3e1c1b8c601c6601c159b15630f5c2a45b15737b9badb5723a5ea57099b9fda7beeb0456021f7ed9cdd0db0739b367cdaca8d9a3552c691e46bbb561675ad985f37c4c58633b163b1169ab9799dad27abe40042b0534b3f8cbb1074eb0abcf43e588bbf2dfb02b984bff55305bc52e12aa3d1bdfcfee797276b17ce474a2654d514055e1fcff799c59f3ad45ae22c4e0b03d826d3bcc714df7b97fdb4471df4ee16fbb93a6ad19145d5d67cf441c1bc4309d8537690c317f05ccae537dc5e3b26eecf848349828f6c1b2e0c23ab1c1a03a71c5e2c6cc518dbd51ab26e654cce2d879bc88e0b5a9950f91f8f7729faf07727a088a1ad26107", 0xf8, 0x4000041, &(0x7f0000000040)={0x2, 0x4e22, @multicast2}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1704.531879][T16493] FAULT_INJECTION: forcing a failure.
[ 1704.531879][T16493] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1704.547333][T16493] CPU: 1 PID: 16493 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1704.556221][T16493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1704.565867][T16493] Call Trace:
[ 1704.569054][T16493]  <TASK>
[ 1704.572125][T16493]  dump_stack_lvl+0xcd/0x134
[ 1704.576589][T16493]  should_fail.cold+0x5/0xa
[ 1704.581269][T16493]  prepare_alloc_pages+0x17b/0x570
[ 1704.586189][T16493]  __alloc_pages+0x12f/0x500
[ 1704.590611][T16493]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1704.597148][T16493]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1704.602416][T16493]  alloc_pages_vma+0xf3/0x7d0
[ 1704.609100][T16493]  shmem_alloc_page+0x11f/0x1f0
[ 1704.615458][T16493]  ? shmem_link+0x360/0x360
[ 1704.621122][T16493]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1704.628666][T16493]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1704.636238][T16493]  ? percpu_counter_add_batch+0xbd/0x180
[ 1704.643822][T16493]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1704.650976][T16493]  ? __vm_enough_memory+0x184/0x360
[ 1704.657262][T16493]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1704.664269][T16493]  shmem_getpage_gfp+0x643/0x22d0
[ 1704.670283][T16493]  ? shmem_is_huge+0x2f0/0x2f0
[ 1704.676194][T16493]  shmem_read_mapping_page_gfp+0xd3/0x170
18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x0, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x0, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1704.683582][T16493]  ? shmem_fault+0x750/0x750
[ 1704.689533][T16493]  ? __kasan_kmalloc+0xa6/0xd0
[ 1704.695231][T16493]  drm_gem_get_pages+0x291/0x5d0
[ 1704.701276][T16493]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1704.708389][T16493]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1704.715613][T16493]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1704.721982][T16493]  ? drm_gem_shmem_get_pages+0x250/0x250
18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x0, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1704.728782][T16493]  drm_gem_pin+0x64/0x90
[ 1704.734898][T16493]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1704.742029][T16493]  dma_buf_dynamic_attach+0x206/0xb40
[ 1704.748845][T16493]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1704.756219][T16493]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1704.762914][T16493]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1704.770502][T16493]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1704.778151][T16493]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1704.787095][T16493]  drm_ioctl_kernel+0x27d/0x4e0
[ 1704.793299][T16493]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1704.802241][T16493]  ? drm_setversion+0x8b0/0x8b0
[ 1704.808455][T16493]  drm_ioctl+0x51e/0x9d0
[ 1704.813648][T16493]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1704.823489][T16493]  ? drm_version+0x3d0/0x3d0
[ 1704.829580][T16493]  ? __fget_files+0x23d/0x3e0
[ 1704.835830][T16493]  ? security_file_ioctl+0x5c/0xb0
[ 1704.844178][T16493]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1704.852337][T16493]  ? drm_version+0x3d0/0x3d0
[ 1704.858532][T16493]  __x64_sys_ioctl+0x193/0x200
[ 1704.864178][T16493]  do_syscall_64+0x35/0xb0
[ 1704.869815][T16493]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1704.877122][T16493] RIP: 0033:0x7f2c65d45ae9
[ 1704.883195][T16493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1704.910256][T16493] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1704.920746][T16493] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1704.930324][T16493] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1704.941994][T16493] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1704.952611][T16493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1704.962309][T16493] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1704.972123][T16493]  </TASK>
18:12:45 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x547f000000000000, &(0x7f0000000000))

18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x0, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 13)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:45 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_ADDFB2(r5, 0xc06864b8, &(0x7f0000000200)={0x3ff, 0x80000001, 0x1, 0x6, 0x3, [0x2, 0x9, 0x4, 0xa8cc], [0xff, 0x5, 0x1, 0x1f], [0x7, 0x10001, 0x5, 0x2], [0x6ad, 0x7, 0x200, 0x1]})
close(r2)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r1, 0xc01064b3, &(0x7f0000000040)={r7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
ioctl$DRM_IOCTL_GET_CAP(r6, 0xc010640c, &(0x7f0000000140)={0x3})

[ 1705.120855][T16513] FAULT_INJECTION: forcing a failure.
[ 1705.120855][T16513] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x0, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1705.142428][T16513] CPU: 0 PID: 16513 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1705.156005][T16513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1705.172205][T16513] Call Trace:
[ 1705.177506][T16513]  <TASK>
[ 1705.180967][T16513]  dump_stack_lvl+0xcd/0x134
[ 1705.187476][T16513]  should_fail.cold+0x5/0xa
18:12:45 executing program 0:
r0 = syz_mount_image$bfs(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x8, 0x5, &(0x7f0000000380)=[{&(0x7f00000001c0)="6af855e89cf1222971759c67ae9344fdb899b73303f9542d3190ef1a14ea5ea35729146bdd6dd5", 0x27, 0x75c}, {&(0x7f0000000200)="cfe38f19bf2293d71ab61107b3538e34f8d5cbfeafdc10cdf5a74821addaed27aa114c2a2c820438dd1674c60f27cb2294589011bff3ac27f97dae34b6a20a1ed237b96d889b54e91c3ce6b2e885d6c02663d4230ee6e368b9af2658e4ba304dc7d6d14bf21e9265cf83803941c6425ee265aaf1c79f4c9dd7f8d6b2a38141adf5784c3351aba4631ebba15a73f06bc0ad4c87b8bf071a78ba10314facb7fd7fe919a6a33b20e11e56f07877f22b7045980040bcdaeeb763e1e04f6ae8", 0xbd, 0x90}, {&(0x7f00000002c0)="057913b255b7a163e34b4d7e3d3631fd851d8356404312e4ea2cbdda03dd45924b37c90043a552c45287cdb1888399e942ba0e18690f81929eb022b643d206d12901d023c3e7292b0b8cd0e1976399fb8bf634096b3ac72ea7fbc81ec883c79c248650c3775a7ada5145c924", 0x6c, 0x3}, {&(0x7f0000000340)="6845a5c5a95d2a9170d83a728108455253d2711ed60c39e6836764f1953944a55591621a3b864e4912a788bd354aa6467cbc208dd7541dbb43f02f7d44", 0x3d, 0xffffffffffffffff}, {&(0x7f0000000500)="05657a0b140131ae929d0c9e85a1462f364c12783461736f0a291fd56b55ccbea474aa49d37424a41f20c651fb2085d04532300e95d4d455703926baca33312646a95729712ad18f5ec39be6462f7699e3bdf58a41d0ee466dc840c6ef127c8af814be9d6a27760fd1a71689fbdab56b6dfe704fd47d8e425db4ab09dbbd904520875b9e4fa0a3ef1ecc9e6313c6cb9a6ba6f2f25e67a088186d6dec2fd600b6843aa396635075ba131e8ffd360b4bee989f50b0bbbaa6f00d9922b8720b9f7892eafcfc283bc8ce9268e3587d30046800873efd4d461006b272f1223e3e836794db1c769c2787846c53fbb75d45b5a96f7e2315115664ce03404d8e9e6afb7afeff2f086d1cb2817d5ff50bb3e4d3aad69abe0a1dd3f5ded68b1bbbd33c43504d0984cce5bdfcc7592765068854dba37fcbd77f6de25b080dd8cfeda9dfdab51e0d08015987f267bb40bca6f30bf97485290f011b39c91d2c35bb7198eab0b746d93641be927b93a98c83e2206203e84aa56145552a2f91878bb747d8a891b3ea561816f2109e7060b4a42381cee8008bb8889b5a2a8f5b53ffaceecdfb45083a146bf9f6f0d4a5012c1fc2a3d039e402d1b8e0cc944efad79774d04149ef351a5579538d004cf228d69a665ec4cff200609b8580c1240a88a0814d68fec2a319233d82cf54183a078295b50a68698ff364bcb3d93623127ba05c66f124735da4389dec99d9f288545404c4e819444cbfc724717c0d7d8a76bac73bb1798e30d5670b97449055fd2329dfed2cf2134f8a348ceb30d752350bfe7df768a38f61f2c8de7f072b18a5ae53558c0e37b72fd3da50f931d7cb7346522d9152d3c0ffdaff3423034ce85cbb38d34113df19e70459516aa3310286bcc962ef37ed20a75cf5ef34ba79cf4eb14eddb3685d78d7e61b65adebc7660ea9876e6f56b3f42fa9e2e2fac62cb9ed1eeee5f31d449429c6309facc9e536426d42f20ed5205b32f8c06f230743a41fa1ed2170abf6b45d348ba44ed11c42aaa6d4e07523ee0af07a5bfeeb2524b142d72603941433982e4a0c159cea6fdc31a7746fc48b0b1eeec996fb20044ef036310b9e93723c130bfcf5e858a63fcaff22770c76d08791d737bcc44dac44dc0ff35913456cb5e28eb7146459dd5597076f144c1e2cb059a72ba6aa2813b75bbe8906b5da3c1e4cffe015deefd56bf91be6fce1f3f609b2b62f02e2be15e45948d23c5de176257e9699980a52f7f82bbfe8d7f4a77d573067f0882537279ff95bad22cfea4313909f7234745c171582dc27813b8793431397e4ef1dbf34dd2e214e652d627b50277a58b8e3fd349049e522d9607eddcdfcdb02fc725d3f4578e0cef1241270d808a5d85a06c44e36d42cab5935f9183ca99fb44da2975e6f8ca35e4bf761440cee95a802f75916b48004428414d18f593bd343b6050c8cbe14de5dc6371295c5ef20c08277c7b55249c8cea5dbdfdc61722e6176487659f331f3d6bcdd6b3b9f799137d341450ed14f64af74a77b442e59fbb2f59634adf58f9f8905ca5686963f4c0be75a835f36cad75fe56da7ffaf7bf0377e0277c8c8f34e70eac0ca0c3b56727e53745fcc936ecf039a770e5a045653fea42f4fe34cf54ee8c7c5209990a7ba9b7d73560e7ad5045a2a19388dd375826850b37b872fbb31307c0e49be4b72e67135e84e96005174747cf780363b50027a8cdce64a1cec051ef61a735df7b500345466158f42cc35a930e05cff9180659ac78ec03e1d85867a880d9e57911490ba19fb8d5ec57d352acdba4e14383b98778bfdbe85cfa29ef22778321624830104e263cff1c30181214fd50c33f0f7e8e12fa67e0a5972ebb6ef1686d591bea7b905c51a929b9dd8c7b6320159458ff3ed36bf676abf13278ab309bcaedc5da307c89281a38a263614f9ca5561a48409e306085ed24f6cfce2fd78dfe412bb77e520d6a9b793c815c57c6191519e128d2e43a120a4a8a2622916dfe3c43d930e6863fd0da47a54656335e5f1d1f237d26045a6870e6a385e0b10055656d9d35598474088e6814ba12d117004537101a1e954f3fd32ef4923b0d25d6da6b4d2ea9a84dfd3de76dcd4dc129d98cb8d5fa5885a8b8eb5889e7957791b24709031f39a0e23a5d5c0faac08b60fa0e16b28f87fd7d8306a8de6cc9b5830359f3cb393515b89314ecfb5c47853a656ff120086fe7640a2156aa3cf73466246e53c96cf42e7f3f4b5df851d44ece92fc37f3073f55b9d24891e3ffc23bf18760e48db38f6e58fd51ceac456ab9f849915eab0a0590dd41e3fb86984fd4b0c5f1b50c5458c5acebdb11b173ba1bedc554156401cee2e972f9ce9869ed2a3e89c30cb3049607088aff1f30c52d6d09123121d384504fe97ab033419de6a2d8b6c87103f43babbc905bdd841984479b70405d1ca0bd39bbf0951dacfbb8beedb7d40a9e380f55db3bf91a1be4cbe28e1b871fd08d18ecad3c220d4c4c59ca13337297247fa22fcb09a098a8df8a471b1a9f8e51399444d8aaad590f12a2916ffceeb54519a2e67256f30bb015b4893d96671f03e2d202d42d34e3ad4d4bb92c7034db51334da648bd0e5e19f4d0053a362d766a23097d1a732113a66ffa6518a40c0d70feb8cf0e9fbe9075469cadd0e2caf49e153c3f3a315a5be88b77e24d19abe99ecb583bcddc6e1413a8ad3d2583f501339a67432d9d9162307ce2ab844b2e700fefa22b44829cb3ac14d5504a541e2c0bf1d7f20d7f26f051b9705df8c400070c1400d967f3b352a6b2dd73483ec100c1a224ac21a9b542ad52496bd599b16c149b02baa44769c19f09538ed7f2d1b523612c3967d57673303e7639d0ca5f5050b70348cd7783d743927fa829304296045a840c983be0442e99908a9c70783cb3aace084d6712c20311e3b991b533fedf63bee2165585e79dfb22da600801b44dad9b2ff0021492a0fb0e7582b9290ac5a9b8f66f34159835bf7c61b7813f308593c3fba777df20be76fb6b5f26bace9d08fc265205489d0d3efc2fa13ad6862dc32ae4c24f1e45b83000a247ad1adbe1fea2bc45ff2308511add036183e7ce7e27b8e68278eb99b414bba13e708321773f356bfd9d2470a36e40c6d7bb38abdf9b6030ff5f3dc335bc6368979a22bb1111a4ee2b5bff39eae6878e3949e3dd651a67d187fcbb76c6576e273129bf257dd37dec2dae15f22b7c2392089b0f94b9c97824b466f4b7385dab8f4c11ec32e4a106fcc37dbac5652a35585ee1b1569a4ff6309ce409745da2d13bfaecdd84dd60e479f8e274bfbdcbd0c17165cfc226deb98a2e0f6fa1cc69dda0e5f727d231569a385c221f50eefab521b8f5405d8a77d983f00fccce67b006878c570f806a29d89ca654c0de4361086b683ddc0fd83fef7e8d450108a2b1b829b61859ea790fd5ff020722cb82f3e93d127c786c0f3f94fb79545d4d0d211017399f0a41e18794c359a38c9209be79d4454a7e04203ffe33fbbc2d99b7400c21a992afc6b10bca9a6249ab265ead9ea0824373b186694d72ba897012e29823bd122e4b1767cc6d956f295efbe3a902f2725fa9bf151ffec27eca51b21700dc7df626c71b8691cb7593eb674660b8aba4435c28f856f58a6ef076d05178429d8d872fe272f8beec17da5236b6c6a70ea6c5bc48e22fd02b88b162b413b9114aa8c4432ae3234308216f9472afd04293be7b45577899449f57bfe00952e36ea2de51fb9b54a80e7461cfe053eb58084a92f80483b32b382225f3b916d3f0271a9a209c3cbb639721f5c4132caef3d58c2831b7cc9788042fc60116a9d3c691797bf63b874e15b826043f8eec82fc7982d79868cf8fe5a5734c4b38d44b08f519c8fb00191b1d1c56503934493ad8b36fbd5c8028dd99dbf09ce9808f53566f5fd65dad1f55a029259371ed91c12dbfab8540f9ecb94f20b2e00e5ab31300af5a4162f58120ee4a7bec5fa34b052057d7a4292ec296a6f6c2bac4d1beacf2d421433e76073a0a0bd3a5caffb0cb380fd0c6c77b0d479d5090741495c8fd0e34ce3fd084e1c6c5adcc5936d764df8fecb35343c3e7d4bcab77cc98545bbafd8bc1efc067783c29903152d56aa56e7d28b6f1c0035225949e4f1155d964b19e3934458fc59961241fa22b187868d4afd0f89c0fe05e638a2d21400533b4f908d186721f599a0dee123c8bf8107798de7bc32261369901b5ff4c1613fc4d5442f2f11f2e97f939a9ce3229910c0717ac11607206d70ff14afc8ae3954a3cebec80dd25c5a66aa1ed6fdb02a41c5c12573fac6252c6191e8545249ee7cf2aaee23dd6e5144b4bde30e3f40c939aecccc17a83af8be109a150ec8e67988d4cf2453c798146d8f583a2718135047ff80d5a9184a396a2279da3477e8e3f3b0293536bbce2f512827513faf5ffad7381bca60127409f7a33f6d6b4604b1388897be06c6aa97a0adf7e7678110ba7ffaabc73a920054be95fdf21b40f21d9b5bc2da10aa63e21b2864ae480b619638c802b58ace009f1d8b7b9415fa8639dcc8c21f5ea89bcdf2ad381b6924e80e487d3953b9c8ff1b766d223527d79ec6bf1636af7715a152e0c9b31003a510c0677e7a55c8d95f913b25b1461dbe435d2a7e0074ec6bb810e339273886cf25ef6c1e930c178b91eed923df2a61d35dc295de012b3d0ab92adda142ed6ab59542dc452271875156f5de3db2173b4303f3567d5f5b1eb437eafa4fc16cda74cc7abd1b815b5b4e9d6117fa69f6fa31e7ab593d34e6caa77d250b5f7d7c6c8eaf06bd0fc20530ee10dece1cbd195c6eaf45a6086825bf0429a36109b224152a0cffe5e9da9c3b80083d84ca176654932e5dd56acad8094fc5e8b532359db0569ca119a70e42d81d16da92f0a13ab7504caaf2c798e6016ecb08ee39f7d570da8df3af29c1c1ea94dcd80b70f802d2e5ee6e53042d1110d8c50593fa30bc383d05f47116fd093ae731a2870222fcf4f4ba6d56b2975de90c315bead138f341406fcbe4b8c8fe84752bb615ca71c90a9bd0792bbbaf20247eac86877a02c04e2993dec90e6be8e76f31cc936dbda1e22c17d507b28951a19844407471d84efa5edc14b4c8f8207126d4a55bf964713588ad211e8cda4a682eabf7c7c1193ff3aa5b28711a63a8e091ccaa869c48d2ceb57d2cf967fee6e29e4055928b00cc599d37e8f372d57fcdfafde8b4fc1ec1ecfba494d3b50e2e64d39576ccdd053f7f67e4765c563f73f153882f0b2e0c6a159839905242dd44fea64c6703ba41e0e9174a23e30e92f8f97577c3ac2da6621c758cc67c46e8c787952b7d8603586083e29f6e69fecb68a3102c839a90ed4bfd2b5ba05033f10eb39ec94ccbecb16b07568bf2355967222beaac4ee765654deec7794b93a6d727a620431e644de5daedf3a918f7640f69e9239a23f4aaaf2a98edf053f500bee2fe89c21295477dc047f2ec7e548108522b002a7f6626b8f50d3ebb0792b53de58b2a36b8de8231eb405b781a3fb298f2d5fa1c851ba7ec7a13516cf1077246a0b299bca94bc98ab38864f85a711bd9853739931f9244a23c0f5c918e6652cdf43405e4f7377569f935b97662b05410697c0135ac7035d3ff7066133db3913c0a1b6e79938f88aa78f8c49ff79f15480e330e841b84c1d49e4f995cf02c4b3352fd2319d9cd5e52bb8d287472af57e2244890d2b0489e69acf4b24075d833d7d4b869f9e1b5cf2d9da29acd74485f75c92bca795c3c6c2768bb54017ebace3f6990f7f39a88de3bd6287b", 0x1000, 0xfa}], 0x2, &(0x7f0000001500)={[{'/dev/dri/card#\x00'}, {'/dev/dri/card#\x00'}], [{@smackfsdef={'smackfsdef', 0x3d, '])*%:0)..'}}, {@uid_lt={'uid<', 0xee01}}, {@obj_type={'obj_type', 0x3d, '/dev/dri/card#\x00'}}, {@appraise_type}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@euid_gt={'euid>', 0xee01}}, {@obj_role={'obj_role', 0x3d, '.'}}, {@defcontext={'defcontext', 0x3d, 'root'}}]})
r1 = openat(r0, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x8)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r1})

[ 1705.192608][T16513]  prepare_alloc_pages+0x17b/0x570
[ 1705.200665][T16513]  __alloc_pages+0x12f/0x500
[ 1705.205122][T16513]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1705.211807][T16513]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1705.217747][T16513]  alloc_pages_vma+0xf3/0x7d0
[ 1705.222747][T16513]  shmem_alloc_page+0x11f/0x1f0
[ 1705.225905][T16518] loop0: detected capacity change from 0 to 16383
[ 1705.228923][T16513]  ? shmem_link+0x360/0x360
[ 1705.240527][T16513]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x0, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1705.247368][T16513]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1705.255141][T16513]  ? percpu_counter_add_batch+0xbd/0x180
[ 1705.262543][T16513]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1705.265960][T16518] BFS-fs: bfs_fill_super(): No BFS filesystem on loop0 (magic=05000000)
[ 1705.269593][T16513]  ? __vm_enough_memory+0x184/0x360
[ 1705.285072][T16513]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1705.291792][T16513]  shmem_getpage_gfp+0x643/0x22d0
[ 1705.297933][T16513]  ? shmem_is_huge+0x2f0/0x2f0
[ 1705.304533][T16513]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1705.312556][T16513]  ? shmem_fault+0x750/0x750
[ 1705.318355][T16513]  ? __kasan_kmalloc+0xa6/0xd0
[ 1705.324403][T16513]  drm_gem_get_pages+0x291/0x5d0
[ 1705.330418][T16513]  ? drm_gem_dma_resv_wait+0x220/0x220
18:12:45 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0x0, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1705.336905][T16513]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1705.343920][T16513]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1705.349761][T16513]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1705.355134][T16513]  drm_gem_pin+0x64/0x90
[ 1705.359431][T16513]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1705.365562][T16513]  dma_buf_dynamic_attach+0x206/0xb40
[ 1705.371039][T16513]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1705.377189][T16513]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1705.382542][T16513]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1705.388827][T16513]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1705.394367][T16513]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1705.399970][T16513]  drm_ioctl_kernel+0x27d/0x4e0
[ 1705.404882][T16513]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1705.411381][T16513]  ? drm_setversion+0x8b0/0x8b0
[ 1705.416424][T16513]  drm_ioctl+0x51e/0x9d0
[ 1705.420645][T16513]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1705.426774][T16513]  ? drm_version+0x3d0/0x3d0
[ 1705.431199][T16513]  ? __fget_files+0x23d/0x3e0
[ 1705.435847][T16513]  ? security_file_ioctl+0x5c/0xb0
[ 1705.441287][T16513]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1705.447923][T16513]  ? drm_version+0x3d0/0x3d0
[ 1705.452562][T16513]  __x64_sys_ioctl+0x193/0x200
[ 1705.458179][T16513]  do_syscall_64+0x35/0xb0
[ 1705.463335][T16513]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1705.470296][T16513] RIP: 0033:0x7f2c65d45ae9
[ 1705.475786][T16513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1705.497222][T16513] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1705.505852][T16513] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1705.513707][T16513] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1705.521642][T16513] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1705.529476][T16513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1705.537206][T16513] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1705.545112][T16513]  </TASK>
18:12:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 14)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:46 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0x0, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1705.611384][T16518] loop0: detected capacity change from 0 to 16383
[ 1705.639642][T16518] BFS-fs: bfs_fill_super(): No BFS filesystem on loop0 (magic=05000000)
18:12:46 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x557f000000000000, &(0x7f0000000000))

18:12:46 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0x0, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1705.657835][T16527] FAULT_INJECTION: forcing a failure.
[ 1705.657835][T16527] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1705.674979][T16527] CPU: 2 PID: 16527 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1705.686405][T16527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1705.697298][T16527] Call Trace:
[ 1705.700798][T16527]  <TASK>
[ 1705.703772][T16527]  dump_stack_lvl+0xcd/0x134
[ 1705.708247][T16527]  should_fail.cold+0x5/0xa
[ 1705.712716][T16527]  prepare_alloc_pages+0x17b/0x570
[ 1705.717781][T16527]  __alloc_pages+0x12f/0x500
[ 1705.722559][T16527]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1705.729556][T16527]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1705.737325][T16527]  alloc_pages_vma+0xf3/0x7d0
[ 1705.742591][T16527]  shmem_alloc_page+0x11f/0x1f0
[ 1705.747680][T16527]  ? shmem_link+0x360/0x360
[ 1705.753074][T16527]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1705.759684][T16527]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1705.766469][T16527]  ? percpu_counter_add_batch+0xbd/0x180
[ 1705.772248][T16527]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1705.778390][T16527]  ? __vm_enough_memory+0x184/0x360
[ 1705.784952][T16527]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1705.791302][T16527]  shmem_getpage_gfp+0x643/0x22d0
[ 1705.796551][T16527]  ? shmem_is_huge+0x2f0/0x2f0
[ 1705.801902][T16527]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1705.808199][T16527]  ? shmem_fault+0x750/0x750
[ 1705.812883][T16527]  ? __kasan_kmalloc+0xa6/0xd0
[ 1705.817536][T16527]  drm_gem_get_pages+0x291/0x5d0
[ 1705.823724][T16527]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1705.830222][T16527]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1705.837107][T16527]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1705.842674][T16527]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1705.848596][T16527]  drm_gem_pin+0x64/0x90
[ 1705.852870][T16527]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1705.858113][T16527]  dma_buf_dynamic_attach+0x206/0xb40
[ 1705.863608][T16527]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1705.869724][T16527]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1705.874934][T16527]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1705.880656][T16527]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1705.886096][T16527]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1705.891584][T16527]  drm_ioctl_kernel+0x27d/0x4e0
[ 1705.896284][T16527]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1705.901986][T16527]  ? drm_setversion+0x8b0/0x8b0
[ 1705.907017][T16527]  drm_ioctl+0x51e/0x9d0
[ 1705.911334][T16527]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1705.917373][T16527]  ? drm_version+0x3d0/0x3d0
[ 1705.921977][T16527]  ? __fget_files+0x23d/0x3e0
[ 1705.926825][T16527]  ? security_file_ioctl+0x5c/0xb0
[ 1705.932346][T16527]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1705.938913][T16527]  ? drm_version+0x3d0/0x3d0
[ 1705.943674][T16527]  __x64_sys_ioctl+0x193/0x200
[ 1705.948414][T16527]  do_syscall_64+0x35/0xb0
[ 1705.952912][T16527]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1705.958554][T16527] RIP: 0033:0x7f2c65d45ae9
[ 1705.962821][T16527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1705.982011][T16527] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1705.990395][T16527] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1705.998111][T16527] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1706.005902][T16527] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1706.014605][T16527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1706.022330][T16527] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1706.031416][T16527]  </TASK>
[ 1706.039496][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:47 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x567f000000000000, &(0x7f0000000000))

18:12:47 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000140)=0x3ff, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
shutdown(r5, 0x0)
close(r2)
pwrite64(r5, &(0x7f00000001c0)="1209ffbb93634f1d514e31e73ab5d9260a158c9374ed43946e4ef3396d5e2fd32dbb585452fd72b200262de510efe91e53162515ed2eb8c6ccf327781883bcf8ad7a67312fbe634b72a2b974074e6a42aaf0d73c45beb825027eab099a5dd4aca2fe995e3a66008e6d2a78880f454423b8dacf52f964fe5fa06f4ae884e5e2c733f9132c8c01d9d6ac437663d090c4614554358683faa5e74d1878a6c3a45d698024eb35de847ce09d273bbdf9f92376bba1228acf900fe5ed8b4f0949fc8401e204f1607cd86fcc31918357755627c9aede256c86880e8b0e5725bd74", 0xdd, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r3, 0xf504, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 15)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:47 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1707.223744][T16539] FAULT_INJECTION: forcing a failure.
[ 1707.223744][T16539] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1707.241773][T16539] CPU: 0 PID: 16539 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
18:12:47 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1707.250690][T16539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1707.262957][T16539] Call Trace:
[ 1707.266417][T16539]  <TASK>
[ 1707.269446][T16539]  dump_stack_lvl+0xcd/0x134
[ 1707.274372][T16539]  should_fail.cold+0x5/0xa
[ 1707.278922][T16539]  prepare_alloc_pages+0x17b/0x570
[ 1707.285143][T16539]  __alloc_pages+0x12f/0x500
[ 1707.290285][T16539]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1707.298618][T16539]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1707.304948][T16539]  alloc_pages_vma+0xf3/0x7d0
[ 1707.310858][T16539]  shmem_alloc_page+0x11f/0x1f0
[ 1707.317254][T16539]  ? shmem_link+0x360/0x360
[ 1707.322860][T16539]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1707.329892][T16539]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1707.336094][T16539]  ? percpu_counter_add_batch+0xbd/0x180
[ 1707.341643][T16539]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1707.347655][T16539]  ? __vm_enough_memory+0x184/0x360
[ 1707.353234][T16539]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1707.359632][T16539]  shmem_getpage_gfp+0x643/0x22d0
[ 1707.364903][T16539]  ? shmem_is_huge+0x2f0/0x2f0
[ 1707.369562][T16539]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1707.376219][T16539]  ? shmem_fault+0x750/0x750
[ 1707.381848][T16539]  ? __kasan_kmalloc+0xa6/0xd0
[ 1707.388187][T16539]  drm_gem_get_pages+0x291/0x5d0
[ 1707.394263][T16539]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1707.401134][T16539]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1707.407791][T16539]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1707.413697][T16539]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1707.419687][T16539]  drm_gem_pin+0x64/0x90
[ 1707.424108][T16539]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1707.429387][T16539]  dma_buf_dynamic_attach+0x206/0xb40
[ 1707.436285][T16539]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1707.444134][T16539]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1707.451306][T16539]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1707.459873][T16539]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1707.467738][T16539]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1707.475402][T16539]  drm_ioctl_kernel+0x27d/0x4e0
[ 1707.481529][T16539]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1707.489858][T16539]  ? drm_setversion+0x8b0/0x8b0
[ 1707.496338][T16539]  drm_ioctl+0x51e/0x9d0
18:12:48 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1707.501496][T16539]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1707.507950][T16539]  ? drm_version+0x3d0/0x3d0
[ 1707.513341][T16539]  ? __fget_files+0x23d/0x3e0
[ 1707.518724][T16539]  ? security_file_ioctl+0x5c/0xb0
[ 1707.524021][T16539]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1707.531164][T16539]  ? drm_version+0x3d0/0x3d0
[ 1707.536411][T16539]  __x64_sys_ioctl+0x193/0x200
[ 1707.542031][T16539]  do_syscall_64+0x35/0xb0
[ 1707.547421][T16539]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1707.553969][T16539] RIP: 0033:0x7f2c65d45ae9
[ 1707.558670][T16539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1707.582283][T16539] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1707.594702][T16539] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1707.606542][T16539] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1707.615829][T16539] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1707.639935][T16539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1707.654998][T16539] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1707.668326][T16539]  </TASK>
18:12:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 16)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:48 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:48 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x577f000000000000, &(0x7f0000000000))

[ 1707.863071][T16555] FAULT_INJECTION: forcing a failure.
18:12:48 executing program 0:
r0 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000002880)={0x9, 0x1, 0x4, 0x0, 0x6, {0x77359400}, {0x5, 0x2, 0x7, 0x3, 0x1f, 0x5, "f4a59a51"}, 0x1f, 0x3, @planes=&(0x7f0000002840)={0x10001, 0xffffffff, @fd=r0, 0x9}, 0x9})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
recvmmsg$unix(r3, &(0x7f0000007140)=[{{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/195, 0xc3}, {&(0x7f0000000040)=""/49, 0x31}, {&(0x7f00000002c0)=""/173, 0xad}, {&(0x7f0000000380)=""/80, 0x50}, {&(0x7f0000000400)=""/192, 0xc0}, {&(0x7f0000001500)=""/254, 0xfe}, {&(0x7f0000001600)=""/170, 0xaa}, {&(0x7f00000016c0)=""/165, 0xa5}, {&(0x7f0000001780)=""/4096, 0x1000}], 0xa, &(0x7f0000007440)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000009d1a34000000000046058e007d568db81a69c75bdee8a71ecd16a80b68031e65e925c8edf3f6d89df193884d57d8ca61f8f29ac4a99007b5e5bf88cfff99e6ca6d66c423a050b53097549c5b92561a19b411c0b435c449e6c8753d0509000242a7e57b059e3827342c54e3cf9209d4a8d51003103f5b4646c01c24502d8f077d27bf45e92a8f2673cba76db85a7ecf8afe4e26a83735cb13ad0ec6b24788b17a980511ee139f25e8c6b48afd59ead856ed375afd07e7f4037c94dc2fc772211ece3505259bb4fcfa27c0f7fba8630aeeab74990f94382c8bea8d7893efbc32d7358f6977665b478571993259c79f39611a5b3792", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x130}}, {{&(0x7f0000002980), 0x6e, &(0x7f0000002a00)=[{&(0x7f0000000140)=""/64, 0x40}], 0x1, &(0x7f0000002a40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [<r6=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x110}}, {{&(0x7f0000002b80), 0x6e, &(0x7f0000002f00)=[{&(0x7f0000002c00)=""/219, 0xdb}, {&(0x7f0000002d00)=""/60, 0x3c}, {&(0x7f0000002d40)=""/162, 0xa2}, {&(0x7f0000002e00)}, {&(0x7f0000002e40)=""/51, 0x33}, {&(0x7f0000002e80)=""/92, 0x5c}], 0x6, &(0x7f0000002f80)}}, {{&(0x7f0000002fc0), 0x6e, &(0x7f0000003100)=[{&(0x7f0000003040)=""/147, 0x93}], 0x1}}, {{&(0x7f0000003140)=@abs, 0x6e, &(0x7f0000004240)=[{&(0x7f00000031c0)=""/4096, 0x1000}, {&(0x7f00000041c0)=""/73, 0x49}], 0x2}}, {{&(0x7f0000004280)=@abs, 0x6e, &(0x7f0000004440)=[{&(0x7f0000004300)=""/59, 0x3b}, {&(0x7f0000004340)=""/124, 0x7c}, {&(0x7f00000043c0)=""/75, 0x4b}], 0x3, &(0x7f0000004480)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc0}}, {{&(0x7f0000004540), 0x6e, &(0x7f00000067c0)=[{&(0x7f00000045c0)=""/218, 0xda}, {&(0x7f00000046c0)=""/164, 0xa4}, {&(0x7f0000004780)=""/4096, 0x1000}, {&(0x7f0000005780)=""/29, 0x1d}, {&(0x7f00000057c0)=""/4096, 0x1000}], 0x5, &(0x7f0000006840)=[@cred={{0x1c}}], 0x20}}, {{0x0, 0x0, &(0x7f0000006940)=[{&(0x7f0000006880)=""/138, 0x8a}], 0x1, &(0x7f0000006980)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x78}}, {{&(0x7f0000006a00)=@abs, 0x6e, &(0x7f0000006e00)=[{&(0x7f0000006a80)=""/203, 0xcb}, {0xfffffffffffffffc}, {&(0x7f0000006b80)=""/218, 0xda}, {&(0x7f0000006c80)=""/36, 0x24}, {&(0x7f0000006cc0)=""/7, 0x7}, {&(0x7f0000006d00)=""/246, 0xf6}], 0x6, &(0x7f0000006e80)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000006ec0), 0x6e, &(0x7f0000007040)=[{&(0x7f0000006f40)=""/231, 0xe7}], 0x1, &(0x7f0000007080)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc0}}], 0xa, 0x140, &(0x7f00000073c0))
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, &(0x7f0000002e00)={r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000007400)={0x0, 0x1ef, 0x9})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r1})

[ 1707.863071][T16555] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:48 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1707.902429][T16555] CPU: 2 PID: 16555 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1707.914957][T16555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1707.925877][T16555] Call Trace:
[ 1707.930335][T16555]  <TASK>
[ 1707.933915][T16555]  dump_stack_lvl+0xcd/0x134
[ 1707.939525][T16555]  should_fail.cold+0x5/0xa
[ 1707.943991][T16555]  prepare_alloc_pages+0x17b/0x570
[ 1707.949242][T16555]  __alloc_pages+0x12f/0x500
[ 1707.954139][T16555]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1707.962338][T16555]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1707.967800][T16555]  alloc_pages_vma+0xf3/0x7d0
[ 1707.972679][T16555]  shmem_alloc_page+0x11f/0x1f0
[ 1707.979420][T16555]  ? shmem_link+0x360/0x360
[ 1707.983770][T16555]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1707.990005][T16555]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1707.996404][T16555]  ? percpu_counter_add_batch+0xbd/0x180
[ 1708.001811][T16555]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1708.008932][T16555]  ? __vm_enough_memory+0x184/0x360
[ 1708.015151][T16555]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1708.021167][T16555]  shmem_getpage_gfp+0x643/0x22d0
[ 1708.026663][T16555]  ? shmem_is_huge+0x2f0/0x2f0
[ 1708.031215][T16555]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1708.036771][T16555]  ? shmem_fault+0x750/0x750
[ 1708.041763][T16555]  ? __kasan_kmalloc+0xa6/0xd0
[ 1708.047428][T16555]  drm_gem_get_pages+0x291/0x5d0
[ 1708.053244][T16555]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1708.058633][T16555]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1708.065154][T16555]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1708.070628][T16555]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1708.076349][T16555]  drm_gem_pin+0x64/0x90
[ 1708.081571][T16555]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1708.087538][T16555]  dma_buf_dynamic_attach+0x206/0xb40
[ 1708.094111][T16555]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1708.101509][T16555]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1708.108806][T16555]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1708.116726][T16555]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1708.122991][T16555]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1708.128606][T16555]  drm_ioctl_kernel+0x27d/0x4e0
[ 1708.133659][T16555]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1708.140511][T16555]  ? drm_setversion+0x8b0/0x8b0
[ 1708.146326][T16555]  drm_ioctl+0x51e/0x9d0
[ 1708.151699][T16555]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1708.159424][T16555]  ? drm_version+0x3d0/0x3d0
[ 1708.165151][T16555]  ? __fget_files+0x23d/0x3e0
[ 1708.171002][T16555]  ? security_file_ioctl+0x5c/0xb0
[ 1708.179078][T16555]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1708.187479][T16555]  ? drm_version+0x3d0/0x3d0
[ 1708.194655][T16555]  __x64_sys_ioctl+0x193/0x200
[ 1708.204609][T16555]  do_syscall_64+0x35/0xb0
[ 1708.211936][T16555]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1708.221303][T16555] RIP: 0033:0x7f2c65d45ae9
[ 1708.226703][T16555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1708.257275][T16555] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1708.269835][T16555] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1708.279129][T16555] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1708.288514][T16555] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1708.298835][T16555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1708.316918][T16555] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1708.327040][T16555]  </TASK>
[ 1708.330751][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:48 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:49 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x5c7f000000000000, &(0x7f0000000000))

18:12:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 17)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:49 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f00000001c0)={r4})
close(r2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/seq/clients\x00', 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8, 0x13, r3, 0x3c68000)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040)={0x0, 0xe, r0})

[ 1708.525491][T16565] FAULT_INJECTION: forcing a failure.
[ 1708.525491][T16565] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1708.558837][T16565] CPU: 2 PID: 16565 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1708.568582][T16565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1708.578152][T16565] Call Trace:
[ 1708.582553][T16565]  <TASK>
[ 1708.585550][T16565]  dump_stack_lvl+0xcd/0x134
[ 1708.593895][T16565]  should_fail.cold+0x5/0xa
[ 1708.598994][T16565]  prepare_alloc_pages+0x17b/0x570
[ 1708.604977][T16565]  __alloc_pages+0x12f/0x500
[ 1708.609944][T16565]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1708.616757][T16565]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1708.621972][T16565]  alloc_pages_vma+0xf3/0x7d0
[ 1708.626788][T16565]  shmem_alloc_page+0x11f/0x1f0
[ 1708.631779][   T38] audit: type=1400 audit(1638036769.104:1649): avc:  denied  { map } for  pid=16566 comm="syz-executor.0" path="/dev/dri/card0" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1708.631982][T16565]  ? shmem_link+0x360/0x360
[ 1708.665291][T16565]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1708.673248][T16565]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1708.682270][T16565]  ? percpu_counter_add_batch+0xbd/0x180
[ 1708.688689][T16565]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1708.695890][T16565]  ? __vm_enough_memory+0x184/0x360
[ 1708.702326][T16565]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1708.710469][T16565]  shmem_getpage_gfp+0x643/0x22d0
[ 1708.715982][T16565]  ? shmem_is_huge+0x2f0/0x2f0
[ 1708.722983][T16565]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1708.737030][T16565]  ? shmem_fault+0x750/0x750
[ 1708.742397][T16565]  ? __kasan_kmalloc+0xa6/0xd0
[ 1708.747549][T16565]  drm_gem_get_pages+0x291/0x5d0
[ 1708.756081][T16565]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1708.763217][T16565]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1708.770988][T16565]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1708.777869][T16565]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1708.789747][T16565]  drm_gem_pin+0x64/0x90
[ 1708.795228][T16565]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1708.802684][T16565]  dma_buf_dynamic_attach+0x206/0xb40
[ 1708.810790][T16565]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1708.820544][T16565]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1708.827892][T16565]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1708.835884][T16565]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1708.844890][T16565]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1708.852691][T16565]  drm_ioctl_kernel+0x27d/0x4e0
[ 1708.860718][T16565]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1708.869617][T16565]  ? drm_setversion+0x8b0/0x8b0
[ 1708.877126][T16565]  drm_ioctl+0x51e/0x9d0
[ 1708.882452][T16565]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1708.888590][T16565]  ? drm_version+0x3d0/0x3d0
[ 1708.894780][T16565]  ? __fget_files+0x23d/0x3e0
[ 1708.903452][T16565]  ? security_file_ioctl+0x5c/0xb0
[ 1708.927717][T16565]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1708.939017][T16565]  ? drm_version+0x3d0/0x3d0
[ 1708.946566][T16565]  __x64_sys_ioctl+0x193/0x200
[ 1708.954766][T16565]  do_syscall_64+0x35/0xb0
[ 1708.961869][T16565]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1708.971773][T16565] RIP: 0033:0x7f2c65d45ae9
[ 1708.978722][T16565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1709.019408][T16565] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1709.032025][T16565] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1709.045203][T16565] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1709.058611][T16565] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1709.071635][T16565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1709.084196][T16565] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1709.098184][T16565]  </TASK>
[ 1709.102198][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:49 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00c642d, &(0x7f0000000380)={r4})
r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x4a4400, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r5, 0xc04064aa, &(0x7f0000000140)={&(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x7fffffff, 0x0, '\x00', 0x7, 0xa})
r6 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000400), 0x501000, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r6, 0xc03064b7, &(0x7f0000000040)={0x0, 0x20, 0x41, 0x3ff, 0x4, 0x6, 0x80, 0xe290, 0x6, 0xd6, 0x7, 0x40})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:49 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 18)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1709.359254][T16578] FAULT_INJECTION: forcing a failure.
[ 1709.359254][T16578] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1709.391759][T16578] CPU: 2 PID: 16578 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1709.407957][T16578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1709.427228][T16578] Call Trace:
[ 1709.432275][T16578]  <TASK>
[ 1709.437823][T16578]  dump_stack_lvl+0xcd/0x134
[ 1709.445135][T16578]  should_fail.cold+0x5/0xa
[ 1709.455434][T16578]  prepare_alloc_pages+0x17b/0x570
[ 1709.464057][T16578]  __alloc_pages+0x12f/0x500
[ 1709.471240][T16578]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1709.482503][T16578]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1709.490627][T16578]  alloc_pages_vma+0xf3/0x7d0
[ 1709.497159][T16578]  shmem_alloc_page+0x11f/0x1f0
[ 1709.502432][T16578]  ? shmem_link+0x360/0x360
[ 1709.507346][T16578]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1709.514984][T16578]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1709.523475][T16578]  ? percpu_counter_add_batch+0xbd/0x180
[ 1709.530490][T16578]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1709.539657][T16578]  ? __vm_enough_memory+0x184/0x360
[ 1709.547523][T16578]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1709.556925][T16578]  shmem_getpage_gfp+0x643/0x22d0
[ 1709.564895][T16578]  ? shmem_is_huge+0x2f0/0x2f0
[ 1709.573218][T16578]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1709.591016][T16578]  ? shmem_fault+0x750/0x750
[ 1709.597750][T16578]  ? __kasan_kmalloc+0xa6/0xd0
[ 1709.604377][T16578]  drm_gem_get_pages+0x291/0x5d0
[ 1709.612579][T16578]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1709.626931][T16578]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1709.635955][T16578]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1709.643500][T16578]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1709.656432][T16578]  drm_gem_pin+0x64/0x90
[ 1709.664652][T16578]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1709.674572][T16578]  dma_buf_dynamic_attach+0x206/0xb40
[ 1709.686197][T16578]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1709.697728][T16578]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1709.706502][T16578]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1709.720039][T16578]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1709.730734][T16578]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1709.739063][T16578]  drm_ioctl_kernel+0x27d/0x4e0
[ 1709.747737][T16578]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1709.759906][T16578]  ? drm_setversion+0x8b0/0x8b0
[ 1709.769805][T16578]  drm_ioctl+0x51e/0x9d0
[ 1709.775882][T16578]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1709.785003][T16578]  ? drm_version+0x3d0/0x3d0
[ 1709.795946][T16578]  ? __fget_files+0x23d/0x3e0
[ 1709.802248][T16578]  ? security_file_ioctl+0x5c/0xb0
[ 1709.811165][T16578]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1709.819457][T16578]  ? drm_version+0x3d0/0x3d0
[ 1709.826631][T16578]  __x64_sys_ioctl+0x193/0x200
[ 1709.833496][T16578]  do_syscall_64+0x35/0xb0
[ 1709.839478][T16578]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1709.848003][T16578] RIP: 0033:0x7f2c65d45ae9
[ 1709.854115][T16578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1709.884772][T16578] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1709.894325][T16578] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1709.905123][T16578] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1709.914490][T16578] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1709.923127][T16578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1709.932332][T16578] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1709.941925][T16578]  </TASK>
[ 1709.947953][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 19)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:50 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:50 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8100000000000000, &(0x7f0000000000))

[ 1710.241126][T16585] FAULT_INJECTION: forcing a failure.
[ 1710.241126][T16585] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1710.291478][T16585] CPU: 1 PID: 16585 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1710.306675][T16585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1710.317898][T16585] Call Trace:
[ 1710.322746][T16585]  <TASK>
[ 1710.326281][T16585]  dump_stack_lvl+0xcd/0x134
[ 1710.332164][T16585]  should_fail.cold+0x5/0xa
[ 1710.338479][T16585]  prepare_alloc_pages+0x17b/0x570
[ 1710.344861][T16585]  __alloc_pages+0x12f/0x500
[ 1710.351094][T16585]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1710.359357][T16585]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1710.383496][T16585]  alloc_pages_vma+0xf3/0x7d0
[ 1710.392418][T16585]  shmem_alloc_page+0x11f/0x1f0
[ 1710.399753][T16585]  ? shmem_link+0x360/0x360
[ 1710.406816][T16585]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1710.414753][T16585]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1710.424430][T16585]  ? percpu_counter_add_batch+0xbd/0x180
[ 1710.432176][T16585]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1710.440449][T16585]  ? __vm_enough_memory+0x184/0x360
[ 1710.449295][T16585]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1710.457729][T16585]  shmem_getpage_gfp+0x643/0x22d0
[ 1710.467340][T16585]  ? shmem_is_huge+0x2f0/0x2f0
[ 1710.473964][T16585]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1710.486288][T16585]  ? shmem_fault+0x750/0x750
[ 1710.491836][T16585]  ? __kasan_kmalloc+0xa6/0xd0
[ 1710.497744][T16585]  drm_gem_get_pages+0x291/0x5d0
[ 1710.503150][T16585]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1710.510769][T16585]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1710.517837][T16585]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1710.525095][T16585]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1710.534056][T16585]  drm_gem_pin+0x64/0x90
[ 1710.539358][T16585]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1710.545874][T16585]  dma_buf_dynamic_attach+0x206/0xb40
[ 1710.552606][T16585]  drm_gem_prime_import_dev.part.0+0x21/0x220
18:12:51 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:51 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000001c0)={0x0, 0x80000, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_ADDFB(r3, 0xc01c64ae, &(0x7f0000000140)={0x800, 0x5, 0x4, 0x8, 0x80000000, 0x0, 0x6})
write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f0000000200)={0x28, 0x2, 0x0, {0x6, 0xffffffff80000000, 0xffffffff}}, 0x28)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x7, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r6 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="ef72f2dcbd0000ff070000000000007b4800001734cb3fed2341eb33275620a25955d68215de22c10700e01164bdb8315d5c98ffd258bb1add34987017c8be445a6a12b14c8d766e527a63d6e94e6520bd772a8cd9afcbe96921e5819f34f86dd44142ef9e08313dd917f5265476ba5ddc7aedc26ba7a396dc0138c4ccdedfacc074f9209bc9381c539c7b4b0fbaa3e144ffacb3543ddd71b089d399b7dabf6511c20d173df3ca664fc7a8fd2449b5e67c9a97d7b182078eb26ddaadafcb36e4df7871cbc530dce47d0d395bb4f41bd9f377444a1d73ad3568"], 0x10}}, 0x0)
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000500)=""/180, 0xb4}, {&(0x7f00000002c0)=""/106, 0x6a}], 0x2, 0x588d2ea4, 0x6)

[ 1710.560550][T16585]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1710.568086][T16585]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1710.575772][T16585]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1710.586707][T16585]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1710.594734][T16585]  drm_ioctl_kernel+0x27d/0x4e0
[ 1710.602589][T16585]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1710.612135][T16585]  ? drm_setversion+0x8b0/0x8b0
[ 1710.621716][T16585]  drm_ioctl+0x51e/0x9d0
[ 1710.626585][T16585]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1710.634532][T16585]  ? drm_version+0x3d0/0x3d0
[ 1710.641100][T16585]  ? __fget_files+0x23d/0x3e0
[ 1710.647273][T16585]  ? security_file_ioctl+0x5c/0xb0
[ 1710.654337][T16585]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1710.662358][T16585]  ? drm_version+0x3d0/0x3d0
[ 1710.668271][T16585]  __x64_sys_ioctl+0x193/0x200
[ 1710.675374][T16585]  do_syscall_64+0x35/0xb0
[ 1710.682095][T16585]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1710.695467][T16585] RIP: 0033:0x7f2c65d45ae9
[ 1710.701279][T16585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1710.730421][T16585] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1710.739569][T16585] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1710.747772][T16585] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1710.756085][T16585] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1710.764448][T16585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1710.772785][T16585] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1710.781168][T16585]  </TASK>
18:12:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 20)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:51 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8900000000000000, &(0x7f0000000000))

18:12:51 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:51 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/exe\x00', 0x44002, 0x68)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
preadv(r2, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/211, 0xd3}, {&(0x7f00000002c0)=""/103, 0x67}, {&(0x7f0000000340)=""/195, 0xc3}], 0x3, 0x5, 0x3)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1711.012238][T16599] FAULT_INJECTION: forcing a failure.
[ 1711.012238][T16599] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:51 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1711.041770][T16599] CPU: 0 PID: 16599 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1711.050450][T16599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1711.059806][T16599] Call Trace:
[ 1711.063010][T16599]  <TASK>
[ 1711.065864][T16599]  dump_stack_lvl+0xcd/0x134
[ 1711.070378][T16599]  should_fail.cold+0x5/0xa
[ 1711.075064][T16599]  prepare_alloc_pages+0x17b/0x570
[ 1711.080145][T16599]  __alloc_pages+0x12f/0x500
[ 1711.084986][T16599]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1711.093226][T16599]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1711.099561][T16599]  alloc_pages_vma+0xf3/0x7d0
[ 1711.104614][T16599]  shmem_alloc_page+0x11f/0x1f0
[ 1711.112142][T16599]  ? shmem_link+0x360/0x360
[ 1711.117283][T16599]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1711.126148][T16599]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1711.138297][T16599]  ? percpu_counter_add_batch+0xbd/0x180
[ 1711.146088][T16599]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1711.153218][T16599]  ? __vm_enough_memory+0x184/0x360
[ 1711.163670][T16599]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1711.171319][T16599]  shmem_getpage_gfp+0x643/0x22d0
[ 1711.177295][T16599]  ? shmem_is_huge+0x2f0/0x2f0
[ 1711.182172][T16599]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1711.188614][T16599]  ? shmem_fault+0x750/0x750
[ 1711.193433][T16599]  ? __kasan_kmalloc+0xa6/0xd0
[ 1711.198876][T16599]  drm_gem_get_pages+0x291/0x5d0
[ 1711.203842][T16599]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1711.210157][T16599]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1711.216196][T16599]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1711.221754][T16599]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1711.227255][T16599]  drm_gem_pin+0x64/0x90
[ 1711.231618][T16599]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1711.236937][T16599]  dma_buf_dynamic_attach+0x206/0xb40
[ 1711.242290][T16599]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1711.248255][T16599]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1711.257560][T16599]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1711.265110][T16599]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1711.272105][T16599]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1711.279171][T16599]  drm_ioctl_kernel+0x27d/0x4e0
[ 1711.285494][T16599]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1711.293765][T16599]  ? drm_setversion+0x8b0/0x8b0
[ 1711.301420][T16599]  drm_ioctl+0x51e/0x9d0
[ 1711.306619][T16599]  ? drm_prime_destroy_file_private+0x50/0x50
18:12:51 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x8cffffff00000000, &(0x7f0000000000))

[ 1711.315653][T16599]  ? drm_version+0x3d0/0x3d0
[ 1711.322650][T16599]  ? __fget_files+0x23d/0x3e0
[ 1711.328969][T16599]  ? security_file_ioctl+0x5c/0xb0
[ 1711.334609][T16599]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1711.341119][T16599]  ? drm_version+0x3d0/0x3d0
[ 1711.347307][T16599]  __x64_sys_ioctl+0x193/0x200
[ 1711.353841][T16599]  do_syscall_64+0x35/0xb0
[ 1711.360912][T16599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1711.368673][T16599] RIP: 0033:0x7f2c65d45ae9
[ 1711.375809][T16599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1711.401634][T16599] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1711.411059][T16599] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1711.420123][T16599] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1711.434635][T16599] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1711.447336][T16599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1711.460895][T16599] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1711.473675][T16599]  </TASK>
18:12:52 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:52 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd800000000000000, &(0x7f0000000000))

18:12:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 21)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1711.691341][T16613] FAULT_INJECTION: forcing a failure.
[ 1711.691341][T16613] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1711.738366][T16613] CPU: 2 PID: 16613 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1711.750331][T16613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1711.762550][T16613] Call Trace:
[ 1711.766931][T16613]  <TASK>
[ 1711.772032][T16613]  dump_stack_lvl+0xcd/0x134
[ 1711.782198][T16613]  should_fail.cold+0x5/0xa
[ 1711.790601][T16613]  prepare_alloc_pages+0x17b/0x570
[ 1711.800391][T16613]  __alloc_pages+0x12f/0x500
[ 1711.806597][T16613]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1711.816982][T16613]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1711.826577][T16613]  alloc_pages_vma+0xf3/0x7d0
[ 1711.834797][T16613]  shmem_alloc_page+0x11f/0x1f0
[ 1711.841476][T16613]  ? shmem_link+0x360/0x360
[ 1711.853254][T16613]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1711.865247][T16613]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1711.876370][T16613]  ? percpu_counter_add_batch+0xbd/0x180
[ 1711.882120][T16613]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1711.888215][T16613]  ? __vm_enough_memory+0x184/0x360
[ 1711.895590][T16613]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1711.904541][T16613]  shmem_getpage_gfp+0x643/0x22d0
[ 1711.913542][T16613]  ? shmem_is_huge+0x2f0/0x2f0
18:12:52 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1711.921471][T16613]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1711.939223][T16613]  ? shmem_fault+0x750/0x750
[ 1711.946009][T16613]  ? __kasan_kmalloc+0xa6/0xd0
18:12:52 executing program 0:
sendmsg$NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x0, 0x400, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}]}, 0x1c}}, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r2=>r0, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file0 '])
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r2, 0xc01064bd, &(0x7f00000003c0)={&(0x7f0000000300)="17688afebfc6872b2a3ff464e312797cdffc1360a1d2cf0e3c5aa6493ac77dc35899187458dd085c84f48a9bd7c2c9d13ab5c72d27e696f877bb962070c1c95f5bc6d1722b289506e7d8000ac0cabc3a4787088d585474060a02231aa8c7bd110a10373e12fb65ac285f005baf6d3f77ddf022f6da7bf58c6ab3f637cce79dce05c1ba4308ceaefdde05b10b6ed2d11dcc2f30aa744b8fc12649291f65540471eafddb95d134a6fd2ee3aaf069e9", 0xae})
close(r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000001700)={{0x1, 0x1, 0x18, <r6=>r0, {0x9}}, './file0\x00'})
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r6, &(0x7f0000001800)={&(0x7f0000001740)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000017c0)={&(0x7f0000001780)={0x30, 0x140d, 0x314, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x2}]}, 0x7f}, 0x1, 0x0, 0x0, 0x4080}, 0x8000)
close(r3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x81, 0x1f, 0xff, 0xfc, 0x6, 0x2, 0x3e, 0x9, 0x364, 0x40, 0x2, 0x20b, 0x3, 0x38, 0x2, 0xab2e, 0x8, 0x818}, [{0x1474e555, 0x5, 0x2, 0x5, 0x65, 0x7, 0x80, 0xffffffffffffff1a}, {0x6, 0x79, 0x4, 0x8001, 0x3, 0x7f, 0x4, 0x7ff}], "5174f6d45b883058a37b10e59ae6b75a51b26499667b2e37fc5c751ebb884d10ec163b3fab768f51a03f02e4c62010150c5f6925b8f434f4fd070618bbe017e4e3c81908c36d8aa4ce53cad84dee2ad7b0894b599f27025524", ['\x00', '\x00']}, 0x309)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r7 = creat(&(0x7f0000000240)='./file0\x00', 0x28)
ioctl$DRM_IOCTL_RM_MAP(r7, 0x4028641b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil})

[ 1711.952653][T16613]  drm_gem_get_pages+0x291/0x5d0
[ 1711.958776][T16613]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1711.964796][T16613]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1711.973160][T16613]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1711.980000][T16613]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1711.987273][T16613]  drm_gem_pin+0x64/0x90
[ 1711.992903][T16613]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1711.999108][T16613]  dma_buf_dynamic_attach+0x206/0xb40
[ 1712.005801][T16613]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1712.012846][T16613]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1712.019671][T16613]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1712.026979][T16613]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1712.033450][T16613]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1712.040926][T16613]  drm_ioctl_kernel+0x27d/0x4e0
[ 1712.046751][T16613]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1712.054318][T16613]  ? drm_setversion+0x8b0/0x8b0
[ 1712.060580][T16613]  drm_ioctl+0x51e/0x9d0
[ 1712.066388][T16613]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1712.074380][T16613]  ? drm_version+0x3d0/0x3d0
[ 1712.079498][T16613]  ? __fget_files+0x23d/0x3e0
[ 1712.084354][T16613]  ? security_file_ioctl+0x5c/0xb0
[ 1712.089680][T16613]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1712.097666][T16613]  ? drm_version+0x3d0/0x3d0
[ 1712.103812][T16613]  __x64_sys_ioctl+0x193/0x200
[ 1712.111776][T16613]  do_syscall_64+0x35/0xb0
[ 1712.119548][T16613]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1712.126877][T16613] RIP: 0033:0x7f2c65d45ae9
[ 1712.133985][T16613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1712.163347][T16613] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1712.176252][T16613] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1712.185908][T16613] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1712.194085][T16613] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1712.202661][T16613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1712.211086][T16613] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1712.224056][T16613]  </TASK>
[ 1712.228234][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:52 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 22)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:52 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xd900000000000000, &(0x7f0000000000))

[ 1712.378361][T16624] FAULT_INJECTION: forcing a failure.
[ 1712.378361][T16624] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:52 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r3=>0x0})
close(r1)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00c642d, &(0x7f0000000100)={r3})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="100000005f8c0cb51000080000000000"], 0x10}}, 0x0)
lseek(r5, 0x9, 0x1)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1712.421752][T16624] CPU: 1 PID: 16624 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1712.433954][T16624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1712.444370][T16624] Call Trace:
[ 1712.448408][T16624]  <TASK>
[ 1712.452026][T16624]  dump_stack_lvl+0xcd/0x134
[ 1712.458439][T16624]  should_fail.cold+0x5/0xa
[ 1712.465910][T16624]  prepare_alloc_pages+0x17b/0x570
18:12:53 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)

[ 1712.472369][T16624]  __alloc_pages+0x12f/0x500
[ 1712.478530][T16624]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1712.487260][T16624]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1712.494154][T16624]  alloc_pages_vma+0xf3/0x7d0
[ 1712.501462][T16624]  shmem_alloc_page+0x11f/0x1f0
[ 1712.507489][T16624]  ? shmem_link+0x360/0x360
[ 1712.514475][T16624]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1712.521994][T16624]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1712.529719][T16624]  ? percpu_counter_add_batch+0xbd/0x180
[ 1712.536813][T16624]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1712.544058][T16624]  ? __vm_enough_memory+0x184/0x360
[ 1712.551479][T16624]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1712.560048][T16624]  shmem_getpage_gfp+0x643/0x22d0
[ 1712.566976][T16624]  ? shmem_is_huge+0x2f0/0x2f0
[ 1712.574566][T16624]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1712.580674][T16624]  ? shmem_fault+0x750/0x750
[ 1712.586039][T16624]  ? __kasan_kmalloc+0xa6/0xd0
[ 1712.591848][T16624]  drm_gem_get_pages+0x291/0x5d0
[ 1712.598091][T16624]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1712.605331][T16624]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1712.612150][T16624]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1712.618418][T16624]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1712.624473][T16624]  drm_gem_pin+0x64/0x90
[ 1712.630187][T16624]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1712.636183][T16624]  dma_buf_dynamic_attach+0x206/0xb40
[ 1712.642252][T16624]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1712.648890][T16624]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1712.655102][T16624]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1712.661684][T16624]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1712.668201][T16624]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1712.674509][T16624]  drm_ioctl_kernel+0x27d/0x4e0
[ 1712.679701][T16624]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1712.686405][T16624]  ? drm_setversion+0x8b0/0x8b0
[ 1712.691840][T16624]  drm_ioctl+0x51e/0x9d0
[ 1712.697068][T16624]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1712.704375][T16624]  ? drm_version+0x3d0/0x3d0
[ 1712.710107][T16624]  ? __fget_files+0x23d/0x3e0
[ 1712.715590][T16624]  ? security_file_ioctl+0x5c/0xb0
[ 1712.721441][T16624]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1712.728216][T16624]  ? drm_version+0x3d0/0x3d0
[ 1712.733282][T16624]  __x64_sys_ioctl+0x193/0x200
[ 1712.738854][T16624]  do_syscall_64+0x35/0xb0
[ 1712.743787][T16624]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1712.750149][T16624] RIP: 0033:0x7f2c65d45ae9
[ 1712.754813][T16624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1712.777546][T16624] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1712.788357][T16624] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1712.797937][T16624] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1712.806135][T16624] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1712.814510][T16624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1712.822393][T16624] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1712.830993][T16624]  </TASK>
18:12:53 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)

18:12:53 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, 0x0)

18:12:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 23)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0xe2, 0x7, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x8, 0xcf0, 0x200})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1712.933434][T16641] FAULT_INJECTION: forcing a failure.
[ 1712.933434][T16641] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1712.953626][T16641] CPU: 0 PID: 16641 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1712.965123][T16641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1712.976012][T16641] Call Trace:
[ 1712.980178][T16641]  <TASK>
[ 1712.983970][T16641]  dump_stack_lvl+0xcd/0x134
[ 1712.989832][T16641]  should_fail.cold+0x5/0xa
[ 1712.996620][T16641]  prepare_alloc_pages+0x17b/0x570
[ 1713.002855][T16641]  __alloc_pages+0x12f/0x500
[ 1713.008180][T16641]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1713.016640][T16641]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1713.023240][T16641]  alloc_pages_vma+0xf3/0x7d0
[ 1713.028825][T16641]  shmem_alloc_page+0x11f/0x1f0
[ 1713.034653][T16641]  ? shmem_link+0x360/0x360
[ 1713.039975][T16641]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1713.047035][T16641]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1713.054405][T16641]  ? percpu_counter_add_batch+0xbd/0x180
[ 1713.062408][T16641]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1713.070458][T16641]  ? __vm_enough_memory+0x184/0x360
[ 1713.077444][T16641]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1713.084165][T16641]  shmem_getpage_gfp+0x643/0x22d0
[ 1713.090438][T16641]  ? shmem_is_huge+0x2f0/0x2f0
[ 1713.096438][T16641]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1713.103669][T16641]  ? shmem_fault+0x750/0x750
[ 1713.109173][T16641]  ? __kasan_kmalloc+0xa6/0xd0
[ 1713.114884][T16641]  drm_gem_get_pages+0x291/0x5d0
[ 1713.121702][T16641]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1713.128403][T16641]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1713.135335][T16641]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1713.142089][T16641]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1713.149634][T16641]  drm_gem_pin+0x64/0x90
[ 1713.154747][T16641]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1713.161266][T16641]  dma_buf_dynamic_attach+0x206/0xb40
[ 1713.168300][T16641]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1713.175800][T16641]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1713.182463][T16641]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1713.189458][T16641]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1713.196505][T16641]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1713.203046][T16641]  drm_ioctl_kernel+0x27d/0x4e0
[ 1713.209445][T16641]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1713.216712][T16641]  ? drm_setversion+0x8b0/0x8b0
[ 1713.223037][T16641]  drm_ioctl+0x51e/0x9d0
[ 1713.228488][T16641]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1713.236312][T16641]  ? drm_version+0x3d0/0x3d0
[ 1713.242165][T16641]  ? __fget_files+0x23d/0x3e0
[ 1713.247845][T16641]  ? security_file_ioctl+0x5c/0xb0
[ 1713.254164][T16641]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1713.261859][T16641]  ? drm_version+0x3d0/0x3d0
[ 1713.267447][T16641]  __x64_sys_ioctl+0x193/0x200
[ 1713.273338][T16641]  do_syscall_64+0x35/0xb0
[ 1713.279200][T16641]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1713.287193][T16641] RIP: 0033:0x7f2c65d45ae9
[ 1713.293270][T16641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1713.320333][T16641] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1713.331036][T16641] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1713.341154][T16641] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1713.351477][T16641] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1713.362003][T16641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1713.372075][T16641] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1713.382191][T16641]  </TASK>
18:12:53 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xda00000000000000, &(0x7f0000000000))

18:12:53 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

18:12:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x40)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000040)=0x3)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x8)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 24)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1713.508438][T16653] FAULT_INJECTION: forcing a failure.
18:12:54 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xc)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xffffffff, 0x20481, 0xd1, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1713.508438][T16653] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1713.526811][T16653] CPU: 0 PID: 16653 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1713.537755][T16653] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1713.548348][T16653] Call Trace:
18:12:54 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xf6ffffff00000000, &(0x7f0000000000))

[ 1713.553155][T16653]  <TASK>
[ 1713.557421][T16653]  dump_stack_lvl+0xcd/0x134
[ 1713.563085][T16653]  should_fail.cold+0x5/0xa
[ 1713.567879][T16653]  prepare_alloc_pages+0x17b/0x570
[ 1713.573163][T16653]  __alloc_pages+0x12f/0x500
[ 1713.578698][T16653]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1713.587262][T16653]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1713.593797][T16653]  alloc_pages_vma+0xf3/0x7d0
[ 1713.600598][T16653]  shmem_alloc_page+0x11f/0x1f0
[ 1713.607041][T16653]  ? shmem_link+0x360/0x360
[ 1713.612673][T16653]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1713.620625][T16653]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1713.628790][T16653]  ? percpu_counter_add_batch+0xbd/0x180
[ 1713.635399][T16653]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1713.641872][T16653]  ? __vm_enough_memory+0x184/0x360
[ 1713.647053][T16653]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1713.653496][T16653]  shmem_getpage_gfp+0x643/0x22d0
[ 1713.658697][T16653]  ? shmem_is_huge+0x2f0/0x2f0
[ 1713.663439][T16653]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1713.670731][T16653]  ? shmem_fault+0x750/0x750
[ 1713.675739][T16653]  ? __kasan_kmalloc+0xa6/0xd0
[ 1713.681331][T16653]  drm_gem_get_pages+0x291/0x5d0
[ 1713.687276][T16653]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1713.693184][T16653]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1713.700036][T16653]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1713.705319][T16653]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1713.710919][T16653]  drm_gem_pin+0x64/0x90
[ 1713.716038][T16653]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1713.722191][T16653]  dma_buf_dynamic_attach+0x206/0xb40
[ 1713.728339][T16653]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1713.734976][T16653]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1713.741874][T16653]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1713.747667][T16653]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1713.753371][T16653]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1713.759948][T16653]  drm_ioctl_kernel+0x27d/0x4e0
[ 1713.765280][T16653]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1713.772272][T16653]  ? drm_setversion+0x8b0/0x8b0
[ 1713.777537][T16653]  drm_ioctl+0x51e/0x9d0
[ 1713.783384][T16653]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1713.790484][T16653]  ? drm_version+0x3d0/0x3d0
[ 1713.799632][T16653]  ? __fget_files+0x23d/0x3e0
[ 1713.805751][T16653]  ? security_file_ioctl+0x5c/0xb0
[ 1713.810989][T16653]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1713.817938][T16653]  ? drm_version+0x3d0/0x3d0
[ 1713.823258][T16653]  __x64_sys_ioctl+0x193/0x200
[ 1713.828650][T16653]  do_syscall_64+0x35/0xb0
[ 1713.833418][T16653]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1713.840691][T16653] RIP: 0033:0x7f2c65d45ae9
[ 1713.845658][T16653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1713.869227][T16653] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1713.877861][T16653] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1713.885751][T16653] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1713.896678][T16653] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1713.906174][T16653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1713.915956][T16653] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1713.924260][T16653]  </TASK>
18:12:54 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

18:12:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 25)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:54 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xf9fdffff00000000, &(0x7f0000000000))

18:12:54 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = syz_mount_image$bfs(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x1, 0x3, &(0x7f0000000340)=[{&(0x7f00000001c0), 0x0, 0x1}, {&(0x7f0000000200)="2995c116df3ea5ed8ea3f7a4f52adc2b322a433abca75068322f3ca864f068f8c936559fbe8697c02e6bb48617005acf6b6a11845f7e245dfebce9e2aba155eda3f8a5866a22de0ca2f098f1c9f515a3311adc01767677eb50932c653aee4c532730f886eed59ebedb0d454f1f53bacf10813251347e88d90d1a8eba0fb9a221978c965ac9573dd64194595c11185597df9028940d26073d7b9d3db4cafe32b384665b7734d23bcbbcba1ef56930cd4d1634067946798f3b2673b0435e4f2f2f429fa574a983a612ab89e525df6a3dbf", 0xd0}, {&(0x7f0000000300)="43a9662cba88e1d48784b7054c36fdeed098e18826f8ad3d8ffc128859003a9c67fe6a1e9bcae9bbe109d4654174642d4dfe5ccb452f8272d1c4", 0x3a, 0x2}], 0x880080, &(0x7f00000003c0)={[{']*^.-}'}, {'/dev/dri/card#\x00'}, {',}\\)\'!'}, {'/dev/dri/card#\x00'}], [{@smackfsroot={'smackfsroot', 0x3d, '/dev/dri/card#\x00'}}, {@obj_user={'obj_user', 0x3d, '/dev/dri/card#\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '%$%+*%-'}}]})
r3 = openat(r2, &(0x7f0000000000)='./file0\x00', 0x200, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0x7ff, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='blkio.throttle.io_serviced\x00', 0x0, 0x0)

[ 1714.040770][T16667] FAULT_INJECTION: forcing a failure.
[ 1714.040770][T16667] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1714.056582][T16667] CPU: 0 PID: 16667 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1714.068947][T16667] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1714.079835][T16667] Call Trace:
[ 1714.083514][T16667]  <TASK>
[ 1714.086527][T16667]  dump_stack_lvl+0xcd/0x134
[ 1714.091002][T16667]  should_fail.cold+0x5/0xa
[ 1714.095506][T16667]  prepare_alloc_pages+0x17b/0x570
[ 1714.100581][T16667]  __alloc_pages+0x12f/0x500
[ 1714.105332][T16667]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1714.112124][T16667]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1714.117587][T16667]  alloc_pages_vma+0xf3/0x7d0
[ 1714.123021][T16667]  shmem_alloc_page+0x11f/0x1f0
[ 1714.129212][T16667]  ? shmem_link+0x360/0x360
[ 1714.134518][T16667]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1714.141817][T16667]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1714.148497][T16667]  ? percpu_counter_add_batch+0xbd/0x180
[ 1714.155228][T16667]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1714.161774][T16667]  ? __vm_enough_memory+0x184/0x360
[ 1714.167111][T16667]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1714.173063][T16667]  shmem_getpage_gfp+0x643/0x22d0
[ 1714.178395][T16667]  ? shmem_is_huge+0x2f0/0x2f0
[ 1714.184092][T16667]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1714.189681][T16667]  ? shmem_fault+0x750/0x750
[ 1714.194059][T16667]  ? __kasan_kmalloc+0xa6/0xd0
[ 1714.198647][T16667]  drm_gem_get_pages+0x291/0x5d0
[ 1714.204382][T16667]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1714.210028][T16667]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1714.215262][T16667]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1714.221090][T16667]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1714.228909][T16667]  drm_gem_pin+0x64/0x90
[ 1714.233296][T16667]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1714.238089][T16667]  dma_buf_dynamic_attach+0x206/0xb40
[ 1714.244638][T16667]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1714.250731][T16667]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1714.256380][T16667]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1714.262989][T16667]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1714.269207][T16667]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1714.276126][T16667]  drm_ioctl_kernel+0x27d/0x4e0
[ 1714.281989][T16667]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1714.287523][T16667]  ? drm_setversion+0x8b0/0x8b0
[ 1714.292238][T16667]  drm_ioctl+0x51e/0x9d0
[ 1714.296956][T16667]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1714.303422][T16667]  ? drm_version+0x3d0/0x3d0
[ 1714.307890][T16667]  ? __fget_files+0x23d/0x3e0
[ 1714.312809][T16667]  ? security_file_ioctl+0x5c/0xb0
[ 1714.317740][T16667]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1714.324407][T16667]  ? drm_version+0x3d0/0x3d0
[ 1714.329341][T16667]  __x64_sys_ioctl+0x193/0x200
[ 1714.334905][T16667]  do_syscall_64+0x35/0xb0
[ 1714.340398][T16667]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1714.346914][T16667] RIP: 0033:0x7f2c65d45ae9
[ 1714.351848][T16667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1714.372798][T16667] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1714.381853][T16667] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1714.390760][T16667] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1714.399698][T16667] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1714.408236][T16667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1714.417147][T16667] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1714.425805][T16667]  </TASK>
18:12:54 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

18:12:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 26)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1714.506313][T16675] FAULT_INJECTION: forcing a failure.
[ 1714.506313][T16675] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1714.522323][T16675] CPU: 0 PID: 16675 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1714.532412][T16675] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1714.542881][T16675] Call Trace:
[ 1714.547849][T16675]  <TASK>
[ 1714.551408][T16675]  dump_stack_lvl+0xcd/0x134
[ 1714.558686][T16675]  should_fail.cold+0x5/0xa
[ 1714.566716][T16675]  prepare_alloc_pages+0x17b/0x570
[ 1714.572921][T16675]  __alloc_pages+0x12f/0x500
[ 1714.578716][T16675]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1714.588008][T16675]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1714.595669][T16675]  alloc_pages_vma+0xf3/0x7d0
[ 1714.601707][T16675]  shmem_alloc_page+0x11f/0x1f0
[ 1714.607474][T16675]  ? shmem_link+0x360/0x360
[ 1714.613217][T16675]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1714.620631][T16675]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1714.628238][T16675]  ? percpu_counter_add_batch+0xbd/0x180
[ 1714.635483][T16675]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1714.642287][T16675]  ? __vm_enough_memory+0x184/0x360
[ 1714.648376][T16675]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1714.654835][T16675]  shmem_getpage_gfp+0x643/0x22d0
[ 1714.660464][T16675]  ? shmem_is_huge+0x2f0/0x2f0
[ 1714.665861][T16675]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1714.672431][T16675]  ? shmem_fault+0x750/0x750
[ 1714.677852][T16675]  ? __kasan_kmalloc+0xa6/0xd0
[ 1714.683516][T16675]  drm_gem_get_pages+0x291/0x5d0
[ 1714.689195][T16675]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1714.695464][T16675]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1714.702169][T16675]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1714.709393][T16675]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1714.716100][T16675]  drm_gem_pin+0x64/0x90
[ 1714.720786][T16675]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1714.726854][T16675]  dma_buf_dynamic_attach+0x206/0xb40
[ 1714.733093][T16675]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1714.740071][T16675]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1714.746177][T16675]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1714.752860][T16675]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1714.759535][T16675]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1714.766719][T16675]  drm_ioctl_kernel+0x27d/0x4e0
[ 1714.772147][T16675]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1714.779165][T16675]  ? drm_setversion+0x8b0/0x8b0
[ 1714.785100][T16675]  drm_ioctl+0x51e/0x9d0
[ 1714.789778][T16675]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1714.796630][T16675]  ? drm_version+0x3d0/0x3d0
[ 1714.801799][T16675]  ? __fget_files+0x23d/0x3e0
[ 1714.807736][T16675]  ? security_file_ioctl+0x5c/0xb0
[ 1714.814352][T16675]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1714.822045][T16675]  ? drm_version+0x3d0/0x3d0
[ 1714.827376][T16675]  __x64_sys_ioctl+0x193/0x200
[ 1714.832829][T16675]  do_syscall_64+0x35/0xb0
[ 1714.838993][T16675]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1714.845352][T16675] RIP: 0033:0x7f2c65d45ae9
[ 1714.850157][T16675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1714.872059][T16675] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1714.881369][T16675] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1714.890975][T16675] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1714.900322][T16675] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1714.910112][T16675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1714.919307][T16675] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1714.928878][T16675]  </TASK>
18:12:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 27)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1715.038781][T16679] FAULT_INJECTION: forcing a failure.
[ 1715.038781][T16679] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1715.057550][T16679] CPU: 1 PID: 16679 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1715.068131][T16679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1715.078725][T16679] Call Trace:
[ 1715.082653][T16679]  <TASK>
[ 1715.086023][T16679]  dump_stack_lvl+0xcd/0x134
[ 1715.092009][T16679]  should_fail.cold+0x5/0xa
[ 1715.097838][T16679]  prepare_alloc_pages+0x17b/0x570
[ 1715.104034][T16679]  __alloc_pages+0x12f/0x500
[ 1715.109648][T16679]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1715.117515][T16679]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1715.125368][T16679]  alloc_pages_vma+0xf3/0x7d0
[ 1715.131664][T16679]  shmem_alloc_page+0x11f/0x1f0
[ 1715.137773][T16679]  ? shmem_link+0x360/0x360
[ 1715.143311][T16679]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1715.151301][T16679]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1715.159483][T16679]  ? percpu_counter_add_batch+0xbd/0x180
[ 1715.166651][T16679]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1715.174144][T16679]  ? __vm_enough_memory+0x184/0x360
[ 1715.181276][T16679]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1715.188597][T16679]  shmem_getpage_gfp+0x643/0x22d0
[ 1715.195430][T16679]  ? shmem_is_huge+0x2f0/0x2f0
[ 1715.201343][T16679]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1715.208654][T16679]  ? shmem_fault+0x750/0x750
[ 1715.214334][T16679]  ? __kasan_kmalloc+0xa6/0xd0
[ 1715.220808][T16679]  drm_gem_get_pages+0x291/0x5d0
[ 1715.226963][T16679]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1715.234246][T16679]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1715.241152][T16679]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1715.246862][T16679]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1715.252490][T16679]  drm_gem_pin+0x64/0x90
[ 1715.257427][T16679]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1715.263090][T16679]  dma_buf_dynamic_attach+0x206/0xb40
[ 1715.268909][T16679]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1715.275770][T16679]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1715.282107][T16679]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1715.288803][T16679]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1715.296111][T16679]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1715.302944][T16679]  drm_ioctl_kernel+0x27d/0x4e0
[ 1715.308684][T16679]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1715.316411][T16679]  ? drm_setversion+0x8b0/0x8b0
[ 1715.321546][T16679]  drm_ioctl+0x51e/0x9d0
[ 1715.325759][T16679]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1715.332684][T16679]  ? drm_version+0x3d0/0x3d0
[ 1715.337405][T16679]  ? __fget_files+0x23d/0x3e0
[ 1715.342509][T16679]  ? security_file_ioctl+0x5c/0xb0
[ 1715.347597][T16679]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1715.354996][T16679]  ? drm_version+0x3d0/0x3d0
[ 1715.360002][T16679]  __x64_sys_ioctl+0x193/0x200
[ 1715.364878][T16679]  do_syscall_64+0x35/0xb0
[ 1715.369242][T16679]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1715.375418][T16679] RIP: 0033:0x7f2c65d45ae9
[ 1715.379778][T16679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1715.399678][T16679] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1715.408005][T16679] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1715.416176][T16679] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1715.424287][T16679] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1715.432469][T16679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1715.440781][T16679] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1715.450362][T16679]  </TASK>
18:12:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 28)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1715.524706][T16683] FAULT_INJECTION: forcing a failure.
[ 1715.524706][T16683] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1715.543568][T16683] CPU: 3 PID: 16683 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1715.555184][T16683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1715.564536][T16683] Call Trace:
[ 1715.568143][T16683]  <TASK>
[ 1715.571588][T16683]  dump_stack_lvl+0xcd/0x134
[ 1715.576821][T16683]  should_fail.cold+0x5/0xa
[ 1715.581849][T16683]  prepare_alloc_pages+0x17b/0x570
[ 1715.587661][T16683]  __alloc_pages+0x12f/0x500
[ 1715.593006][T16683]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1715.600447][T16683]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1715.606534][T16683]  alloc_pages_vma+0xf3/0x7d0
[ 1715.611640][T16683]  shmem_alloc_page+0x11f/0x1f0
[ 1715.616933][T16683]  ? shmem_link+0x360/0x360
[ 1715.622279][T16683]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1715.630040][T16683]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1715.637499][T16683]  ? percpu_counter_add_batch+0xbd/0x180
[ 1715.644059][T16683]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1715.651138][T16683]  ? __vm_enough_memory+0x184/0x360
[ 1715.657684][T16683]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1715.664594][T16683]  shmem_getpage_gfp+0x643/0x22d0
[ 1715.670741][T16683]  ? shmem_is_huge+0x2f0/0x2f0
[ 1715.676583][T16683]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1715.683660][T16683]  ? shmem_fault+0x750/0x750
[ 1715.689461][T16683]  ? __kasan_kmalloc+0xa6/0xd0
[ 1715.695429][T16683]  drm_gem_get_pages+0x291/0x5d0
[ 1715.701272][T16683]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1715.707797][T16683]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1715.714401][T16683]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1715.720521][T16683]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1715.725951][T16683]  drm_gem_pin+0x64/0x90
[ 1715.730197][T16683]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1715.735210][T16683]  dma_buf_dynamic_attach+0x206/0xb40
[ 1715.740559][T16683]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1715.746388][T16683]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1715.751733][T16683]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1715.757214][T16683]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1715.762691][T16683]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1715.767950][T16683]  drm_ioctl_kernel+0x27d/0x4e0
[ 1715.772527][T16683]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1715.778528][T16683]  ? drm_setversion+0x8b0/0x8b0
[ 1715.783196][T16683]  drm_ioctl+0x51e/0x9d0
[ 1715.787244][T16683]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1715.793368][T16683]  ? drm_version+0x3d0/0x3d0
[ 1715.797868][T16683]  ? __fget_files+0x23d/0x3e0
[ 1715.802571][T16683]  ? security_file_ioctl+0x5c/0xb0
[ 1715.807438][T16683]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1715.813545][T16683]  ? drm_version+0x3d0/0x3d0
[ 1715.817998][T16683]  __x64_sys_ioctl+0x193/0x200
[ 1715.822920][T16683]  do_syscall_64+0x35/0xb0
[ 1715.827224][T16683]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1715.833333][T16683] RIP: 0033:0x7f2c65d45ae9
[ 1715.837922][T16683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1715.857607][T16683] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1715.866344][T16683] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1715.874126][T16683] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1715.882134][T16683] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1715.890307][T16683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1715.898133][T16683] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1715.906673][T16683]  </TASK>
18:12:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 29)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1715.989960][T16686] FAULT_INJECTION: forcing a failure.
[ 1715.989960][T16686] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1716.010458][T16686] CPU: 1 PID: 16686 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1716.021127][T16686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1716.032916][T16686] Call Trace:
[ 1716.037170][T16686]  <TASK>
[ 1716.041194][T16686]  dump_stack_lvl+0xcd/0x134
[ 1716.047283][T16686]  should_fail.cold+0x5/0xa
[ 1716.053504][T16686]  prepare_alloc_pages+0x17b/0x570
[ 1716.060052][T16686]  __alloc_pages+0x12f/0x500
[ 1716.065029][T16686]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1716.072148][T16686]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1716.077355][T16686]  alloc_pages_vma+0xf3/0x7d0
[ 1716.082466][T16686]  shmem_alloc_page+0x11f/0x1f0
[ 1716.087335][T16686]  ? shmem_link+0x360/0x360
[ 1716.092082][T16686]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1716.098733][T16686]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1716.105174][T16686]  ? percpu_counter_add_batch+0xbd/0x180
[ 1716.110862][T16686]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1716.116704][T16686]  ? __vm_enough_memory+0x184/0x360
[ 1716.122198][T16686]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1716.128105][T16686]  shmem_getpage_gfp+0x643/0x22d0
[ 1716.132965][T16686]  ? shmem_is_huge+0x2f0/0x2f0
[ 1716.137584][T16686]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1716.143258][T16686]  ? shmem_fault+0x750/0x750
[ 1716.147882][T16686]  ? __kasan_kmalloc+0xa6/0xd0
[ 1716.153014][T16686]  drm_gem_get_pages+0x291/0x5d0
[ 1716.158831][T16686]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1716.165114][T16686]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1716.171119][T16686]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1716.177572][T16686]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1716.184200][T16686]  drm_gem_pin+0x64/0x90
[ 1716.189415][T16686]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1716.194894][T16686]  dma_buf_dynamic_attach+0x206/0xb40
[ 1716.200836][T16686]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1716.208305][T16686]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1716.215651][T16686]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1716.222904][T16686]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1716.229834][T16686]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1716.236466][T16686]  drm_ioctl_kernel+0x27d/0x4e0
[ 1716.242349][T16686]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1716.249848][T16686]  ? drm_setversion+0x8b0/0x8b0
[ 1716.254907][T16686]  drm_ioctl+0x51e/0x9d0
[ 1716.259392][T16686]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1716.266271][T16686]  ? drm_version+0x3d0/0x3d0
[ 1716.271249][T16686]  ? __fget_files+0x23d/0x3e0
[ 1716.276438][T16686]  ? security_file_ioctl+0x5c/0xb0
[ 1716.281896][T16686]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1716.289418][T16686]  ? drm_version+0x3d0/0x3d0
[ 1716.294325][T16686]  __x64_sys_ioctl+0x193/0x200
[ 1716.299233][T16686]  do_syscall_64+0x35/0xb0
[ 1716.304080][T16686]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1716.310667][T16686] RIP: 0033:0x7f2c65d45ae9
[ 1716.315138][T16686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1716.336728][T16686] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1716.346588][T16686] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1716.354471][T16686] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1716.362564][T16686] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1716.372282][T16686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1716.380282][T16686] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1716.388411][T16686]  </TASK>
18:12:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 30)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1716.456904][T16688] FAULT_INJECTION: forcing a failure.
[ 1716.456904][T16688] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1716.472802][T16688] CPU: 1 PID: 16688 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1716.481733][T16688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1716.492404][T16688] Call Trace:
[ 1716.495760][T16688]  <TASK>
[ 1716.498813][T16688]  dump_stack_lvl+0xcd/0x134
[ 1716.503426][T16688]  should_fail.cold+0x5/0xa
[ 1716.507859][T16688]  prepare_alloc_pages+0x17b/0x570
[ 1716.512889][T16688]  __alloc_pages+0x12f/0x500
[ 1716.517473][T16688]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1716.524169][T16688]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1716.529219][T16688]  alloc_pages_vma+0xf3/0x7d0
[ 1716.533928][T16688]  shmem_alloc_page+0x11f/0x1f0
[ 1716.538829][T16688]  ? shmem_link+0x360/0x360
[ 1716.543704][T16688]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1716.549988][T16688]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1716.556528][T16688]  ? percpu_counter_add_batch+0xbd/0x180
[ 1716.562238][T16688]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1716.568244][T16688]  ? __vm_enough_memory+0x184/0x360
[ 1716.573512][T16688]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1716.579133][T16688]  shmem_getpage_gfp+0x643/0x22d0
[ 1716.583812][T16688]  ? shmem_is_huge+0x2f0/0x2f0
[ 1716.588479][T16688]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1716.594198][T16688]  ? shmem_fault+0x750/0x750
[ 1716.598814][T16688]  ? __kasan_kmalloc+0xa6/0xd0
[ 1716.603399][T16688]  drm_gem_get_pages+0x291/0x5d0
[ 1716.608348][T16688]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1716.613883][T16688]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1716.619282][T16688]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1716.624409][T16688]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1716.630499][T16688]  drm_gem_pin+0x64/0x90
[ 1716.635255][T16688]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1716.640636][T16688]  dma_buf_dynamic_attach+0x206/0xb40
[ 1716.646160][T16688]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1716.652583][T16688]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1716.658139][T16688]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1716.663554][T16688]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1716.669168][T16688]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1716.674610][T16688]  drm_ioctl_kernel+0x27d/0x4e0
[ 1716.679219][T16688]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1716.684863][T16688]  ? drm_setversion+0x8b0/0x8b0
[ 1716.689488][T16688]  drm_ioctl+0x51e/0x9d0
[ 1716.693568][T16688]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1716.699515][T16688]  ? drm_version+0x3d0/0x3d0
[ 1716.703899][T16688]  ? __fget_files+0x23d/0x3e0
[ 1716.709542][T16688]  ? security_file_ioctl+0x5c/0xb0
[ 1716.714487][T16688]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1716.720962][T16688]  ? drm_version+0x3d0/0x3d0
[ 1716.725789][T16688]  __x64_sys_ioctl+0x193/0x200
[ 1716.731206][T16688]  do_syscall_64+0x35/0xb0
[ 1716.736389][T16688]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1716.742484][T16688] RIP: 0033:0x7f2c65d45ae9
[ 1716.747559][T16688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1716.769228][T16688] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1716.778067][T16688] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1716.786942][T16688] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1716.795991][T16688] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1716.805139][T16688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1716.814830][T16688] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1716.824611][T16688]  </TASK>
18:12:58 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 31)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:58 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfeffffff00000000, &(0x7f0000000000))

18:12:58 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
fchdir(r0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1717.994336][T16696] FAULT_INJECTION: forcing a failure.
[ 1717.994336][T16696] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1718.013096][T16696] CPU: 2 PID: 16696 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1718.026508][T16696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1718.037940][T16696] Call Trace:
[ 1718.042533][T16696]  <TASK>
[ 1718.047446][T16696]  dump_stack_lvl+0xcd/0x134
[ 1718.054472][T16696]  should_fail.cold+0x5/0xa
[ 1718.059512][T16696]  prepare_alloc_pages+0x17b/0x570
[ 1718.066063][T16696]  __alloc_pages+0x12f/0x500
[ 1718.071349][T16696]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1718.079437][T16696]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1718.085968][T16696]  alloc_pages_vma+0xf3/0x7d0
[ 1718.091453][T16696]  shmem_alloc_page+0x11f/0x1f0
[ 1718.096636][T16696]  ? shmem_link+0x360/0x360
[ 1718.101212][T16696]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1718.108398][T16696]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1718.115470][T16696]  ? percpu_counter_add_batch+0xbd/0x180
[ 1718.122134][T16696]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1718.129036][T16696]  ? __vm_enough_memory+0x184/0x360
[ 1718.134443][T16696]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1718.139969][T16696]  shmem_getpage_gfp+0x643/0x22d0
[ 1718.145493][T16696]  ? shmem_is_huge+0x2f0/0x2f0
[ 1718.150442][T16696]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1718.156291][T16696]  ? shmem_fault+0x750/0x750
[ 1718.161384][T16696]  ? __kasan_kmalloc+0xa6/0xd0
[ 1718.166703][T16696]  drm_gem_get_pages+0x291/0x5d0
[ 1718.173041][T16696]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1718.178797][T16696]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1718.184438][T16696]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1718.189752][T16696]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1718.195386][T16696]  drm_gem_pin+0x64/0x90
[ 1718.200134][T16696]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1718.212137][T16696]  dma_buf_dynamic_attach+0x206/0xb40
[ 1718.220663][T16696]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1718.230228][T16696]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1718.237626][T16696]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1718.246770][T16696]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1718.254151][T16696]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1718.261486][T16696]  drm_ioctl_kernel+0x27d/0x4e0
[ 1718.268611][T16696]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1718.277344][T16696]  ? drm_setversion+0x8b0/0x8b0
[ 1718.282694][T16696]  drm_ioctl+0x51e/0x9d0
[ 1718.287721][T16696]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1718.293862][T16696]  ? drm_version+0x3d0/0x3d0
[ 1718.299438][T16696]  ? __fget_files+0x23d/0x3e0
[ 1718.306075][T16696]  ? security_file_ioctl+0x5c/0xb0
[ 1718.318342][T16696]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1718.328375][T16696]  ? drm_version+0x3d0/0x3d0
[ 1718.335364][T16696]  __x64_sys_ioctl+0x193/0x200
[ 1718.343924][T16696]  do_syscall_64+0x35/0xb0
[ 1718.349576][T16696]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1718.357035][T16696] RIP: 0033:0x7f2c65d45ae9
[ 1718.361205][T16696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1718.381933][T16696] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1718.395354][T16696] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1718.411639][T16696] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1718.429186][T16696] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1718.444028][T16696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1718.455235][T16696] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1718.467399][T16696]  </TASK>
[ 1718.472304][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:59 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:12:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 32)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:12:59 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xff00000000000000, &(0x7f0000000000))

[ 1718.667025][T16707] FAULT_INJECTION: forcing a failure.
[ 1718.667025][T16707] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:12:59 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r5 = open_tree(r0, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0xeb92, 0x1, 0xb6})

18:12:59 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 1)

[ 1718.694176][T16707] CPU: 1 PID: 16707 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1718.709297][T16707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1718.724354][T16707] Call Trace:
[ 1718.729602][T16707]  <TASK>
[ 1718.733108][T16707]  dump_stack_lvl+0xcd/0x134
[ 1718.738851][T16707]  should_fail.cold+0x5/0xa
[ 1718.744202][T16707]  prepare_alloc_pages+0x17b/0x570
[ 1718.750182][T16707]  __alloc_pages+0x12f/0x500
[ 1718.757237][T16707]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1718.765992][T16707]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1718.774764][T16707]  alloc_pages_vma+0xf3/0x7d0
[ 1718.780687][T16707]  shmem_alloc_page+0x11f/0x1f0
[ 1718.792200][T16707]  ? shmem_link+0x360/0x360
[ 1718.798303][T16707]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1718.808410][T16707]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1718.818122][T16707]  ? percpu_counter_add_batch+0xbd/0x180
[ 1718.827839][T16707]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1718.836159][T16707]  ? __vm_enough_memory+0x184/0x360
[ 1718.844332][T16707]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1718.854546][T16707]  shmem_getpage_gfp+0x643/0x22d0
[ 1718.863681][T16707]  ? shmem_is_huge+0x2f0/0x2f0
[ 1718.871324][T16707]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1718.875422][T16714] FAULT_INJECTION: forcing a failure.
[ 1718.875422][T16714] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1718.878824][T16707]  ? shmem_fault+0x750/0x750
[ 1718.878848][T16707]  ? __kasan_kmalloc+0xa6/0xd0
[ 1718.878865][T16707]  drm_gem_get_pages+0x291/0x5d0
[ 1718.878883][T16707]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1718.878899][T16707]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1718.878916][T16707]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1718.878934][T16707]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1718.878971][T16707]  drm_gem_pin+0x64/0x90
[ 1718.878986][T16707]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1718.879002][T16707]  dma_buf_dynamic_attach+0x206/0xb40
[ 1718.879020][T16707]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1718.879037][T16707]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1718.879054][T16707]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1718.879071][T16707]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1718.879087][T16707]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1718.879103][T16707]  drm_ioctl_kernel+0x27d/0x4e0
[ 1718.879119][T16707]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1718.879137][T16707]  ? drm_setversion+0x8b0/0x8b0
[ 1718.879153][T16707]  drm_ioctl+0x51e/0x9d0
[ 1718.879171][T16707]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1718.879188][T16707]  ? drm_version+0x3d0/0x3d0
[ 1718.879203][T16707]  ? __fget_files+0x23d/0x3e0
[ 1718.879270][T16707]  ? security_file_ioctl+0x5c/0xb0
[ 1718.879302][T16707]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1718.879334][T16707]  ? drm_version+0x3d0/0x3d0
[ 1718.879358][T16707]  __x64_sys_ioctl+0x193/0x200
[ 1718.879384][T16707]  do_syscall_64+0x35/0xb0
[ 1718.879408][T16707]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1718.904705][    C2] vkms_vblank_simulate: vblank timer overrun
[ 1718.910809][T16707] RIP: 0033:0x7f2c65d45ae9
[ 1719.116118][T16707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1719.140135][T16707] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1719.150881][T16707] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1719.159000][T16707] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1719.167019][T16707] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1719.175559][T16707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1719.185184][T16707] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1719.194817][T16707]  </TASK>
[ 1719.198565][T16714] CPU: 2 PID: 16714 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0
[ 1719.208609][T16714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1719.219148][T16714] Call Trace:
[ 1719.222553][T16714]  <TASK>
[ 1719.225764][T16714]  dump_stack_lvl+0xcd/0x134
[ 1719.230498][T16714]  should_fail.cold+0x5/0xa
[ 1719.236052][T16714]  _copy_to_user+0x2c/0x150
[ 1719.241994][T16714]  simple_read_from_buffer+0xcc/0x160
[ 1719.248622][T16714]  proc_fail_nth_read+0x187/0x220
[ 1719.254225][T16714]  ? proc_tid_comm_permission+0x1b0/0x1b0
[ 1719.262721][T16714]  ? security_file_permission+0xab/0xd0
[ 1719.270092][T16714]  ? proc_tid_comm_permission+0x1b0/0x1b0
[ 1719.277151][T16714]  vfs_read+0x1b5/0x600
[ 1719.282996][T16714]  ksys_read+0x12d/0x250
[ 1719.287426][T16714]  ? vfs_write+0xae0/0xae0
[ 1719.292031][T16714]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1719.298179][T16714]  do_syscall_64+0x35/0xb0
[ 1719.303004][T16714]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1719.309820][T16714] RIP: 0033:0x7fa26c87169c
[ 1719.314670][T16714] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1719.336040][T16714] RSP: 002b:00007fa269df2170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1719.345011][T16714] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007fa26c87169c
[ 1719.353468][T16714] RDX: 000000000000000f RSI: 00007fa269df21e0 RDI: 0000000000000005
[ 1719.363116][T16714] RBP: 00007fa269df21d0 R08: 0000000000000000 R09: 0000000000000000
[ 1719.372258][T16714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1719.381963][T16714] R13: 00007ffc0019c51f R14: 00007fa269df2300 R15: 0000000000022000
[ 1719.391104][T16714]  </TASK>
[ 1719.395007][    C2] vkms_vblank_simulate: vblank timer overrun
18:12:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 33)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r5, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x1000, 0x8cd, 0x1f})
close(r2)
write$binfmt_elf64(r2, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x3f, 0x6, 0x0, 0x3f, 0x3, 0x3, 0x3, 0x1, 0x25f, 0x40, 0x7f, 0x800, 0x7, 0x38, 0x2, 0x100, 0x7fff, 0xda}, [{0x4, 0x8001, 0x7, 0x9, 0x200, 0x100000000, 0x400, 0x10001}, {0x1, 0x10001, 0x8, 0x6, 0xfff, 0x511, 0x1, 0xfffffffffffffffc}], "e211d93786beeba5f7b1a8c789963b37ae4a8699718488f8b3e2c6f395ff0b0f1efd129194e7c95b017916e1900fe0c8d1c5d62f58ee4854e317e5a14ba851c462b642d198da9afe0fa74c3a4bdf2d1b048a15b8e01eb257f2a9529c655c618a95e2d56e5158f66954353df36532bfa8146a7e61313c922e719c19655a6b15870c", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x831)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:00 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xff0f000000000000, &(0x7f0000000000))

[ 1719.517573][T16721] FAULT_INJECTION: forcing a failure.
[ 1719.517573][T16721] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1719.537801][T16721] CPU: 2 PID: 16721 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1719.546382][T16721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1719.555366][T16721] Call Trace:
[ 1719.559730][T16721]  <TASK>
[ 1719.562458][T16721]  dump_stack_lvl+0xcd/0x134
[ 1719.566562][T16721]  should_fail.cold+0x5/0xa
[ 1719.570793][T16721]  prepare_alloc_pages+0x17b/0x570
[ 1719.575542][T16721]  __alloc_pages+0x12f/0x500
[ 1719.580330][T16721]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1719.586872][T16721]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1719.593131][T16721]  alloc_pages_vma+0xf3/0x7d0
[ 1719.597839][T16721]  shmem_alloc_page+0x11f/0x1f0
[ 1719.602703][T16721]  ? shmem_link+0x360/0x360
[ 1719.607462][T16721]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1719.614671][T16721]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1719.622817][T16721]  ? percpu_counter_add_batch+0xbd/0x180
[ 1719.630263][T16721]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1719.637580][T16721]  ? __vm_enough_memory+0x184/0x360
[ 1719.644389][T16721]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1719.650276][T16721]  shmem_getpage_gfp+0x643/0x22d0
[ 1719.655450][T16721]  ? shmem_is_huge+0x2f0/0x2f0
[ 1719.660761][T16721]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1719.666002][T16721]  ? shmem_fault+0x750/0x750
[ 1719.670500][T16721]  ? __kasan_kmalloc+0xa6/0xd0
[ 1719.674953][T16721]  drm_gem_get_pages+0x291/0x5d0
[ 1719.679306][T16721]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1719.684620][T16721]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1719.690357][T16721]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1719.696054][T16721]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1719.701264][T16721]  drm_gem_pin+0x64/0x90
[ 1719.705149][T16721]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1719.709797][T16721]  dma_buf_dynamic_attach+0x206/0xb40
[ 1719.714889][T16721]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1719.721075][T16721]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1719.726993][T16721]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1719.733873][T16721]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1719.741374][T16721]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1719.748836][T16721]  drm_ioctl_kernel+0x27d/0x4e0
[ 1719.753563][T16721]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1719.759911][T16721]  ? drm_setversion+0x8b0/0x8b0
[ 1719.765848][T16721]  drm_ioctl+0x51e/0x9d0
[ 1719.770717][T16721]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1719.778551][T16721]  ? drm_version+0x3d0/0x3d0
[ 1719.783125][T16721]  ? __fget_files+0x23d/0x3e0
[ 1719.787404][T16721]  ? security_file_ioctl+0x5c/0xb0
[ 1719.793649][T16721]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1719.801285][T16721]  ? drm_version+0x3d0/0x3d0
[ 1719.806607][T16721]  __x64_sys_ioctl+0x193/0x200
[ 1719.811930][T16721]  do_syscall_64+0x35/0xb0
[ 1719.816955][T16721]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1719.824182][T16721] RIP: 0033:0x7f2c65d45ae9
[ 1719.829335][T16721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1719.850091][T16721] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1719.857968][T16721] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1719.865266][T16721] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1719.872454][T16721] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1719.881321][T16721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1719.890013][T16721] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1719.898759][T16721]  </TASK>
[ 1719.902247][    C2] vkms_vblank_simulate: vblank timer overrun
[ 1719.945864][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 34)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x2, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:00 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000200)={0x400000000000004, 0x5})
sendmsg$nl_route(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000240)=@ipv6_deladdr={0xd4, 0x15, 0x20, 0x70bd2d, 0x25dfdbfe, {0xa, 0x0, 0x10, 0xfe}, [@IFA_FLAGS={0x8, 0x8, 0x16}, @IFA_LOCAL={0x14, 0x2, @rand_addr=' \x01\x00'}, @IFA_ADDRESS={0x14, 0x1, @private1}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}, @IFA_CACHEINFO={0x14, 0x6, {0x1, 0xf01, 0x6608, 0x8}}, @IFA_LOCAL={0x14, 0x2, @remote}, @IFA_CACHEINFO={0x14, 0x6, {0x8, 0x7fff, 0x4, 0x6}}, @IFA_ADDRESS={0x14, 0x1, @mcast2}, @IFA_LOCAL={0x14, 0x2, @local}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4}, 0x84)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = socket(0x200000000000011, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x3, 0x7fb)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'tunl0\x00', <r6=>0x0})
bind$packet(r4, &(0x7f0000000040)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="747e905520af"}, 0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)=@ipv6_deladdr={0x68, 0x15, 0x8, 0x70bd2b, 0x25dfdbfd, {0xa, 0x80, 0x11, 0xff, r6}, [@IFA_CACHEINFO={0x14, 0x6, {0x2, 0xfffffffd, 0x0, 0x6}}, @IFA_LOCAL={0x14, 0x2, @local}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IFA_CACHEINFO={0x14, 0x6, {0x7ff, 0xfffffffd, 0x0, 0x4}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40080d0}, 0x10000090)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r7=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
r8 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r8, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000040)={0x800, 0xc, 0x6})
connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e20, 0x2, @dev={0xfe, 0x80, '\x00', 0x29}, 0x1}, 0x1c)

[ 1720.064320][T16730] FAULT_INJECTION: forcing a failure.
[ 1720.064320][T16730] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:13:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x10, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1720.093973][T16730] CPU: 3 PID: 16730 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1720.105140][T16730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1720.116326][T16730] Call Trace:
[ 1720.120649][T16730]  <TASK>
[ 1720.125223][T16730]  dump_stack_lvl+0xcd/0x134
[ 1720.131643][T16730]  should_fail.cold+0x5/0xa
[ 1720.138430][T16730]  prepare_alloc_pages+0x17b/0x570
[ 1720.144933][T16730]  __alloc_pages+0x12f/0x500
[ 1720.150986][T16730]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1720.159515][T16730]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1720.167010][T16730]  alloc_pages_vma+0xf3/0x7d0
[ 1720.173237][T16730]  shmem_alloc_page+0x11f/0x1f0
[ 1720.178863][T16730]  ? shmem_link+0x360/0x360
[ 1720.184187][T16730]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1720.192371][T16730]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
18:13:00 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b47, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1720.200221][T16730]  ? percpu_counter_add_batch+0xbd/0x180
[ 1720.206940][T16730]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1720.212642][T16730]  ? __vm_enough_memory+0x184/0x360
[ 1720.217900][T16730]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1720.224011][T16730]  shmem_getpage_gfp+0x643/0x22d0
[ 1720.229580][T16730]  ? shmem_is_huge+0x2f0/0x2f0
[ 1720.235015][T16730]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1720.240912][T16730]  ? shmem_fault+0x750/0x750
[ 1720.245647][T16730]  ? __kasan_kmalloc+0xa6/0xd0
[ 1720.251122][T16730]  drm_gem_get_pages+0x291/0x5d0
[ 1720.257198][T16730]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1720.264006][T16730]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1720.270995][T16730]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1720.277391][T16730]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1720.284343][T16730]  drm_gem_pin+0x64/0x90
[ 1720.290240][T16730]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1720.297682][T16730]  dma_buf_dynamic_attach+0x206/0xb40
[ 1720.305316][T16730]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1720.313506][T16730]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1720.320279][T16730]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1720.327162][T16730]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1720.333749][T16730]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1720.340939][T16730]  drm_ioctl_kernel+0x27d/0x4e0
[ 1720.346702][T16730]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1720.353558][T16730]  ? drm_setversion+0x8b0/0x8b0
[ 1720.358360][T16730]  drm_ioctl+0x51e/0x9d0
[ 1720.364033][T16730]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1720.371579][T16730]  ? drm_version+0x3d0/0x3d0
[ 1720.376859][T16730]  ? __fget_files+0x23d/0x3e0
[ 1720.381766][T16730]  ? security_file_ioctl+0x5c/0xb0
[ 1720.387739][T16730]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1720.395635][T16730]  ? drm_version+0x3d0/0x3d0
[ 1720.400888][T16730]  __x64_sys_ioctl+0x193/0x200
[ 1720.406555][T16730]  do_syscall_64+0x35/0xb0
[ 1720.411188][T16730]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1720.418538][T16730] RIP: 0033:0x7f2c65d45ae9
[ 1720.423923][T16730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1720.449071][T16730] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1720.459855][T16730] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1720.468577][T16730] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1720.478267][T16730] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1720.488943][T16730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1720.498552][T16730] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1720.507596][T16730]  </TASK>
18:13:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 35)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:01 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xfffdffff00000000, &(0x7f0000000000))

[ 1720.613954][T16744] FAULT_INJECTION: forcing a failure.
[ 1720.613954][T16744] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1720.651290][T16744] CPU: 3 PID: 16744 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1720.662725][T16744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1720.673197][T16744] Call Trace:
[ 1720.676469][T16744]  <TASK>
[ 1720.679662][T16744]  dump_stack_lvl+0xcd/0x134
[ 1720.685438][T16744]  should_fail.cold+0x5/0xa
[ 1720.690351][T16744]  prepare_alloc_pages+0x17b/0x570
[ 1720.696895][T16744]  __alloc_pages+0x12f/0x500
[ 1720.702882][T16744]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1720.710961][T16744]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1720.717932][T16744]  alloc_pages_vma+0xf3/0x7d0
[ 1720.723471][T16744]  shmem_alloc_page+0x11f/0x1f0
[ 1720.729478][T16744]  ? shmem_link+0x360/0x360
[ 1720.735186][T16744]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1720.742704][T16744]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1720.749596][T16744]  ? percpu_counter_add_batch+0xbd/0x180
[ 1720.757861][T16744]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1720.766235][T16744]  ? __vm_enough_memory+0x184/0x360
[ 1720.774730][T16744]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1720.782457][T16744]  shmem_getpage_gfp+0x643/0x22d0
[ 1720.789720][T16744]  ? shmem_is_huge+0x2f0/0x2f0
[ 1720.796026][T16744]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1720.803921][T16744]  ? shmem_fault+0x750/0x750
[ 1720.809557][T16744]  ? __kasan_kmalloc+0xa6/0xd0
[ 1720.815161][T16744]  drm_gem_get_pages+0x291/0x5d0
[ 1720.820420][T16744]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1720.827073][T16744]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1720.833779][T16744]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1720.840321][T16744]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1720.847698][T16744]  drm_gem_pin+0x64/0x90
[ 1720.852889][T16744]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1720.858710][T16744]  dma_buf_dynamic_attach+0x206/0xb40
[ 1720.865207][T16744]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1720.872136][T16744]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1720.879461][T16744]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1720.885631][T16744]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1720.892524][T16744]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1720.900898][T16744]  drm_ioctl_kernel+0x27d/0x4e0
[ 1720.906977][T16744]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1720.914605][T16744]  ? drm_setversion+0x8b0/0x8b0
[ 1720.920583][T16744]  drm_ioctl+0x51e/0x9d0
[ 1720.925862][T16744]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1720.933481][T16744]  ? drm_version+0x3d0/0x3d0
[ 1720.938411][T16744]  ? __fget_files+0x23d/0x3e0
[ 1720.944428][T16744]  ? security_file_ioctl+0x5c/0xb0
[ 1720.951151][T16744]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1720.958690][T16744]  ? drm_version+0x3d0/0x3d0
[ 1720.963968][T16744]  __x64_sys_ioctl+0x193/0x200
[ 1720.970303][T16744]  do_syscall_64+0x35/0xb0
[ 1720.976145][T16744]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1720.982727][T16744] RIP: 0033:0x7f2c65d45ae9
[ 1720.988006][T16744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1721.013387][T16744] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1721.025651][T16744] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1721.036114][T16744] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1721.046547][T16744] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1721.056832][T16744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1721.067572][T16744] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1721.077262][T16744]  </TASK>
[ 1721.199544][T16750] FAULT_INJECTION: forcing a failure.
[ 1721.199544][T16750] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:13:01 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x345083, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x4, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 36)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1721.219252][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:01 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x20000, 0x40)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
fcntl$setstatus(r5, 0x4, 0x4000)
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1721.228043][T16750] CPU: 2 PID: 16750 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1721.238211][T16750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1721.247338][T16750] Call Trace:
[ 1721.251050][T16750]  <TASK>
[ 1721.254088][T16750]  dump_stack_lvl+0xcd/0x134
[ 1721.259068][T16750]  should_fail.cold+0x5/0xa
[ 1721.263305][T16750]  prepare_alloc_pages+0x17b/0x570
[ 1721.269107][T16750]  __alloc_pages+0x12f/0x500
[ 1721.274608][T16750]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1721.282442][T16750]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1721.288984][T16750]  alloc_pages_vma+0xf3/0x7d0
[ 1721.293803][T16750]  shmem_alloc_page+0x11f/0x1f0
[ 1721.298727][T16750]  ? shmem_link+0x360/0x360
[ 1721.304058][T16750]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1721.311236][T16750]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
18:13:01 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xffffff7f00000000, &(0x7f0000000000))

18:13:01 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x3ff, 0x100000d4, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODESET_CTL(r1, 0x40086408, &(0x7f0000000040)={0x8000, 0x20})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1721.319056][T16750]  ? percpu_counter_add_batch+0xbd/0x180
[ 1721.327511][T16750]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1721.334174][T16750]  ? __vm_enough_memory+0x184/0x360
[ 1721.341361][T16750]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1721.348149][T16750]  shmem_getpage_gfp+0x643/0x22d0
[ 1721.354166][T16750]  ? shmem_is_huge+0x2f0/0x2f0
[ 1721.360133][T16750]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1721.368087][T16750]  ? shmem_fault+0x750/0x750
[ 1721.372887][T16750]  ? __kasan_kmalloc+0xa6/0xd0
[ 1721.377770][T16750]  drm_gem_get_pages+0x291/0x5d0
[ 1721.383695][T16750]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1721.391439][T16750]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1721.398118][T16750]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1721.404281][T16750]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1721.411440][T16750]  drm_gem_pin+0x64/0x90
[ 1721.416768][T16750]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1721.422528][T16750]  dma_buf_dynamic_attach+0x206/0xb40
[ 1721.428877][T16750]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1721.436444][T16750]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1721.442821][T16750]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1721.449774][T16750]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1721.457079][T16750]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1721.464065][T16750]  drm_ioctl_kernel+0x27d/0x4e0
[ 1721.469497][T16750]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1721.475626][T16750]  ? drm_setversion+0x8b0/0x8b0
[ 1721.480489][T16750]  drm_ioctl+0x51e/0x9d0
[ 1721.484747][T16750]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1721.491476][T16750]  ? drm_version+0x3d0/0x3d0
[ 1721.496629][T16750]  ? __fget_files+0x23d/0x3e0
[ 1721.501520][T16750]  ? security_file_ioctl+0x5c/0xb0
[ 1721.506456][T16750]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1721.513334][T16750]  ? drm_version+0x3d0/0x3d0
[ 1721.517969][T16750]  __x64_sys_ioctl+0x193/0x200
[ 1721.522589][T16750]  do_syscall_64+0x35/0xb0
[ 1721.527018][T16750]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1721.532684][T16750] RIP: 0033:0x7f2c65d45ae9
[ 1721.537064][T16750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1721.556718][T16750] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1721.564765][T16750] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1721.572442][T16750] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1721.581046][T16750] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1721.590733][T16750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1721.599001][T16750] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1721.607421][T16750]  </TASK>
[ 1721.610875][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b49, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 37)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:02 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xffffffff00000000, &(0x7f0000000000))

[ 1721.853709][T16769] FAULT_INJECTION: forcing a failure.
18:13:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b66, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1721.853709][T16769] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1721.883560][T16769] CPU: 0 PID: 16769 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1721.894330][T16769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1721.905583][T16769] Call Trace:
[ 1721.909696][T16769]  <TASK>
[ 1721.913423][T16769]  dump_stack_lvl+0xcd/0x134
[ 1721.918961][T16769]  should_fail.cold+0x5/0xa
[ 1721.924631][T16769]  prepare_alloc_pages+0x17b/0x570
18:13:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4c00, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1721.930853][T16769]  __alloc_pages+0x12f/0x500
[ 1721.936613][T16769]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1721.944875][T16769]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1721.951679][T16769]  alloc_pages_vma+0xf3/0x7d0
[ 1721.958030][T16769]  shmem_alloc_page+0x11f/0x1f0
[ 1721.964160][T16769]  ? shmem_link+0x360/0x360
[ 1721.969585][T16769]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1721.977699][T16769]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1721.986642][T16769]  ? percpu_counter_add_batch+0xbd/0x180
[ 1721.994165][T16769]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1722.001231][T16769]  ? __vm_enough_memory+0x184/0x360
[ 1722.007862][T16769]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1722.014994][T16769]  shmem_getpage_gfp+0x643/0x22d0
[ 1722.021154][T16769]  ? shmem_is_huge+0x2f0/0x2f0
[ 1722.026993][T16769]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1722.033857][T16769]  ? shmem_fault+0x750/0x750
[ 1722.039855][T16769]  ? __kasan_kmalloc+0xa6/0xd0
[ 1722.045870][T16769]  drm_gem_get_pages+0x291/0x5d0
[ 1722.052322][T16769]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1722.059228][T16769]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1722.065495][T16769]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1722.070742][T16769]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1722.077993][T16769]  drm_gem_pin+0x64/0x90
[ 1722.082247][T16769]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1722.087870][T16769]  dma_buf_dynamic_attach+0x206/0xb40
[ 1722.093767][T16769]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1722.100871][T16769]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1722.107282][T16769]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1722.113087][T16769]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1722.119090][T16769]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1722.126342][T16769]  drm_ioctl_kernel+0x27d/0x4e0
[ 1722.131506][T16769]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1722.139070][T16769]  ? drm_setversion+0x8b0/0x8b0
[ 1722.144358][T16769]  drm_ioctl+0x51e/0x9d0
[ 1722.148628][T16769]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1722.155723][T16769]  ? drm_version+0x3d0/0x3d0
[ 1722.162120][T16769]  ? __fget_files+0x23d/0x3e0
[ 1722.167492][T16769]  ? security_file_ioctl+0x5c/0xb0
[ 1722.173098][T16769]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1722.179790][T16769]  ? drm_version+0x3d0/0x3d0
[ 1722.186095][T16769]  __x64_sys_ioctl+0x193/0x200
[ 1722.191232][T16769]  do_syscall_64+0x35/0xb0
[ 1722.196193][T16769]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1722.203320][T16769] RIP: 0033:0x7f2c65d45ae9
[ 1722.208103][T16769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1722.230843][T16769] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1722.241523][T16769] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1722.251098][T16769] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1722.261393][T16769] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1722.269523][T16769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1722.277501][T16769] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1722.286506][T16769]  </TASK>
18:13:02 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4c01, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:02 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x10}, 0x10}}, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000200)={&(0x7f0000000140)=[0x5, 0x6, 0x3f], &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x3, 0x1000, 0xb0b0b0b0})
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000008, 0x810, r2, 0x71890000)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 38)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:02 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0xffffffffffffffff, &(0x7f0000000000))

18:13:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x541b, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1722.492534][T16790] FAULT_INJECTION: forcing a failure.
18:13:03 executing program 0:
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001c00)={&(0x7f0000000500), 0x6e, &(0x7f0000001ac0)=[{&(0x7f0000000580)=""/77, 0x4d}, {&(0x7f0000000600)=""/179, 0xb3}, {&(0x7f00000006c0)=""/246, 0xf6}, {&(0x7f00000007c0)=""/92, 0x5c}, {&(0x7f0000000840)=""/163, 0xa3}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f0000001900)=""/170, 0xaa}, {&(0x7f00000019c0)=""/250, 0xfa}], 0x8, &(0x7f0000001b40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r0=>0x0}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}, 0x1)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x6, 0x3, &(0x7f0000000440)=[{&(0x7f00000001c0)="ca690b93471f5ae7883842405ed9a424fe0d8114122e8d5d37d6f2be26eb9ba64034bb5709bc37d3bff3300c124df79d7e5f410331c3085b3e6a6994bbae4d9e437d3954489e595b1e4f53596930abb3ae6c54b8e921bcd536f2fb0a80de5bec36b94776ca4c9ecf0abb02fdd9cc7c4f70080d6b6b14694ee2ec8097c36aca826ff3aea36c853b8f058ff10ba57bb0bbbd2e3e65739ee3dcf2e17fe5b01ccad14bcb15281529dda7f1aa1b0731471a89eaac26024b2da02a20296a14a41b27dd936924e7b0bb0e5153b085053fffeedb603ddfa19d159ef15939d8b308074f52572aa650039f573f845e3eccfab4a7373cb9900ff394f874eb85b1325c", 0xfd, 0xf8}, {&(0x7f00000002c0)="a68fd0791c5d031922b1dc3dcdbb76d016fe90bffafa798ceac9c83d4032b52799a3b86fa323dae4c60c646297f55776325ed25666cebc73c08d4292171baf6a7c2c0ce4e0e41460fdc67daade957f58659d94df871df6512b40b04d99d76d3e372e7a72a0f5f381a4ad2120e024738898", 0x71, 0x6}, {&(0x7f0000000340)="085e1cf4c545e8711b91fe5f8f40aaa85964c400b711ec7cb7aaaa0971d8ce26358fc85cd4c32da3c3c5190c38b21f75f769eebc58e0b3d4138777013db765d5f4adbec998fcaa9a8e9244fdcecdebdcce3d5aefb5ef311adb2e932d46d26d5ff5eb2191545279705ac1b22f36aae9d9d053e551428d60cdd6f689691bc844279dd9cb8e4e7932dfbc4b5e67daf468892f60662f1cdc3e574c489c328403ed8146c8e6bc370c20eb7b2604abeafe80c051f6b266312b2b6758f6876ac22a9b4e8624", 0xc2, 0x3}], 0x804, &(0x7f0000001c40)={[{@session={'session', 0x3d, 0x27}}, {@uid={'uid', 0x3d, 0xee01}}, {@block={'block', 0x3d, 0x200}}, {@map_acorn}, {@block={'block', 0x3d, 0x200}}, {@cruft}, {@block={'block', 0x3d, 0xe00}}, {@check_relaxed}, {@utf8}, {@uid={'uid', 0x3d, 0xee01}}], [{@subj_type={'subj_type', 0x3d, '*[%#{-z-!^@'}}, {@obj_role={'obj_role', 0x3d, '[{-'}}, {@seclabel}, {@fowner_eq={'fowner', 0x3d, r0}}, {@permit_directio}]})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe})

[ 1722.492534][T16790] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1722.520722][T16790] CPU: 2 PID: 16790 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1722.531102][T16790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1722.542589][T16790] Call Trace:
[ 1722.547075][T16790]  <TASK>
[ 1722.550735][T16790]  dump_stack_lvl+0xcd/0x134
18:13:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5421, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1722.555750][T16790]  should_fail.cold+0x5/0xa
[ 1722.560790][T16790]  prepare_alloc_pages+0x17b/0x570
[ 1722.566444][T16790]  __alloc_pages+0x12f/0x500
[ 1722.571080][T16790]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1722.580036][T16790]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1722.586656][T16790]  alloc_pages_vma+0xf3/0x7d0
[ 1722.592603][T16790]  shmem_alloc_page+0x11f/0x1f0
[ 1722.598758][T16790]  ? shmem_link+0x360/0x360
[ 1722.604376][T16790]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1722.612586][T16790]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1722.621427][T16790]  ? percpu_counter_add_batch+0xbd/0x180
[ 1722.628381][T16790]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1722.635582][T16790]  ? __vm_enough_memory+0x184/0x360
[ 1722.641741][T16790]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1722.648225][T16790]  shmem_getpage_gfp+0x643/0x22d0
[ 1722.655677][T16790]  ? shmem_is_huge+0x2f0/0x2f0
[ 1722.661424][T16790]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1722.669058][T16790]  ? shmem_fault+0x750/0x750
[ 1722.674796][T16790]  ? __kasan_kmalloc+0xa6/0xd0
[ 1722.680439][T16790]  drm_gem_get_pages+0x291/0x5d0
[ 1722.686468][T16790]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1722.693281][T16790]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1722.700532][T16790]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1722.707527][T16790]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1722.714645][T16790]  drm_gem_pin+0x64/0x90
[ 1722.719814][T16790]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1722.726094][T16790]  dma_buf_dynamic_attach+0x206/0xb40
[ 1722.732731][T16790]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1722.739984][T16790]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1722.746660][T16790]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1722.753515][T16790]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1722.760338][T16790]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1722.767785][T16790]  drm_ioctl_kernel+0x27d/0x4e0
[ 1722.774151][T16790]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1722.782464][T16790]  ? drm_setversion+0x8b0/0x8b0
[ 1722.789065][T16790]  drm_ioctl+0x51e/0x9d0
18:13:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5450, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5451, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1722.794565][T16790]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1722.802144][T16790]  ? drm_version+0x3d0/0x3d0
[ 1722.811650][T16790]  ? __fget_files+0x23d/0x3e0
[ 1722.817543][T16790]  ? security_file_ioctl+0x5c/0xb0
[ 1722.828012][T16790]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1722.838193][T16790]  ? drm_version+0x3d0/0x3d0
[ 1722.848724][T16790]  __x64_sys_ioctl+0x193/0x200
[ 1722.854959][T16790]  do_syscall_64+0x35/0xb0
[ 1722.861809][T16790]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1722.869482][T16790] RIP: 0033:0x7f2c65d45ae9
[ 1722.875597][T16790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1722.903516][T16790] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1722.915022][T16790] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1722.924585][T16790] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1722.934926][T16790] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1722.945377][T16790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1722.954492][T16790] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1722.964932][T16790]  </TASK>
[ 1722.969382][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:03 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5452, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 39)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1723.090717][T16815] FAULT_INJECTION: forcing a failure.
[ 1723.090717][T16815] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1723.113387][T16815] CPU: 2 PID: 16815 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1723.125274][T16815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1723.136095][T16815] Call Trace:
[ 1723.141316][T16815]  <TASK>
[ 1723.145257][T16815]  dump_stack_lvl+0xcd/0x134
[ 1723.151285][T16815]  should_fail.cold+0x5/0xa
[ 1723.157140][T16815]  prepare_alloc_pages+0x17b/0x570
[ 1723.164416][T16815]  __alloc_pages+0x12f/0x500
[ 1723.170683][T16815]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1723.179545][T16815]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1723.185845][T16815]  alloc_pages_vma+0xf3/0x7d0
[ 1723.191519][T16815]  shmem_alloc_page+0x11f/0x1f0
[ 1723.197430][T16815]  ? shmem_link+0x360/0x360
[ 1723.202908][T16815]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1723.211024][T16815]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1723.218159][T16815]  ? percpu_counter_add_batch+0xbd/0x180
[ 1723.224023][T16815]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1723.230798][T16815]  ? __vm_enough_memory+0x184/0x360
[ 1723.236818][T16815]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1723.243431][T16815]  shmem_getpage_gfp+0x643/0x22d0
[ 1723.248699][T16815]  ? shmem_is_huge+0x2f0/0x2f0
[ 1723.253321][T16815]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1723.259835][T16815]  ? shmem_fault+0x750/0x750
[ 1723.266092][T16815]  ? __kasan_kmalloc+0xa6/0xd0
[ 1723.271720][T16815]  drm_gem_get_pages+0x291/0x5d0
[ 1723.277252][T16815]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1723.283523][T16815]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1723.289122][T16815]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1723.294994][T16815]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1723.302970][T16815]  drm_gem_pin+0x64/0x90
[ 1723.308785][T16815]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1723.314450][T16815]  dma_buf_dynamic_attach+0x206/0xb40
[ 1723.320623][T16815]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1723.326855][T16815]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1723.332334][T16815]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1723.338171][T16815]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1723.343514][T16815]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1723.348795][T16815]  drm_ioctl_kernel+0x27d/0x4e0
[ 1723.353422][T16815]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1723.359871][T16815]  ? drm_setversion+0x8b0/0x8b0
[ 1723.364810][T16815]  drm_ioctl+0x51e/0x9d0
[ 1723.369122][T16815]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1723.377918][T16815]  ? drm_version+0x3d0/0x3d0
[ 1723.382571][T16815]  ? __fget_files+0x23d/0x3e0
[ 1723.387689][T16815]  ? security_file_ioctl+0x5c/0xb0
[ 1723.392798][T16815]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1723.399516][T16815]  ? drm_version+0x3d0/0x3d0
[ 1723.404084][T16815]  __x64_sys_ioctl+0x193/0x200
[ 1723.408906][T16815]  do_syscall_64+0x35/0xb0
[ 1723.413239][T16815]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1723.419539][T16815] RIP: 0033:0x7f2c65d45ae9
[ 1723.424635][T16815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1723.447211][T16815] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1723.455971][T16815] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1723.464670][T16815] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1723.473199][T16815] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1723.482125][T16815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1723.490191][T16815] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1723.498945][T16815]  </TASK>
[ 1723.501957][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:04 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000))

18:13:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5460, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:04 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
bind$bt_l2cap(r1, &(0x7f0000000200)={0x1f, 0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5}, 0xe)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x3f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r5=>0x0})
close(r3)
r6 = pidfd_getfd(r3, 0xffffffffffffffff, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f00000001c0)={0x27ba, 0x4, 0x80, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r7, 0xc00464b4, &(0x7f00000008c0)={r8})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r4, 0xc01064b3, &(0x7f0000000140)={r8})
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r6, 0x8008f512, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 40)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1723.594266][T16822] FAT-fs (loop1): bogus number of reserved sectors
[ 1723.601761][T16822] FAT-fs (loop1): Can't find a valid FAT filesystem
18:13:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x6364, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1723.648631][T16828] FAULT_INJECTION: forcing a failure.
[ 1723.648631][T16828] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1723.671157][T16828] CPU: 3 PID: 16828 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1723.684406][T16828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1723.697295][T16828] Call Trace:
[ 1723.701815][T16828]  <TASK>
[ 1723.705470][T16828]  dump_stack_lvl+0xcd/0x134
[ 1723.711891][T16828]  should_fail.cold+0x5/0xa
[ 1723.718569][T16828]  prepare_alloc_pages+0x17b/0x570
[ 1723.726148][T16828]  __alloc_pages+0x12f/0x500
18:13:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8913, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1723.732904][T16828]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1723.742275][T16828]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1723.749929][T16828]  alloc_pages_vma+0xf3/0x7d0
[ 1723.755824][T16828]  shmem_alloc_page+0x11f/0x1f0
[ 1723.762918][T16828]  ? shmem_link+0x360/0x360
[ 1723.768822][T16828]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1723.777527][T16828]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1723.785709][T16828]  ? percpu_counter_add_batch+0xbd/0x180
[ 1723.792798][T16828]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1723.799848][T16828]  ? __vm_enough_memory+0x184/0x360
[ 1723.806704][T16828]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1723.813815][T16828]  shmem_getpage_gfp+0x643/0x22d0
[ 1723.820349][T16828]  ? shmem_is_huge+0x2f0/0x2f0
[ 1723.827169][T16828]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1723.834611][T16828]  ? shmem_fault+0x750/0x750
[ 1723.840279][T16828]  ? __kasan_kmalloc+0xa6/0xd0
[ 1723.846157][T16828]  drm_gem_get_pages+0x291/0x5d0
[ 1723.852654][T16828]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1723.860212][T16828]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1723.868202][T16828]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1723.875237][T16828]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1723.882796][T16828]  drm_gem_pin+0x64/0x90
[ 1723.888806][T16828]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1723.895573][T16828]  dma_buf_dynamic_attach+0x206/0xb40
[ 1723.902844][T16828]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1723.910706][T16828]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1723.918530][T16828]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1723.925930][T16828]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1723.933483][T16828]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1723.940927][T16828]  drm_ioctl_kernel+0x27d/0x4e0
18:13:04 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8914, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1723.947000][T16828]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1723.955270][T16828]  ? drm_setversion+0x8b0/0x8b0
[ 1723.961461][T16828]  drm_ioctl+0x51e/0x9d0
[ 1723.967460][T16828]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1723.975389][T16828]  ? drm_version+0x3d0/0x3d0
[ 1723.981772][T16828]  ? __fget_files+0x23d/0x3e0
[ 1723.987699][T16828]  ? security_file_ioctl+0x5c/0xb0
[ 1723.994139][T16828]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1724.000770][T16828]  ? drm_version+0x3d0/0x3d0
[ 1724.005451][T16828]  __x64_sys_ioctl+0x193/0x200
[ 1724.010561][T16828]  do_syscall_64+0x35/0xb0
[ 1724.016801][T16828]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1724.024160][T16828] RIP: 0033:0x7f2c65d45ae9
[ 1724.031234][T16828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1724.053571][T16828] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1724.062822][T16828] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1724.070650][T16828] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1724.078798][T16828] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1724.089227][T16828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1724.099826][T16828] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1724.108941][T16828]  </TASK>
18:13:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8933, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:05 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x2})

18:13:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 41)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1725.220203][T16848] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1725.256130][T16850] FAULT_INJECTION: forcing a failure.
[ 1725.256130][T16850] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:13:05 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x89a2, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1725.311974][T16850] CPU: 1 PID: 16850 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1725.323947][T16850] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1725.335891][T16850] Call Trace:
[ 1725.340287][T16850]  <TASK>
[ 1725.343904][T16850]  dump_stack_lvl+0xcd/0x134
[ 1725.349606][T16850]  should_fail.cold+0x5/0xa
[ 1725.355454][T16850]  prepare_alloc_pages+0x17b/0x570
[ 1725.361497][T16850]  __alloc_pages+0x12f/0x500
[ 1725.367190][T16850]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1725.376076][T16850]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1725.382864][T16850]  alloc_pages_vma+0xf3/0x7d0
[ 1725.387916][T16850]  shmem_alloc_page+0x11f/0x1f0
[ 1725.392822][T16850]  ? shmem_link+0x360/0x360
[ 1725.397567][T16850]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1725.405203][T16850]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1725.412794][T16850]  ? percpu_counter_add_batch+0xbd/0x180
[ 1725.418505][T16850]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1725.424636][T16850]  ? __vm_enough_memory+0x184/0x360
[ 1725.430576][T16850]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1725.437645][T16850]  shmem_getpage_gfp+0x643/0x22d0
[ 1725.442849][T16850]  ? shmem_is_huge+0x2f0/0x2f0
[ 1725.448043][T16850]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1725.454428][T16850]  ? shmem_fault+0x750/0x750
[ 1725.460562][T16850]  ? __kasan_kmalloc+0xa6/0xd0
[ 1725.465438][T16850]  drm_gem_get_pages+0x291/0x5d0
[ 1725.471741][T16850]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1725.477501][T16850]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1725.483376][T16850]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1725.489667][T16850]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1725.496264][T16850]  drm_gem_pin+0x64/0x90
[ 1725.501817][T16850]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1725.508601][T16850]  dma_buf_dynamic_attach+0x206/0xb40
[ 1725.516804][T16850]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1725.525130][T16850]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1725.545813][T16850]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1725.552735][T16850]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1725.560424][T16850]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1725.566800][T16850]  drm_ioctl_kernel+0x27d/0x4e0
[ 1725.571702][T16850]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1725.577963][T16850]  ? drm_setversion+0x8b0/0x8b0
[ 1725.585103][T16850]  drm_ioctl+0x51e/0x9d0
[ 1725.591085][T16850]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1725.599706][T16850]  ? drm_version+0x3d0/0x3d0
[ 1725.605281][T16850]  ? __fget_files+0x23d/0x3e0
[ 1725.612142][T16850]  ? security_file_ioctl+0x5c/0xb0
[ 1725.618566][T16850]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1725.626717][T16850]  ? drm_version+0x3d0/0x3d0
[ 1725.632587][T16850]  __x64_sys_ioctl+0x193/0x200
[ 1725.638541][T16850]  do_syscall_64+0x35/0xb0
[ 1725.644109][T16850]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1725.651810][T16850] RIP: 0033:0x7f2c65d45ae9
18:13:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x89a3, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1725.657700][T16850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1725.683142][T16850] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1725.694086][T16850] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1725.703804][T16850] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1725.717753][T16850] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1725.730398][T16850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1725.739561][T16850] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1725.748443][T16850]  </TASK>
18:13:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xae80, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:06 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 42)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1725.916990][T16848] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400448c9, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1725.986574][T16868] FAULT_INJECTION: forcing a failure.
18:13:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400448dd, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1725.986574][T16868] name failslab, interval 1, probability 0, space 0, times 0
[ 1726.000829][T16868] CPU: 0 PID: 16868 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1726.010779][T16868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1726.020164][T16868] Call Trace:
[ 1726.023836][T16868]  <TASK>
[ 1726.026865][T16868]  dump_stack_lvl+0xcd/0x134
[ 1726.031644][T16868]  should_fail.cold+0x5/0xa
[ 1726.036174][T16868]  should_failslab+0x5/0x10
[ 1726.040651][T16868]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1726.045866][T16868]  drm_prime_pages_to_sg+0x49/0x130
[ 1726.050920][T16868]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1726.056923][T16868]  drm_gem_map_dma_buf+0xd7/0x1e0
[ 1726.062474][T16868]  dma_buf_map_attachment+0x39a/0x5b0
[ 1726.068242][T16868]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1726.074323][T16868]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1726.080418][T16868]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1726.086326][T16868]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1726.091932][T16868]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1726.098419][T16868]  drm_ioctl_kernel+0x27d/0x4e0
[ 1726.103145][T16868]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1726.108923][T16868]  ? drm_setversion+0x8b0/0x8b0
[ 1726.114342][T16868]  drm_ioctl+0x51e/0x9d0
[ 1726.119257][T16868]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1726.125580][T16868]  ? drm_version+0x3d0/0x3d0
[ 1726.130281][T16868]  ? __fget_files+0x23d/0x3e0
[ 1726.135580][T16868]  ? security_file_ioctl+0x5c/0xb0
[ 1726.141499][T16868]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1726.148652][T16868]  ? drm_version+0x3d0/0x3d0
[ 1726.154085][T16868]  __x64_sys_ioctl+0x193/0x200
[ 1726.159698][T16868]  do_syscall_64+0x35/0xb0
[ 1726.164873][T16868]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1726.172037][T16868] RIP: 0033:0x7f2c65d45ae9
[ 1726.177314][T16868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1726.200140][T16868] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1726.209999][T16868] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1726.220848][T16868] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1726.231260][T16868] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1726.239432][T16868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1726.249572][T16868] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1726.258105][T16868]  </TASK>
18:13:06 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400454ca, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:06 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x3})

18:13:06 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 43)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1726.380016][T16883] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1726.439950][T16886] FAULT_INJECTION: forcing a failure.
[ 1726.439950][T16886] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:13:07 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40049409, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1726.467951][T16886] CPU: 2 PID: 16886 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1726.478102][T16886] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1726.489934][T16886] Call Trace:
[ 1726.493986][T16886]  <TASK>
[ 1726.497678][T16886]  dump_stack_lvl+0xcd/0x134
[ 1726.503201][T16886]  should_fail.cold+0x5/0xa
[ 1726.508492][T16886]  prepare_alloc_pages+0x17b/0x570
[ 1726.514927][T16886]  __alloc_pages+0x12f/0x500
[ 1726.521591][T16886]  ? __alloc_pages_slowpath.constprop.0+0x20d0/0x20d0
[ 1726.529996][T16886]  ? avc_has_perm_noaudit+0x1c8/0x390
[ 1726.536353][T16886]  alloc_pages_vma+0xf3/0x7d0
[ 1726.542013][T16886]  shmem_alloc_page+0x11f/0x1f0
[ 1726.547902][T16886]  ? shmem_link+0x360/0x360
[ 1726.553344][T16886]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 1726.561024][T16886]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1726.568639][T16886]  ? percpu_counter_add_batch+0xbd/0x180
[ 1726.575347][T16886]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 1726.582129][T16886]  ? __vm_enough_memory+0x184/0x360
[ 1726.588376][T16886]  shmem_alloc_and_acct_page+0x161/0x8c0
[ 1726.594988][T16886]  shmem_getpage_gfp+0x643/0x22d0
[ 1726.601029][T16886]  ? shmem_is_huge+0x2f0/0x2f0
[ 1726.602540][T16890] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1726.607081][T16886]  shmem_read_mapping_page_gfp+0xd3/0x170
[ 1726.622695][T16886]  ? shmem_fault+0x750/0x750
[ 1726.628343][T16886]  ? __kasan_kmalloc+0xa6/0xd0
[ 1726.634154][T16886]  drm_gem_get_pages+0x291/0x5d0
[ 1726.640192][T16886]  ? drm_gem_dma_resv_wait+0x220/0x220
[ 1726.646944][T16886]  ? mutex_lock_io_nested+0x1150/0x1150
[ 1726.653817][T16886]  drm_gem_shmem_get_pages+0xd6/0x250
[ 1726.660210][T16886]  ? drm_gem_shmem_get_pages+0x250/0x250
[ 1726.667040][T16886]  drm_gem_pin+0x64/0x90
[ 1726.672211][T16886]  ? drm_gem_dmabuf_mmap+0xf0/0xf0
[ 1726.678387][T16886]  dma_buf_dynamic_attach+0x206/0xb40
[ 1726.685201][T16886]  drm_gem_prime_import_dev.part.0+0x21/0x220
[ 1726.692559][T16886]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1726.700482][T16886]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1726.707761][T16886]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1726.714346][T16886]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1726.721162][T16886]  drm_ioctl_kernel+0x27d/0x4e0
[ 1726.727193][T16886]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1726.734651][T16886]  ? drm_setversion+0x8b0/0x8b0
[ 1726.740369][T16886]  drm_ioctl+0x51e/0x9d0
[ 1726.745346][T16886]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1726.753380][T16886]  ? drm_version+0x3d0/0x3d0
[ 1726.758890][T16886]  ? __fget_files+0x23d/0x3e0
[ 1726.764545][T16886]  ? security_file_ioctl+0x5c/0xb0
[ 1726.770599][T16886]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1726.778331][T16886]  ? drm_version+0x3d0/0x3d0
[ 1726.783980][T16886]  __x64_sys_ioctl+0x193/0x200
[ 1726.790067][T16886]  do_syscall_64+0x35/0xb0
[ 1726.795477][T16886]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1726.802447][T16886] RIP: 0033:0x7f2c65d45ae9
[ 1726.807763][T16886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1726.831779][T16886] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1726.842612][T16886] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1726.852194][T16886] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1726.866322][T16886] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1726.876303][T16886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
18:13:07 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x4})

[ 1726.886231][T16886] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1726.901071][T16886]  </TASK>
[ 1726.905081][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:07 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40086602, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:07 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 44)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1726.981467][T16889] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:07 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x5})

[ 1727.079127][T16898] FAULT_INJECTION: forcing a failure.
[ 1727.079127][T16898] name failslab, interval 1, probability 0, space 0, times 0
[ 1727.093959][T16898] CPU: 1 PID: 16898 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1727.105297][T16898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1727.118654][T16898] Call Trace:
[ 1727.123362][T16898]  <TASK>
[ 1727.127592][T16898]  dump_stack_lvl+0xcd/0x134
[ 1727.133502][T16898]  should_fail.cold+0x5/0xa
[ 1727.139508][T16898]  ? drm_ioctl+0x51e/0x9d0
[ 1727.145342][T16898]  should_failslab+0x5/0x10
[ 1727.151177][T16898]  kmem_cache_alloc+0x5d/0x560
[ 1727.157318][T16898]  ? __lock_acquire+0x162f/0x54a0
[ 1727.163761][T16898]  radix_tree_node_alloc.constprop.0+0x1e4/0x350
[ 1727.172101][T16898]  idr_get_free+0x554/0xa60
[ 1727.197458][T16898]  idr_alloc_u32+0x16c/0x2c0
[ 1727.202900][T16898]  ? __fprop_add_percpu_max+0x1a0/0x1a0
[ 1727.209871][T16898]  ? lock_release+0x720/0x720
[ 1727.216800][T16898]  idr_alloc+0xc2/0x130
[ 1727.222567][T16898]  ? idr_alloc_u32+0x2c0/0x2c0
[ 1727.229988][T16898]  ? rwlock_bug.part.0+0x90/0x90
[ 1727.237737][T16898]  drm_gem_handle_create_tail+0xf6/0x570
[ 1727.245583][T16898]  drm_gem_prime_fd_to_handle+0x29a/0x550
[ 1727.256888][T16898]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1727.264346][T16898]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1727.272773][T16898]  drm_ioctl_kernel+0x27d/0x4e0
[ 1727.278902][T16898]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1727.289103][T16898]  ? drm_setversion+0x8b0/0x8b0
[ 1727.298583][T16898]  drm_ioctl+0x51e/0x9d0
[ 1727.304786][T16898]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1727.313545][T16898]  ? drm_version+0x3d0/0x3d0
[ 1727.323056][T16898]  ? __fget_files+0x23d/0x3e0
[ 1727.329298][T16898]  ? security_file_ioctl+0x5c/0xb0
[ 1727.336569][T16898]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1727.344539][T16898]  ? drm_version+0x3d0/0x3d0
[ 1727.351261][T16898]  __x64_sys_ioctl+0x193/0x200
[ 1727.363631][T16898]  do_syscall_64+0x35/0xb0
[ 1727.369945][T16898]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1727.378228][T16898] RIP: 0033:0x7f2c65d45ae9
[ 1727.384031][T16898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1727.417316][T16898] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1727.432065][T16898] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1727.443516][T16898] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
18:13:07 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40087602, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1727.454981][T16898] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1727.465667][T16898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1727.475649][T16898] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1727.487304][T16898]  </TASK>
[ 1727.566031][T16908] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 45)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40186366, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1727.640120][T16912] FAULT_INJECTION: forcing a failure.
[ 1727.640120][T16912] name failslab, interval 1, probability 0, space 0, times 0
[ 1727.682852][T16912] CPU: 0 PID: 16912 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1727.697559][T16912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1727.708936][T16912] Call Trace:
[ 1727.713398][T16912]  <TASK>
[ 1727.716704][T16912]  dump_stack_lvl+0xcd/0x134
[ 1727.722192][T16912]  should_fail.cold+0x5/0xa
[ 1727.727975][T16912]  should_failslab+0x5/0x10
[ 1727.735216][T16912]  __kmalloc+0x7b/0x4d0
[ 1727.740353][T16912]  ? sg_alloc_append_table_from_pages+0x699/0xdb0
[ 1727.748202][T16912]  ? lock_chain_count+0x20/0x20
[ 1727.753518][T16912]  sg_alloc_append_table_from_pages+0x699/0xdb0
[ 1727.759583][T16912]  sg_alloc_table_from_pages_segment+0xc9/0x260
[ 1727.766750][T16912]  ? sg_zero_buffer+0x1a0/0x1a0
[ 1727.772955][T16912]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1727.782931][T16912]  ? dma_get_required_mask+0xbf/0xf0
[ 1727.799387][T16912]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 1727.808075][T16912]  drm_prime_pages_to_sg+0xc7/0x130
[ 1727.813961][T16912]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1727.822217][T16912]  drm_gem_map_dma_buf+0xd7/0x1e0
[ 1727.829116][T16912]  dma_buf_map_attachment+0x39a/0x5b0
[ 1727.836397][T16912]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1727.847582][T16912]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1727.856411][T16912]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1727.864057][T16912]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1727.871350][T16912]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1727.878960][T16912]  drm_ioctl_kernel+0x27d/0x4e0
[ 1727.886921][T16912]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1727.895322][T16912]  ? drm_setversion+0x8b0/0x8b0
[ 1727.903809][T16912]  drm_ioctl+0x51e/0x9d0
[ 1727.911263][T16912]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1727.922421][T16912]  ? drm_version+0x3d0/0x3d0
[ 1727.930435][T16912]  ? __fget_files+0x23d/0x3e0
[ 1727.936601][T16912]  ? security_file_ioctl+0x5c/0xb0
[ 1727.946528][T16912]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1727.956169][T16912]  ? drm_version+0x3d0/0x3d0
[ 1727.964541][T16912]  __x64_sys_ioctl+0x193/0x200
[ 1727.971581][T16912]  do_syscall_64+0x35/0xb0
[ 1727.977687][T16912]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1727.988982][T16912] RIP: 0033:0x7f2c65d45ae9
[ 1727.996743][T16912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1728.026018][T16912] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1728.041786][T16912] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1728.057349][T16912] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1728.070986][T16912] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1728.082953][T16912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1728.092959][T16912] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1728.102437][T16912]  </TASK>
[ 1728.129096][T16908] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:08 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x401c5820, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 46)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:08 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x6})

[ 1728.281934][T16920] FAULT_INJECTION: forcing a failure.
[ 1728.281934][T16920] name failslab, interval 1, probability 0, space 0, times 0
[ 1728.305444][T16920] CPU: 0 PID: 16920 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1728.315318][T16920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1728.326783][T16920] Call Trace:
[ 1728.330934][T16920]  <TASK>
[ 1728.335516][T16920]  dump_stack_lvl+0xcd/0x134
[ 1728.340888][T16920]  should_fail.cold+0x5/0xa
[ 1728.346829][T16923] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1728.347035][T16920]  should_failslab+0x5/0x10
[ 1728.362752][T16920]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1728.368518][T16920]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1728.377792][T16920]  ? dma_map_sgtable+0xb3/0xf0
[ 1728.384590][T16920]  __drm_gem_shmem_create+0x3d8/0x470
[ 1728.390738][T16920]  drm_gem_shmem_prime_import_sg_table+0x70/0x100
[ 1728.400763][T16920]  drm_gem_prime_import_dev.part.0+0xf9/0x220
[ 1728.408496][T16920]  drm_gem_prime_import_dev+0xa9/0x1d0
[ 1728.416285][T16920]  drm_gem_prime_fd_to_handle+0x433/0x550
[ 1728.424245][T16920]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1728.431699][T16920]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1728.439846][T16920]  drm_ioctl_kernel+0x27d/0x4e0
[ 1728.447490][T16920]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1728.456947][T16920]  ? drm_setversion+0x8b0/0x8b0
[ 1728.462978][T16920]  drm_ioctl+0x51e/0x9d0
[ 1728.467802][T16920]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1728.474974][T16920]  ? drm_version+0x3d0/0x3d0
[ 1728.479487][T16920]  ? __fget_files+0x23d/0x3e0
[ 1728.484350][T16920]  ? security_file_ioctl+0x5c/0xb0
[ 1728.490452][T16920]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1728.500174][T16920]  ? drm_version+0x3d0/0x3d0
[ 1728.504862][T16920]  __x64_sys_ioctl+0x193/0x200
[ 1728.510831][T16920]  do_syscall_64+0x35/0xb0
[ 1728.516024][T16920]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1728.524147][T16920] RIP: 0033:0x7f2c65d45ae9
[ 1728.529989][T16920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1728.554219][T16920] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1728.565392][T16920] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1728.575759][T16920] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1728.587999][T16920] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1728.597991][T16920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1728.607671][T16920] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1728.618537][T16920]  </TASK>
18:13:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4020940d, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:09 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 47)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80086301, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1728.911676][T16929] FAULT_INJECTION: forcing a failure.
[ 1728.911676][T16929] name failslab, interval 1, probability 0, space 0, times 0
[ 1728.929966][T16929] CPU: 0 PID: 16929 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1728.943467][T16929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1728.954699][T16929] Call Trace:
[ 1728.958933][T16929]  <TASK>
[ 1728.962929][T16929]  dump_stack_lvl+0xcd/0x134
[ 1728.969385][T16929]  should_fail.cold+0x5/0xa
[ 1728.975625][T16929]  ? drm_ioctl+0x51e/0x9d0
[ 1728.982105][T16929]  should_failslab+0x5/0x10
[ 1728.987514][T16929]  kmem_cache_alloc+0x5d/0x560
[ 1728.993695][T16929]  ? __lock_acquire+0x162f/0x54a0
[ 1728.999653][T16929]  radix_tree_node_alloc.constprop.0+0x1e4/0x350
[ 1729.006897][T16929]  idr_get_free+0x554/0xa60
[ 1729.012007][T16929]  idr_alloc_u32+0x16c/0x2c0
[ 1729.017534][T16929]  ? __fprop_add_percpu_max+0x1a0/0x1a0
[ 1729.024102][T16929]  ? lock_release+0x720/0x720
[ 1729.029302][T16929]  idr_alloc+0xc2/0x130
[ 1729.034101][T16929]  ? idr_alloc_u32+0x2c0/0x2c0
[ 1729.039777][T16929]  ? rwlock_bug.part.0+0x90/0x90
[ 1729.045569][T16929]  drm_gem_handle_create_tail+0xf6/0x570
[ 1729.052566][T16929]  drm_gem_prime_fd_to_handle+0x29a/0x550
[ 1729.061360][T16929]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1729.067698][T16929]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1729.073903][T16929]  drm_ioctl_kernel+0x27d/0x4e0
[ 1729.079761][T16929]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1729.086577][T16929]  ? drm_setversion+0x8b0/0x8b0
[ 1729.092164][T16929]  drm_ioctl+0x51e/0x9d0
[ 1729.096888][T16929]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1729.103579][T16929]  ? drm_version+0x3d0/0x3d0
[ 1729.108560][T16929]  ? __fget_files+0x23d/0x3e0
[ 1729.113798][T16929]  ? security_file_ioctl+0x5c/0xb0
[ 1729.120425][T16929]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1729.130085][T16929]  ? drm_version+0x3d0/0x3d0
[ 1729.136258][T16929]  __x64_sys_ioctl+0x193/0x200
[ 1729.142660][T16929]  do_syscall_64+0x35/0xb0
[ 1729.147593][T16929]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1729.155124][T16929] RIP: 0033:0x7f2c65d45ae9
[ 1729.160973][T16929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1729.186241][T16929] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1729.196358][T16929] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1729.205332][T16929] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1729.213694][T16929] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1729.223715][T16929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1729.233888][T16929] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1729.244799][T16929]  </TASK>
18:13:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80086601, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:09 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x80087601, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:10 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 48)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:10 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x7})

18:13:10 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x801c581f, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1729.665670][T16944] FAULT_INJECTION: forcing a failure.
[ 1729.665670][T16944] name failslab, interval 1, probability 0, space 0, times 0
[ 1729.699678][T16944] CPU: 1 PID: 16944 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1729.712543][T16944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1729.725611][T16944] Call Trace:
[ 1729.730925][T16944]  <TASK>
[ 1729.734449][T16944]  dump_stack_lvl+0xcd/0x134
[ 1729.740340][T16944]  should_fail.cold+0x5/0xa
[ 1729.747292][T16944]  should_failslab+0x5/0x10
[ 1729.753850][T16944]  kmem_cache_alloc_trace+0x5c/0x4a0
[ 1729.760954][T16951] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1729.761641][T16944]  drm_vma_node_allow+0x4e/0x2e0
[ 1729.761737][T16944]  drm_gem_handle_create_tail+0x22b/0x570
[ 1729.761779][T16944]  drm_gem_prime_fd_to_handle+0x29a/0x550
[ 1729.809377][T16944]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1729.819348][T16944]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1729.828809][T16944]  drm_ioctl_kernel+0x27d/0x4e0
[ 1729.836709][T16944]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1729.846566][T16944]  ? drm_setversion+0x8b0/0x8b0
[ 1729.855435][T16944]  drm_ioctl+0x51e/0x9d0
[ 1729.861670][T16944]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1729.871230][T16944]  ? drm_version+0x3d0/0x3d0
[ 1729.878418][T16944]  ? __fget_files+0x23d/0x3e0
[ 1729.885586][T16944]  ? security_file_ioctl+0x5c/0xb0
[ 1729.892350][T16944]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1729.905825][T16944]  ? drm_version+0x3d0/0x3d0
[ 1729.914121][T16944]  __x64_sys_ioctl+0x193/0x200
[ 1729.919096][T16944]  do_syscall_64+0x35/0xb0
[ 1729.926158][T16944]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1729.934217][T16944] RIP: 0033:0x7f2c65d45ae9
[ 1729.940767][T16944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1729.973289][T16944] RSP: 002b:00007f2c632bb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1729.984219][T16944] RAX: ffffffffffffffda RBX: 00007f2c65e58f60 RCX: 00007f2c65d45ae9
[ 1729.995786][T16944] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000004
[ 1730.009739][T16944] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1730.021942][T16944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1730.035343][T16944] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1730.047262][T16944]  </TASK>
[ 1730.096457][T16949] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:10 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0045878, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:10 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0}) (fail_nth: 49)
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:10 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x8})

[ 1730.216485][T16957] FAULT_INJECTION: forcing a failure.
[ 1730.216485][T16957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1730.239164][T16957] CPU: 2 PID: 16957 Comm: syz-executor.2 Not tainted 5.16.0-rc2-syzkaller #0
[ 1730.253609][T16957] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1730.275303][T16957] Call Trace:
[ 1730.282527][T16957]  <TASK>
[ 1730.288093][T16957]  dump_stack_lvl+0xcd/0x134
[ 1730.295842][T16957]  should_fail.cold+0x5/0xa
[ 1730.302800][T16957]  _copy_from_user+0x2c/0x180
[ 1730.310429][T16957]  kstrtouint_from_user+0xb5/0x240
[ 1730.317782][T16957]  ? kstrtou8_from_user+0x210/0x210
[ 1730.328105][T16957]  proc_fail_nth_write+0x79/0x220
[ 1730.333813][T16957]  ? proc_task_getattr+0x1f0/0x1f0
[ 1730.339675][T16957]  ? proc_task_getattr+0x1f0/0x1f0
[ 1730.344843][T16957]  vfs_write+0x28e/0xae0
[ 1730.350577][T16957]  ksys_write+0x12d/0x250
[ 1730.357066][T16957]  ? __ia32_sys_read+0xb0/0xb0
[ 1730.363150][T16957]  ? syscall_enter_from_user_mode+0x21/0x70
[ 1730.370584][T16957]  do_syscall_64+0x35/0xb0
[ 1730.376522][T16957]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1730.390652][T16957] RIP: 0033:0x7f2c65cf85ff
[ 1730.399738][T16957] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 1730.434213][T16957] RSP: 002b:00007f2c632bb170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1730.446754][T16957] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2c65cf85ff
[ 1730.458697][T16957] RDX: 0000000000000001 RSI: 00007f2c632bb1e0 RDI: 0000000000000006
[ 1730.472111][T16957] RBP: 00007f2c632bb1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1730.483060][T16957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1730.493533][T16957] R13: 00007ffd929bcbdf R14: 00007f2c632bb300 R15: 0000000000022000
[ 1730.502078][T16957]  </TASK>
[ 1730.506606][    C2] vkms_vblank_simulate: vblank timer overrun
[ 1730.632959][T16963] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0045878, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x9})

18:13:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x2, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c64ce, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1730.956063][T16974] FAT-fs (loop1): Unrecognized mount option "	" or missing value
18:13:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xa})

18:13:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x10, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc0189436, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1731.189050][T16982] FAT-fs (loop1): Unrecognized mount option "
[ 1731.189050][T16982] " or missing value
18:13:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x1267, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:11 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc020660b, &(0x7f00000004c0)={0x0, 0xe, r0})

[ 1731.335851][T16982] FAT-fs (loop1): Unrecognized mount option "
[ 1731.335851][T16982] " or missing value
18:13:11 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xb})

18:13:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc020f509, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x2284, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1731.559765][T17003] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc028660f, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:12 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xc})

18:13:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b47, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1732.103584][T17009] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4b49, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:12 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x2, r0})

18:13:12 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xd})

[ 1732.368467][T17025] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1732.522182][T17025] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xf})

18:13:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x3, r0})

18:13:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4c00, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1732.691759][T17032] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x10})

18:13:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x4, r0})

18:13:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x4c01, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1732.900456][T17039] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x5, r0})

18:13:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x541b, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x11})

18:13:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x6, r0})

18:13:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5421, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1733.155925][T17055] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x7, r0})

[ 1733.285590][T17055] FAT-fs (loop1): Unrecognized mount option "" or missing value
18:13:13 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0x89})

18:13:13 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x8, r0})

18:13:13 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5450, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1733.558546][T17069] FAT-fs (loop1): Unrecognized mount option "�" or missing value
18:13:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x9, r0})

18:13:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5451, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1733.675774][T17069] FAT-fs (loop1): Unrecognized mount option "�" or missing value
18:13:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xa, r0})

18:13:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xd8})

18:13:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5452, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1733.983780][T17086] FAT-fs (loop1): Unrecognized mount option "�" or missing value
18:13:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xb, r0})

18:13:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x5460, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:14 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xc, r0})

18:13:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x6364, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:14 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xd9})

[ 1734.417459][T17100] FAT-fs (loop1): Unrecognized mount option "�" or missing value
18:13:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xd, r0})

18:13:15 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xda})

18:13:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8913, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1734.739000][T17115] FAT-fs (loop1): Unrecognized mount option "�" or missing value
18:13:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xf, r0})

18:13:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8914, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:15 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000)={[], [], 0xff})

[ 1734.962121][T17124] FAT-fs (loop1): Unrecognized mount option "�" or missing value
18:13:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x10, r0})

18:13:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8923, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:15 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="357adb3f45c6c431db154de89b1bafa47c543b0888e8386230accd2540e301780ae75f285fdea7c15c80b9a5b4b135e37de95dbbcb79dd8bf1d6acbef9b9b5d2964911c9d8421fc4083d25041b024d68e6dc63d1e325a8fefecc67d83fc38fa213e59c6295bf791dcc2e873f015ecfa784932b58ac0dc2803f35a77c64595c3f03f89de751fa131ab0a3bc569a08620ad05279361425bcdca2d1e90d9274f292cf19ae39b6adec0c91661417"])
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_delvlan={0x40, 0x71, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xf}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xe}}, @BRIDGE_VLANDB_ENTRY={0x10, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_TUNNEL_INFO={0xc, 0x4, 0x0, 0x1, @BRIDGE_VLANDB_TINFO_CMD={0x8, 0x2, 0x13}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000080}, 0x4001)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/power/pm_freeze_timeout', 0x327181, 0x23)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000002c0)=0x2)

[ 1735.178822][T17136] FAT-fs (loop1): Unrecognized mount option "5z�?E��1�M���|T;��8b0��%@�
x
[ 1735.178822][T17136] �_(_ާ�\�����5�}�]��y݋�֬����ҖI��B�=%Mh��c��%����g�?Ï��b��y�.�?
^ϧ��+X�€?5�|dY\?���Q����V�b
[ 1735.178822][T17136] �Ry6%�ܢ��t���9����f" or missing value
[ 1735.217106][    C2] vkms_vblank_simulate: vblank timer overrun
18:13:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8933, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1735.356062][T17136] FAT-fs (loop1): Unrecognized mount option "5z�?E��1�M���|T;��8b0��%@�
x
[ 1735.356062][T17136] �_(_ާ�\�����5�}�]��y݋�֬����ҖI��B�=%Mh��c��%����g�?Ï��b��y�.�?
^ϧ��+X�€?5�|dY\?���Q����V�b
[ 1735.356062][T17136] �Ry6%�ܢ��t���9����f" or missing value
18:13:15 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0x5d, r0})

18:13:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x8935, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:16 executing program 1:
r0 = perf_event_open(&(0x7f0000000100)={0x4, 0x80, 0x6, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x20, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x7)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000))
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000040))

[ 1735.611426][T17153] FAT-fs (loop1): bogus number of reserved sectors
[ 1735.622360][T17153] FAT-fs (loop1): Can't find a valid FAT filesystem
18:13:16 executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x900, 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r5=>r3, {<r6=>r3}}, './file0\x00'})
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000140), 0x106, 0x1}}, 0x20)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x1f, 0xffff8000, 0x74, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_SETGAMMA(r5, 0xc02064a5, &(0x7f0000000340)={0x0, 0x8, &(0x7f0000000280)=[0x200, 0x3, 0x20, 0x9, 0x9, 0x7, 0x2, 0x8], &(0x7f00000002c0)=[0x3, 0x7, 0x7ff, 0x6c, 0x7ff, 0x7ff], &(0x7f0000000300)=[0x9, 0x8]})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000240)={r7})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r0})

18:13:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x89a0, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:16 executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2, 0x0, 0x8366}, 0x0, 0xfffffffffffffffd, r0, 0x0)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='timer_expire_entry\x00', r0}, 0x10)
r2 = getpgrp(0x0)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0xc0, 0x4d, 0x0, 0x8, 0x0, 0x3c, 0x10000, 0x4, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xc6, 0x1, @perf_bp={&(0x7f0000000200)}, 0x9002, 0x1f, 0x10000, 0x7, 0x3ff, 0x800, 0x5f, 0x0, 0x7f, 0x0, 0x4}, r2, 0x7, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000080)={0x5, 0x80, 0x79, 0x26, 0xda, 0x19, 0x0, 0xe79, 0x401, 0xf, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x40, 0x4}, 0x48408, 0x5, 0x1000, 0x2, 0x36c, 0x7, 0x9, 0x0, 0x7f, 0x0, 0x81}, 0x0, 0x4, r1, 0x0)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x1, 0xff, 0x4, 0x8, 0x0, 0x81, 0x208f0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f00000002c0), 0x8}, 0x5030a, 0x7, 0xeaa, 0x4, 0x0, 0x200, 0x7, 0x0, 0x2, 0x0, 0xf693}, r2, 0xa, 0xffffffffffffffff, 0x3)

18:13:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40042409, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

18:13:16 executing program 1:
r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=<r1=>0x0)
perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x2, 0x4, 0x3, 0x2, 0x0, 0x7fff, 0x47000, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000040), 0x4}, 0x80, 0x2, 0x4, 0x7, 0x5, 0x1, 0x9, 0x0, 0x2, 0x0, 0x94}, r1, 0x4, r0, 0x0)
chdir(&(0x7f0000000000)='./file0/file0\x00')

18:13:16 executing program 3:
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000340)={0x7fff, 0x0, '\x00', {0x0, @reserved}})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x200, 0x0)
close(r1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x9, 0x1, 0x2, 0x0, <r5=>0x0})
close(r3)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00c642d, &(0x7f0000000100)={r5})
r6 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001940), 0x301000, 0x0)
r7 = fsmount(r1, 0x1, 0x64)
io_submit(0x0, 0x9, &(0x7f0000001a00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2, 0x5, 0xffffffffffffffff, &(0x7f0000000500)="5ae0346c67980f6e2df6cc743fef0ade324c08764e2d654349fcb4c1e26cd7a02319619cdeb88bd89d7f4c1fd58e90f50fdbc3a0773721980b0c8b4dbd94eeb209e5528778e4322cab844596fe874f36e92e78a63878ac3661f933cbc92b8d84dbde9c4e89979b03b318d7c6032a04873ce62c1ae573075155ab024a3658cc6398bab6019e491d93e327ea68710cb31d9054540ad780af7b414576f5a4ba513f31f20137f6c4a27fb0b162a3133e6cac1965758e38cbc2cbae0c4c4b2a9baa2cecff378511bbd172a51dfdf1eb3b9b2d76ee93cc967bb65607a99a6240b8483c5c552bbd4787f27da97a122516431c567f0ea4d98f351e65343d2523e9ea1f54de8d8ab643df611f964717a6a0957e8a2fead2f328d18df3562426acc13efab63c0aedd4abb96b509708ce551dd0d82f4a55167c442288ddf8000ecd221b7fa4536a95daff4d392f854d9726b359cea2a7975e16308a755e8a8b584f0ed99bed6c01e6b3e9ba2aa6335995f7f9a6eb7c1ed30cb4f92377c38460a39de1f5758c02d6ad09c00309d6a078ea823cf14c56effdd3fc2a910f8be9deab1d6a54cc008883965a3ed7ca3d7c1a63a8c4b16d3b4da5fcc9fa393a189fc5766ae50d81efc90f3c3105afdaea3352842a249b7250285ee444a2ecce99e4235bf4a092dcad1d897b578f750b7e74ef4f77c123c7c01078b42e7d0c108c4c4f26de1aa42260c2251dcd24e49ea571e11088b12796eddb42a1d7bf0087f3d5052075c023d98ef50dd38358fe5d2e4c8669b4e0cce6578bcb87a382c4e43fa8db84c2975ddc8fcc9f2ba4a18c2f2d584af2ac6386ee76b8194a442aef44d5f491fa5f620afe2883db04c6ae3ff8a25556ff973e19b7ce3a757735e14efd74a3e71b7864d1460f95806feb6d84fc1542d080792b72ea8468c5762540e19b14e32bc5a8162ba4563b41854ce05cbeba102e75a9a5b98ab52e012acfd2eb0d2b37b0e52cd45235491aeaf48661953dee31778c7a95e995bdd5f52921a50c012f96359cbb83f1fe0a0bde5f828ebf7fb1c1ce8bcc0154af6c02729453d73ef14dc3eae4f4321263f9b211afaaf31f8cc03eaff23a1d86513cc638b35699e6af4db1be2c3b235b5482ed13c8b29391732c10d3f70cb05c50507c89da69ff0f5465d7e6e8aa6c290943acb789ce2b74428eb9bb009a06b4b35c9d7078bbdac0f2636b7d6ddb9683dbcd0442cf8e238b0edb1c0c379bf5e1942e1256ce2c973c334fc77c03c1d639cff3d9284922ef4c9e947c723d38483d009164abfdb30df662f415519da394ab173eeefd9f76737a1121627b517901e5ce4bed9a57b5d656bb4845687e848241a7f7b615b51389fd924084cca7ded3c0ce541c269fedaad859c14ed5156e6f0a76979483ffe925afe3a1a780b8d8accf48ee08deda8a149d4b68906cecf620ce5538f098ccd22aa17c6d672693a8a5a04db19eafdbaae42d382c86b41ad8489e751a4b0269b90674d1e39f36e851d696ac7ce0d1576a9e612b574f6bc8989e8d0a6ed9f8e069de0a8dc854275ea9ce34e919bb61e607db3c008edde09a1a3f28157681bb3e9ca0796663457b051f032d71b70fa51a8f8eab7ee4e13c81f7bece6f8a3ce5da262af56a7fd53130e48ebd905bbf60cccbe7d38c466f0034d49624cccd3090509e403d23bb3f08fe01298221cf573942ca65b84f05b25ddbb383000d5126f26106f5cef8109f45ffbc9d3a0fe26c2e4a9761877235289f450caf19cf63d48c120c72a6ed9c92cf4e41e05a8edf5d0ba840cbc0c3c7cc6d29ce045025832f8e2abae6d2585c97051691b0ab83843a1b689fbd37ccb31d4c5368fbdbe9679b92363c3f211b69a3122eb0c2de5c4a1075240fc607a367193cf16b42d5a1b75b4053e52a1d12ec26db38caec4efa0ce06d4bb8a8cf5751b3381c90bb312d9c2b6b0cd92667fd3e3ed01bb7a19064dbae3511d88350c7182271b7297a58b05ecbd858ad2001d88fb8d84832540f1eec14164ed9367f5a4266bddb9d0e97013d13482ef740296245026f9b3b894a816a3da84c2b5e32a08e38ade494840550261227c7655674936c11e9f9d094182e1fa8f51ef942291dc08da307d6f56d2ee80ab6503ae4001beea765d88d49b0ab340fd13f1f02d49b03ed3072e2ecf7987ddcfd811cbbdce126421ee62ab3d29b131e86440011a21b9ec4158a99d257a23a99ef2ff19d4f785180c52b2628c92f068e3b80e11599e26a3eb8819dba3876f0ce105e4abeaaa94ae8d1159d3b8ac4aa9535ca67837686a35912d159984187eba4ad3f7559243cbf7846e1c13009e2cc4c0615f0065f9384f359a8635517abb0de17ee174c5433664e0ac28dbf26d5912f2242f60e4b5928fa8170e7bf5e7df8e4f4802de3c348ae6ac566a9d1f7b1bd9ef94f093440b83f269c8ada639ec002267c45eca4c596e60a3ecce8c2f5bd60cc2cb65611d55974a892e1b89f04a36a05821c49eeada9f2f1bd88959386c9ed48d681380e70468befdc3a6fb2157ddbc46070805c268fdb0beb319c650ec7f0b61fc7e6d40ae294841dd16a2bc123c205808d39ce09b3bbe3c4d227d3e2390f68e48791790f85a0f1c5d1da40f82d0492a147f288033575398dfa62f84917d3fb76502a0a827175b811a019ee610ef338bff0b13adbd21ea86fa381041cc5c1060c4dfdad26d7590ccbaedc9d1a717e5f8243551122c9379721096a41b262bc250327b51ff0bc4ca33f76056361dd30d183086d1421387f03324b5d36ba6a5e662fac28fc3b15fbe6865521dbfe93dc28abd37671317ff71041542b6bc87a6f383755c93c6bddb858c16846407254883825dad757e964114df1c535c7bef0b781545b52c848f00fb0cd5a962d94c4dc3677cec26270b649fb8a17c3ba3480bb84118bcfb2fdb5c888ef80b6a2b534da187e841e5b6777f37e7dee668359e1cbb72479cf63ecca405feb9ac89501ca44c5b91e6b9195fe2d06ca531a8beb2d3dd6d2c14ac6230623a5ab6fe65990c7f4d07c920b07eca9b4949f3c54eb8a742d7a7cbf015355799733320876d9a7565fb135feeb4c2678581f37f2d7a5cd20ffb9df6358eff48c08f018bfc4a3b7a230cc844de65fc83ba51eb9ddb290270b73669beb8ce49bc49191d48ce49fbda50f0ca6a5064c39fb8d41c848862bbecbdfe23e9bdad604b67350b9a5aa4217785986274fa21e70d22bc31b4f276d160383ab7b1ce922b1115f92bed9859344b6d4ac01813f1610f65bd416772b8ede5163d6868102031ab0dce685657b627b36a638cafd309448e4bf0654d743ac5f150107ced496f4b4dc20865f358d6b26c3e64ed46d677d0cdebbfde8812d4e5eef131a47f12cdbd820ee094039063008c7f19d46521e7156fe120fd647d5f421817d1398636716e9812dd2660967150f4c7aad07b68e0b06115d5b065adb5813b7bf4438c678fbd2c7691ef01232cfd3d1b3a101d1eb5b2469c695ea7ab80dba8a9ea61cae5868d13df3b6bed3cc139f1b4332564c2568b7b96d0035569100647fac1c5aa3532d24930759f0a4e5a19c3c2a622594acfc9f3c4d955923e65ca4d39e5caedc6e93dabd766b3920b3884b46d406b4e8300a5a301492de1b103ffea31d04592a7e7b2b0cdde12a38522a21ba7a0eaafcf2348212c01e3ab0d143dcea6fde8d933a9c71013c816f9b18b500e84d26e1a52c7f58c52a124b95fc4c5bde453ba92636af6d1c8f89587faec2133b258be809549d91211c782104f43ab1c44b022916051c271e87018f8dea8b29fb99fc98b6bece8ddcffabc0cc8dc1f6db049f26d7197ad5467049f5ceefdd23577d7863a4580dfaffcd33710a9d1efc10a886624c980f62470e7205d0d448d4af5b1b3928b5451185d292f312be5688cc95bff2579f7be14eeda008ab2f3957c431e11a45f079a57db23e4bc74ab2c29cf60ac67e83a189a72c65541dc79effd49f22a9943b36ce7fdb2f48ebb1da94beac70f141cdcccfebc1e91ec2bacee50dafc3a95f77b876b94da52ab16310f6019db9a984d3f7eaf66279c3e4f3e8bc3571962d30b2ab6f9dc457d096092eb88494c842cac8dd90b858e8ebd02941032f8a46bde93d46a6c8f0a500840d8c147611ab0ceb0c6e4d6e07a2de9c666f7157fc15005aaa4e00e625dbd9d33949a02b0268d02eaa73abad625fe14e38b385dc2ad90c8e542559914459ca231d4ecc3771c46a907f302ee8090e6d783ba6e5eeaeefd980beee0e7456e5b9dac4f5ca52c3f37ea03e9ec63f58389c5b27cea3037a9d768063a68c3fa9f3fbe40342f017096aa89241c2400e9ba2517e971d84763df8dbb2d9a70a4f3c16df0d2b82299d7abcd102fd0c74c236990214ff50f6d7f103bc17a984853decf63fafc31f4d91290966fc8d9c4b7e123e4a1052ff4d2064c24d56817233388bbc9da94197bc5a921f729cc38c68e508fe78831f54758d8a49b173d5230da54b3703fc1027e42034e3713b64695383aa1bde52af2f478f84bba8ff208f810e8c4252b0e0435ae0368aa93bf61c4f3c689477f2883932ee51e40efcae0339d5bfaef5dd9b9392ca18d3ff423dc242e81a9dd879e63089f2c25acebe2d11514a602a1261b2ec6a31f1d705de9ce50c9575e672a365eef1634f5baa3d6fcc7bc6eb1905291c1daaa8a2a1748ffb38edfd899fc2eac227996d8f6c0e00a03bc10e420dadee9d932e2dfc9f4574c13bef19c142e6b355003184b8b4e487470f9246542aacc16b881d8c97e45a5c928bd372ddf4a26ee91be47f72444f56763219fdbd5e0594c2149c442b2a40d1f70a1a5f9de0da6547406b5c7d3cb4aed2910c441551e9295eb31322fd7c8a7f3fa50fcf8e69fabecaf53594e3dd43e8f3db22a028d5cc4263a531e4482e407bf70b85e3874f2745999c79cb7763ba5be665b91393382b802141bdc6b794aed6da3fbc91bdab7e1e1f9ec31c11d5bd3d89e38b328e1a21e606faa69a9ecf46db2d7a7f59ec3fc679d124446646f232b02c9ccc32714fb9aced0619f4cb1f8a55b01b7add25cc673ddda1fad481ae2fc9b554c9315653c2e0398f5e0b32fafc8e30ce23cb1caf85e9948282dc1cd5200362cfaf45fe7b1caba91f53f578375523250e4fea7ef185d3900e8b97290d65bd031fca7c65d8d9a6b1d932ede91bd79118b641b4a00edc9cb2478ad93c06dc1a79025a57767ded06e770dee6184e3eb1bb465343de1866e979548b0525b9943303c4e2fbc6ce19bedd18865e9e49dad0843f5935df73e51f42b0c695a79684c1ee2a4310a025f968dd55f70bebeaff7ee84f4bc2110bbc4bd596ce480f690884f9e8e407c9c1a78e4604bef700821021a6dd67354e6c6dd1154d892b5646ce666aae880c9b3fefa7bc2b047af0f02d28cc7bd934c6e84241e620f46bd8d91c3858e9f03a8c1aaa02d06f6c13a881f16d8bf83de4cf2fcca811c281206601b92a9f821884f52e1037d5ffb374b422b4bce96f65252c711f829a9b83a2512275c5f0a1d43a03831ba2f13bb62d389e9d60f6f01d531b28c39bcd4b47c25af71c77ccdac583c14efd7930e0748779827b9e55681b1c995d31420619f5969bfdd586c14e8da86e8ad9d17196e122e9801626bed737bfef683d02d9c297f9a3eea050039d3d1693e407a834def5f1bfe7677ccc088ae0f17a8a40a848b17447a098d210f5946113fb341bffe8b9cbc599e8472908b77370c38072847c99a1d5446a04fcc87d900a1bafd0774631d25996c2c671f092105bc285884335f77bde", 0x1000, 0x40, 0x0, 0x2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x3, 0x7, r0, &(0x7f0000000400)="7b50162bcbfff115d2a3b85d1ff0acdce6a41fdc05c4bca7e25b1965fa66e6d2e059b5a1d675e51d0d88b38f4fc2db7726e06a7ff9066bc0f944ec0f37dc686853b5c02273a7de08fc2a2b567abd57864d45efa6e132473792fcb2bd915d9985dd6e05ae1a98b608db625a0e6dcef020fb9410380b9af45e6adffc2e0b304e3e194688549d98c90feedc0caf80157a7fb9064452dd257081baefbfb731f89c02e07f265f005ede8072b1862ecac2865154196439727979e5ae708aedde85", 0xbe, 0x30816185}, &(0x7f0000001540)={0x0, 0x0, 0x0, 0x6, 0x8, 0xffffffffffffffff, &(0x7f0000001500)="300638bf0d814895f0b86b41edafc44e3b1bbca445429618eff7b9e424f7d52c11a790d46c32b86a8b2040d42e04", 0x2e, 0x9c3c, 0x0, 0x1, r3}, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x9, r0, &(0x7f0000001580), 0x0, 0x5, 0x0, 0x1}, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x7, 0x3f, r1, &(0x7f0000001600)="f4fc28f977c17aac52e0958df5e7d080f40d9e47813b1c93cb208497decbb8e322427b9aa70fa637305138163c011a462ba6339d74a88f739fee0c7a7524b8f1ddc6adbc7399c617e22c02e70fad21ab908a1eff48f00849ff33f4aa9f8c1546d0f209c061db816181a1c202ff6250a9b0015e37945a9a078608d5621fe0f5734781ae461f91f9de28f1981a6dfd68a2890453ac5e1ebdb5958d97a442ecde3919e418fa7c334091d2b2545e82218a1ecedbcf86ae1d60fe19f7104ed8ae138f9185fa3fa8effbf8", 0xc8, 0x6, 0x0, 0x1}, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000001740)="77ef110bbaca3f2b54e29ab13b5403", 0xf, 0x3, 0x0, 0x2}, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x5, 0x17d, 0xffffffffffffffff, &(0x7f00000017c0)="44e11efa7535b7721a2795be02b7c1b9b9daa693cbe597b39d851976df13390d195126d01073bdf28f4285392c7b7a", 0x2f, 0x9, 0x0, 0x2, r3}, &(0x7f0000001900)={0x0, 0x0, 0x0, 0x3, 0x3b64, 0xffffffffffffffff, &(0x7f0000001840)="54697d05e9dca1a9941f68432dcaffc286397e6fa621db9a7cb2bce863ed2072dfcc9a67c397f6c58980706977b66577865519adcd9237fa3a087b379106654d1d1f2faacb7e3e28a0e00b714caa4cbc82eb2767e0f4ebe425370df1113c304ce031db6fe04aea8ad905d2e3fd4f2152760d330e7ca2814a6550d3239828c20b17a0db53f72e", 0x86, 0x8, 0x0, 0x2}, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x2, 0x9, r6, &(0x7f0000001980)="52011b403e8e7e74a4f648982e0dbe84318bd80e03206e599a667b8768b46ad0f6", 0x21, 0x8, 0x0, 0x0, r7}])
r8 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_SET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="10fcfff20f4170af5eca745f9949df0000000000006900d4a3c31fc70972f36f57ffe29fb14fc6dd200c37b59b2a53ca61b1c6b38a36ba"], 0x10}}, 0x0)
r9 = syz_open_pts(r1, 0x202000)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r9, 0x941c, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000001cc0)=ANY=[@ANYRES32=r8, @ANYRESDEC, @ANYBLOB="01000000000000f9bceffc1296a3c1e2ca3e3402d202", @ANYRESHEX=r1, @ANYBLOB="2c63616368657461673d272c7393a0f93a47ef2c993d2d2f2c6f626a5f75736500002f6465762f6472692f632de79604002c686173682c00610561fc6c8d7c4f93e634029c2405f79cd5216a99f8b23d8072c5544d166756eb228f9d5c4396e86a7e355e900c36c895739aa1f6f62b5e11b7443c8d1eff6271ba9356153f081856a55ec393a4c8d3fa4ffc00265c3e6334d86f77a3fd543d35fb4067aab6e4b0c733779dffa33bc44ac1f0f9f33db094c57a5fffafb8c0d39c56d0a1450beb3d1878a8dbc29d800ddaa75a980f6226207ab6124ce0569e41b719a433b1cfade6da7f19792c1dc787969afc9273aad02a60bddd2dd94145a9cc5228181780aff6b63a4191a063a9fb5d0a180b9f99368d582df1528c353b845836565b2c9bba30b490e7b0206fbd3904c527293b4bb2c01a7c5cae54ef419ddcbb08e989e55194849aac064d076463205180dbc81142a4c499d92b9ed3647e56158498c7942277d4ad8bde4c563023dd456d3a1376778f5a95ec1d1f78c1154699ad0a14a6b5f998249ff2a9ea177c02aef9f847321602a56a486ccda4a2f1cb7f07a33bc323e0cc29a900386db0dcb824f6fd344d26426e30657463907e88c55ec02700"/460])
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000004c0)={0x0, 0xe, r1})
ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, &(0x7f0000000280)=0x3f)

[ 1735.982429][T17169] ------------[ cut here ]------------
[ 1735.989542][T17169] WARNING: CPU: 2 PID: 17169 at kernel/dma/mapping.c:188 __dma_map_sg_attrs+0x181/0x1f0
[ 1736.001253][T17169] Modules linked in:
[ 1736.044460][T17169] CPU: 0 PID: 17169 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0
[ 1736.057473][T17169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1736.071305][T17169] RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0
[ 1736.083837][T17169] Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d 70 6d b1 0d e9 db fe ff ff e8 86 ff 12 00 0f 0b e8 7f ff 12 00 <0f> 0b 45 31 e4 e9 54 ff ff ff e8 70 ff 12 00 49 8d 7f 50 48 b8 00
[ 1736.132994][T17169] RSP: 0018:ffffc90002c0fb20 EFLAGS: 00010216
[ 1736.186580][T17169] RAX: 0000000000013018 RBX: 0000000000000020 RCX: ffffc900037d4000
[ 1736.202808][T17169] RDX: 0000000000040000 RSI: ffffffff8163d361 RDI: ffff8880182ae4d0
[ 1736.220000][T17169] RBP: ffff8880182ae088 R08: 0000000000000002 R09: ffff888017ba054f
[ 1736.237802][T17169] R10: ffffffff8163d242 R11: 000000000008808a R12: 0000000000000000
[ 1736.264548][T17169] R13: ffff888024ca5700 R14: 0000000000000001 R15: 0000000000000000
[ 1736.275774][T17169] FS:  00007fa269e34700(0000) GS:ffff88802cb00000(0000) knlGS:0000000000000000
18:13:16 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400448c9, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1736.312443][T17169] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
18:13:16 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x8, 0x71, 0x8000000000001, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000))

[ 1736.347982][T17177] FAT-fs (loop1): bogus number of reserved sectors
[ 1736.358772][T17169] CR2: 000000000040c120 CR3: 000000006c77c000 CR4: 0000000000150ee0
[ 1736.381297][T17177] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 1736.390509][T17169] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1736.421991][T17169] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1736.461838][T17169] Call Trace:
[ 1736.466979][T17169]  <TASK>
[ 1736.471217][T17169]  dma_map_sgtable+0x70/0xf0
18:13:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400448dd, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1736.508844][T17169]  ? drm_prime_pages_to_sg+0xdc/0x130
18:13:17 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="040b000012"])
r0 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x2c, &(0x7f0000000380)=""/24, &(0x7f00000003c0)=0x18)
perf_event_open(&(0x7f0000000080)={0x3, 0x80, 0x80, 0x4, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x8001, 0x2, @perf_config_ext={0x2, 0x1}, 0x200, 0x7, 0x10001, 0x6, 0x100, 0x62c62c84, 0x40, 0x0, 0x40, 0x0, 0x6}, 0xffffffffffffffff, 0x5, r0, 0xa)

[ 1736.540758][T17169]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1736.551648][T17169]  drm_gem_map_dma_buf+0x12a/0x1e0
[ 1736.557605][T17169]  dma_buf_map_attachment+0x39a/0x5b0
[ 1736.575701][T17169]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1736.606145][T17169]  ? virtgpu_gem_prime_export+0x430/0x430
18:13:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x40045431, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1736.646446][T17185] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1736.671735][T17169]  drm_gem_prime_import+0xc8/0x200
[ 1736.676752][T17169]  virtgpu_gem_prime_import+0x49/0x150
[ 1736.725291][T17169]  drm_gem_prime_fd_to_handle+0x21d/0x550
[ 1736.761701][T17169]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1736.795238][T17185] FAT-fs (loop1): Unrecognized mount option "" or missing value
[ 1736.801654][T17169]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1736.843468][T17169]  drm_ioctl_kernel+0x27d/0x4e0
[ 1736.869766][T17169]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1736.887188][T17169]  ? drm_setversion+0x8b0/0x8b0
[ 1736.941872][T17169]  drm_ioctl+0x51e/0x9d0
[ 1736.947842][T17169]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1736.972954][T17169]  ? drm_version+0x3d0/0x3d0
[ 1736.980165][T17169]  ? __fget_files+0x23d/0x3e0
[ 1737.027721][T17169]  ? security_file_ioctl+0x5c/0xb0
[ 1737.035323][T17169]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1737.044198][T17169]  ? drm_version+0x3d0/0x3d0
[ 1737.051739][T17169]  __x64_sys_ioctl+0x193/0x200
18:13:17 executing program 1:
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x71, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa3c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="002e2f6665000000adf1dc2b55d3ba3b05fe4eeef89a7c343826c07d25ea3e60ed4df09c361b3926fd7c8078e6a8c69e5f071bf40e380862a4ed7bc665fd41db3dcd2942c954ee42f8ce5b60c0ec1c981b7868e3072993099057de1548989107d56476e680a7eeb13264c0eebbe7e0917487f90af19b40231d00fe2c32c12eed508025557599d97215ecf1cf79b2c54426edf0b7bf53771da1d381f7102f5a3994a06b9a6cd1002cebd68430f3ec5f47e8c605b9a8574b1c04cd2925cbe11a3cfe0d0aa80d1692abac0a86ce22977978b293f164e66dce0c491ed4220c7b8bc463f57495"])
perf_event_open(&(0x7f0000000080)={0x0, 0x80, 0x3, 0x1, 0x1f, 0x3, 0x0, 0x10000, 0x28a20, 0x4, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_bp={&(0x7f0000000040), 0x1}, 0x8, 0x7, 0x9, 0xb09676bae37d2854, 0x0, 0x7fffffff, 0x1, 0x0, 0x80000001, 0x0, 0x4}, 0xffffffffffffffff, 0xa, r0, 0x1)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000000))

18:13:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
close(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x401, 0xd4, 0x0, <r4=>0x0})
close(r2)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00c642d, &(0x7f0000000100)={r4})
write$vhost_msg(r0, &(0x7f00000002c0)={0x1, {&(0x7f00000001c0)=""/209, 0xd1, &(0x7f0000000040)=""/14, 0x3, 0x3}}, 0x48)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0x400454ca, &(0x7f00000004c0)={0x0, 0xe, r0})
write$vhost_msg_v2(r2, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000080)=""/19, 0x13, &(0x7f0000000340)=""/7, 0x1, 0x4}}, 0x48)

[ 1737.060775][T17169]  do_syscall_64+0x35/0xb0
[ 1737.067253][T17169]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1737.074473][T17169] RIP: 0033:0x7fa26c8beae9
[ 1737.080960][T17169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1737.110887][T17169] RSP: 002b:00007fa269e34188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1737.122794][T17169] RAX: ffffffffffffffda RBX: 00007fa26c9d1f60 RCX: 00007fa26c8beae9
[ 1737.132490][T17169] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000005
[ 1737.143740][T17169] RBP: 00007fa26c918f6d R08: 0000000000000000 R09: 0000000000000000
[ 1737.159394][T17169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1737.173854][T17169] R13: 00007ffc0019c51f R14: 00007fa269e34300 R15: 0000000000022000
[ 1737.200337][T17169]  </TASK>
[ 1737.211075][T17169] Kernel panic - not syncing: panic_on_warn set ...
[ 1737.220364][T17169] CPU: 3 PID: 17169 Comm: syz-executor.3 Not tainted 5.16.0-rc2-syzkaller #0
[ 1737.232881][T17169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 1737.246230][T17169] Call Trace:
[ 1737.249348][T17169]  <TASK>
[ 1737.253744][T17169]  dump_stack_lvl+0xcd/0x134
[ 1737.259994][T17169]  panic+0x2b0/0x6dd
[ 1737.265923][T17169]  ? __warn_printk+0xf3/0xf3
[ 1737.272616][T17169]  ? __warn.cold+0x1a/0x44
[ 1737.277908][T17169]  ? __dma_map_sg_attrs+0x181/0x1f0
[ 1737.284437][T17169]  __warn.cold+0x35/0x44
[ 1737.290236][T17169]  ? __dma_map_sg_attrs+0x181/0x1f0
[ 1737.296864][T17169]  report_bug+0x1bd/0x210
[ 1737.302247][T17169]  handle_bug+0x3c/0x60
[ 1737.307718][T17169]  exc_invalid_op+0x14/0x40
[ 1737.313305][T17169]  asm_exc_invalid_op+0x12/0x20
[ 1737.319373][T17169] RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0
[ 1737.326624][T17169] Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d 70 6d b1 0d e9 db fe ff ff e8 86 ff 12 00 0f 0b e8 7f ff 12 00 <0f> 0b 45 31 e4 e9 54 ff ff ff e8 70 ff 12 00 49 8d 7f 50 48 b8 00
[ 1737.350983][T17169] RSP: 0018:ffffc90002c0fb20 EFLAGS: 00010216
[ 1737.358580][T17169] RAX: 0000000000013018 RBX: 0000000000000020 RCX: ffffc900037d4000
[ 1737.368898][T17169] RDX: 0000000000040000 RSI: ffffffff8163d361 RDI: ffff8880182ae4d0
[ 1737.379633][T17169] RBP: ffff8880182ae088 R08: 0000000000000002 R09: ffff888017ba054f
[ 1737.389153][T17169] R10: ffffffff8163d242 R11: 000000000008808a R12: 0000000000000000
[ 1737.397334][T17169] R13: ffff888024ca5700 R14: 0000000000000001 R15: 0000000000000000
[ 1737.405515][T17169]  ? __dma_map_sg_attrs+0x62/0x1f0
[ 1737.410689][T17169]  ? __dma_map_sg_attrs+0x181/0x1f0
[ 1737.416164][T17169]  dma_map_sgtable+0x70/0xf0
[ 1737.422070][T17169]  ? drm_prime_pages_to_sg+0xdc/0x130
[ 1737.430511][T17169]  ? drm_gem_shmem_print_info+0x100/0x100
[ 1737.437921][T17169]  drm_gem_map_dma_buf+0x12a/0x1e0
[ 1737.444112][T17169]  dma_buf_map_attachment+0x39a/0x5b0
[ 1737.450888][T17169]  drm_gem_prime_import_dev.part.0+0x85/0x220
[ 1737.458555][T17169]  ? virtgpu_gem_prime_export+0x430/0x430
[ 1737.464729][T17169]  drm_gem_prime_import+0xc8/0x200
[ 1737.471258][T17169]  virtgpu_gem_prime_import+0x49/0x150
[ 1737.478956][T17169]  drm_gem_prime_fd_to_handle+0x21d/0x550
[ 1737.485548][T17169]  ? drm_gem_prime_import_dev+0x1d0/0x1d0
[ 1737.491359][T17169]  drm_prime_fd_to_handle_ioctl+0x9b/0xd0
[ 1737.498083][T17169]  drm_ioctl_kernel+0x27d/0x4e0
[ 1737.504267][T17169]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1737.511744][T17169]  ? drm_setversion+0x8b0/0x8b0
[ 1737.517927][T17169]  drm_ioctl+0x51e/0x9d0
[ 1737.523530][T17169]  ? drm_prime_destroy_file_private+0x50/0x50
[ 1737.531054][T17169]  ? drm_version+0x3d0/0x3d0
[ 1737.535679][T17169]  ? __fget_files+0x23d/0x3e0
[ 1737.540341][T17169]  ? security_file_ioctl+0x5c/0xb0
[ 1737.546750][T17169]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 1737.553763][T17169]  ? drm_version+0x3d0/0x3d0
[ 1737.558852][T17169]  __x64_sys_ioctl+0x193/0x200
[ 1737.563545][T17169]  do_syscall_64+0x35/0xb0
[ 1737.568076][T17169]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1737.574060][T17169] RIP: 0033:0x7fa26c8beae9
[ 1737.578380][T17169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1737.599752][T17169] RSP: 002b:00007fa269e34188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1737.609818][T17169] RAX: ffffffffffffffda RBX: 00007fa26c9d1f60 RCX: 00007fa26c8beae9
[ 1737.618103][T17169] RDX: 00000000200004c0 RSI: 00000000c00c642e RDI: 0000000000000005
[ 1737.628817][T17169] RBP: 00007fa26c918f6d R08: 0000000000000000 R09: 0000000000000000
[ 1737.639502][T17169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1737.653118][T17169] R13: 00007ffc0019c51f R14: 00007fa269e34300 R15: 0000000000022000
[ 1737.666017][T17169]  </TASK>
[ 1737.671630][T17169] Kernel Offset: disabled
[ 1737.678689][T17169] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:13:17  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000000020 RCX=ffffffff815b972f RDX=1ffff110048359a5
RSI=0000000000000008 RDI=ffffffff8ff75a00 RBP=ffff8880241acd2a RSP=ffffc90000e07478
R8 =0000000000000000 R9 =ffffffff8ff75a07 R10=fffffbfff1feeb40 R11=0000000000000000
R12=ffff8880241acd08 R13=ffff8880241ac280 R14=0000000000000000 R15=d89886f1841fd2f7
RIP=ffffffff81bd0cb4 RFL=00000047 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000000c0005fe490 ffffffff 00c00000
GS =0000 ffff88802ca00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fcfe42014c0 CR3=0000000013de6000 CR4=00150ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00ff000000000000ff00000000000000
XMM02=ffffffffffffff00ffff0000000000ff XMM03=00000000000000000000000000000000
XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=ffff000000000000ffff000000000000
XMM06=ffffffffffffff00ffff0000000000ff XMM07=00000000000000000000000000000000
XMM08=65770075253a7325202773252720676e XMM09=00000000000000000000000000000000
XMM10=73737373737375227373255be3e65873 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=0000000080000001 RBX=00007f2c65e5d000 RCX=00007f2c65e54000 RDX=ffff888023100140
RSI=ffff888023100140 RDI=0000000000000003 RBP=ffffea00014e4240 RSP=ffffc90002c57798
R8 =00007f2c65e5d000 R9 =0000000000000000 R10=ffffffff81ab7b13 R11=0000000000000000
R12=ffffea00014e4270 R13=ffff88806bae32a0 R14=dffffc0000000000 R15=00007f2c65e54000
RIP=ffffffff8176ce37 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802cb00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f7bcce27150 CR3=0000000077098000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 2
RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=ffffffff8440c89c RDI=ffffffff907991e0 RBP=ffffffff907991a0 RSP=ffffc90002c0f4a8
R8 =000000000000002a R9 =0000000000000000 R10=ffffffff8440c88d R11=000000000000001f
R12=0000000000000000 R13=fffffbfff20f3287 R14=fffffbfff20f323e R15=dffffc0000000000
RIP=ffffffff8440c8c2 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa269e34700 ffffffff 00c00000
GS =0000 ffff88802cc00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020002000 CR3=000000006c77c000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffff00ffffffffffffffff XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 3
RAX=0000000000000000 RBX=ffff888012f8a080 RCX=0000000000000000 RDX=ffff8880174c8240
RSI=ffffffff81a9742c RDI=0000000000000003 RBP=0000000000000001 RSP=ffffc90001eef8d0
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff81a97508 R11=0000000000000000
R12=ffffffffffffffff R13=ffff88801bcb5000 R14=ffffc90001eefa54 R15=ffffc90001eefa68
RIP=ffffffff8176d317 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 000fffff 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 000fffff 00000000
FS =0000 0000000000000000 000fffff 00000000
GS =0000 ffff88802cd00000 000fffff 00000000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fa269e33d58 CR3=000000006c77c000 CR4=00150ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffff0000000000000000000000000000 XMM01=23232323232323232323232323232323
XMM02=ffffffffffffffffffffffffffffffff XMM03=00000000000000000000000000000000
XMM04=ffff0000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000