538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569", 0xa6}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:22 executing program 1 (fault-call:4 fault-nth:15):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:22 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x10}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:22 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:22 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:22 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0xc00e000000000000, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  339.872142][T25802] validate_nla: 8 callbacks suppressed
[  339.872153][T25802] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  339.883650][T25805] loop5: detected capacity change from 0 to 16383
[  339.893963][T25806] FAULT_INJECTION: forcing a failure.
[  339.893963][T25806] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  339.895498][T25805] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  339.907574][T25806] CPU: 1 PID: 25806 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  339.925491][T25806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  339.931412][T25803] loop3: detected capacity change from 0 to 264192
[  339.935650][T25806] Call Trace:
[  339.935660][T25806]  dump_stack+0x137/0x19d
[  339.949738][T25806]  should_fail+0x23c/0x250
[  339.954274][T25806]  __alloc_pages+0x102/0x320
[  339.955320][T25803] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  339.958861][T25806]  alloc_pages_vma+0x391/0x660
[  339.958897][T25806]  do_anonymous_page+0x16e/0x8b0
[  339.977688][T25806]  handle_mm_fault+0x96f/0x1a70
[  339.987936][T25806]  ? __switch_to+0x14e/0x4b0
[  339.992527][T25806]  do_user_addr_fault+0x60c/0xc00
[  339.997587][T25806]  exc_page_fault+0x94/0x230
[  340.002184][T25806]  asm_exc_page_fault+0x1e/0x30
[  340.007218][T25806] RIP: 0010:clear_user+0x60/0xa0
[  340.012156][T25806] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  340.031946][T25806] RSP: 0018:ffffc9000e8c3de8 EFLAGS: 00010206
[  340.038341][T25806] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 000000000000a600
[  340.046324][T25806] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fbd000
[  340.054344][T25806] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  340.062486][T25806] R10: 0001c9000e8c3e47 R11: ffff88812df28080 R12: 0000000001010000
[  340.070457][T25806] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  340.078631][T25806]  ? clear_user+0x36/0xa0
[  340.083031][T25806]  ? clear_user+0x48/0xa0
[  340.087431][T25806]  evdev_ioctl_handler+0x11ed/0x17e0
[  340.092821][T25806]  evdev_ioctl+0x20/0x30
[  340.097064][T25806]  ? evdev_poll+0x110/0x110
[  340.101908][T25806]  __se_sys_ioctl+0xcb/0x140
[  340.106529][T25806]  __x64_sys_ioctl+0x3f/0x50
[  340.111124][T25806]  do_syscall_64+0x4a/0x90
[  340.115547][T25806]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  340.120913][T25802] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  340.121602][T25806] RIP: 0033:0x4665d9
[  340.133596][T25806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  340.134637][T25805] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  340.153202][T25806] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  340.153224][T25806] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  340.153236][T25806] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  340.164295][T25805] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  340.172658][T25806] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  340.172672][T25806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
17:22:22 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x11}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  340.172684][T25806] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:22 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:22 executing program 1 (fault-call:4 fault-nth:16):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:22 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x60000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  340.250571][T25803] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  340.262225][T25803] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  340.279462][T25826] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  340.292659][T25826] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:22 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x12}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  340.342508][T25839] loop5: detected capacity change from 0 to 16383
[  340.351311][T25839] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  340.353433][T25838] FAULT_INJECTION: forcing a failure.
[  340.353433][T25838] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  340.373650][T25838] CPU: 1 PID: 25838 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  340.382448][T25838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  340.392507][T25838] Call Trace:
[  340.395810][T25838]  dump_stack+0x137/0x19d
[  340.400145][T25838]  should_fail+0x23c/0x250
[  340.404581][T25838]  __alloc_pages+0x102/0x320
[  340.409217][T25838]  alloc_pages_vma+0x391/0x660
[  340.414019][T25838]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  340.419597][T25838]  do_anonymous_page+0x16e/0x8b0
[  340.424577][T25838]  handle_mm_fault+0x96f/0x1a70
[  340.429453][T25838]  do_user_addr_fault+0x60c/0xc00
[  340.434691][T25838]  exc_page_fault+0x94/0x230
[  340.439367][T25838]  asm_exc_page_fault+0x1e/0x30
[  340.444522][T25838] RIP: 0010:clear_user+0x60/0xa0
[  340.449534][T25838] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  340.469314][T25838] RSP: 0018:ffffc9000e89bde8 EFLAGS: 00010206
[  340.475528][T25838] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 000000000000a400
[  340.477223][T25846] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  340.483658][T25838] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fbe000
[  340.483680][T25838] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  340.483692][T25838] R10: 0001c9000e89be47 R11: ffff88812dd0a040 R12: 0000000001010000
[  340.516023][T25838] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  340.523996][T25838]  ? clear_user+0x36/0xa0
[  340.528411][T25838]  ? clear_user+0x48/0xa0
[  340.532746][T25838]  evdev_ioctl_handler+0x11ed/0x17e0
[  340.538021][T25838]  evdev_ioctl+0x20/0x30
[  340.542265][T25838]  ? evdev_poll+0x110/0x110
[  340.546770][T25838]  __se_sys_ioctl+0xcb/0x140
[  340.551473][T25838]  __x64_sys_ioctl+0x3f/0x50
[  340.556077][T25838]  do_syscall_64+0x4a/0x90
[  340.560498][T25838]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  340.566412][T25838] RIP: 0033:0x4665d9
[  340.570326][T25838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  340.590072][T25838] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  340.598494][T25838] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  340.603714][T25839] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  340.606475][T25838] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  340.606489][T25838] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  340.606500][T25838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
17:22:22 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x25}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  340.606510][T25838] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  340.650111][T25839] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  340.714243][T25853] loop3: detected capacity change from 0 to 264192
[  340.717344][T25854] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  340.729513][T25853] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  340.790183][T25854] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  340.800083][T25853] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  340.811261][T25853] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:25 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a5528", 0xf9}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:25 executing program 1 (fault-call:4 fault-nth:17):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3a}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:25 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x60020000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:25 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:25 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0xe03f030000000000, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  342.897950][T25885] loop5: detected capacity change from 0 to 16383
[  342.908403][T25885] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  342.920318][T25893] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  342.933947][T25895] FAULT_INJECTION: forcing a failure.
[  342.933947][T25895] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  342.947482][T25895] CPU: 0 PID: 25895 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  342.956253][T25895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  342.966413][T25895] Call Trace:
[  342.967179][T25893] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  342.969695][T25895]  dump_stack+0x137/0x19d
[  342.982089][T25895]  should_fail+0x23c/0x250
[  342.986524][T25895]  __alloc_pages+0x102/0x320
[  342.987888][T25892] loop3: detected capacity change from 0 to 264192
17:22:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x48}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  342.991204][T25895]  alloc_pages_vma+0x391/0x660
[  343.002487][T25895]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  343.008127][T25895]  do_anonymous_page+0x16e/0x8b0
[  343.013078][T25895]  handle_mm_fault+0x96f/0x1a70
[  343.016365][T25892] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  343.017954][T25895]  do_user_addr_fault+0x60c/0xc00
[  343.017976][T25895]  exc_page_fault+0x94/0x230
[  343.036689][T25895]  asm_exc_page_fault+0x1e/0x30
[  343.041759][T25895] RIP: 0010:clear_user+0x60/0xa0
[  343.046813][T25895] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  343.066546][T25895] RSP: 0018:ffffc9000ea1bde8 EFLAGS: 00010206
[  343.072616][T25895] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 000000000000a200
[  343.080794][T25895] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fbf000
[  343.088871][T25895] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  343.096923][T25895] R10: 0001c9000ea1be47 R11: ffff888106d07000 R12: 0000000001010000
[  343.104889][T25895] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  343.112873][T25895]  ? clear_user+0x36/0xa0
[  343.117207][T25895]  ? clear_user+0x48/0xa0
[  343.121527][T25895]  evdev_ioctl_handler+0x11ed/0x17e0
[  343.126998][T25895]  evdev_ioctl+0x20/0x30
[  343.131253][T25895]  ? evdev_poll+0x110/0x110
[  343.135770][T25895]  __se_sys_ioctl+0xcb/0x140
[  343.140363][T25895]  __x64_sys_ioctl+0x3f/0x50
[  343.144984][T25895]  do_syscall_64+0x4a/0x90
[  343.149484][T25895]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  343.155454][T25895] RIP: 0033:0x4665d9
[  343.159356][T25895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  343.179065][T25895] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  343.187479][T25895] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  343.195507][T25895] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  343.203661][T25895] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  343.211629][T25895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  343.219612][T25895] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  343.241017][T25909] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4c}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:25 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x68000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  343.244014][T25892] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  343.260198][T25892] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  343.262038][T25885] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:22:25 executing program 1 (fault-call:4 fault-nth:18):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  343.285870][T25885] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:25 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x60}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  343.361283][T25918] FAULT_INJECTION: forcing a failure.
[  343.361283][T25918] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  343.374676][T25918] CPU: 0 PID: 25918 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  343.383459][T25918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  343.393511][T25918] Call Trace:
[  343.396794][T25918]  dump_stack+0x137/0x19d
[  343.399825][T25923] loop3: detected capacity change from 0 to 264192
[  343.401123][T25918]  should_fail+0x23c/0x250
[  343.412242][T25918]  __alloc_pages+0x102/0x320
[  343.416929][T25918]  alloc_pages_vma+0x391/0x660
[  343.419129][T25923] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  343.421695][T25918]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  343.421716][T25918]  do_anonymous_page+0x16e/0x8b0
[  343.441225][T25918]  handle_mm_fault+0x96f/0x1a70
[  343.446078][T25918]  do_user_addr_fault+0x60c/0xc00
[  343.451105][T25918]  exc_page_fault+0x94/0x230
[  343.455822][T25918]  asm_exc_page_fault+0x1e/0x30
[  343.460681][T25918] RIP: 0010:clear_user+0x60/0xa0
[  343.465665][T25918] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  343.485318][T25918] RSP: 0018:ffffc9000e943de8 EFLAGS: 00010206
[  343.491387][T25918] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 000000000000a000
[  343.499360][T25918] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc0000
[  343.507323][T25918] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  343.515409][T25918] R10: 0001c9000e943e47 R11: ffff88812e55d040 R12: 0000000001010000
[  343.523449][T25918] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  343.531428][T25918]  ? clear_user+0x36/0xa0
[  343.535860][T25918]  ? clear_user+0x48/0xa0
[  343.540503][T25918]  evdev_ioctl_handler+0x11ed/0x17e0
[  343.545877][T25918]  evdev_ioctl+0x20/0x30
[  343.550173][T25918]  ? evdev_poll+0x110/0x110
[  343.554670][T25932] loop5: detected capacity change from 0 to 16383
[  343.554684][T25918]  __se_sys_ioctl+0xcb/0x140
[  343.565951][T25918]  __x64_sys_ioctl+0x3f/0x50
[  343.570541][T25918]  do_syscall_64+0x4a/0x90
[  343.570701][T25932] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  343.575048][T25918]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  343.575074][T25918] RIP: 0033:0x4665d9
[  343.593911][T25918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  343.613517][T25918] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  343.621934][T25918] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  343.629998][T25918] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  343.637980][T25918] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  343.646033][T25918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  343.653997][T25918] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  343.689921][T25923] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  343.701251][T25923] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  343.718186][T25932] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  343.729308][T25932] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:28 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a5528", 0xf9}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x68}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:28 executing program 1 (fault-call:4 fault-nth:19):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:28 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6c000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:28 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xe, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:28 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x4, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  345.949355][T25968] FAULT_INJECTION: forcing a failure.
[  345.949355][T25968] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  345.954334][T25966] validate_nla: 4 callbacks suppressed
[  345.954346][T25966] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  345.962951][T25968] CPU: 1 PID: 25968 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  345.971158][T25966] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6c}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  345.976566][T25968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  345.976580][T25968] Call Trace:
[  345.976588][T25968]  dump_stack+0x137/0x19d
[  346.011589][T25968]  should_fail+0x23c/0x250
[  346.016047][T25968]  __alloc_pages+0x102/0x320
[  346.017973][T25967] loop5: detected capacity change from 0 to 16383
[  346.020643][T25968]  alloc_pages_vma+0x391/0x660
[  346.031707][T25967] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  346.031926][T25968]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  346.046684][T25968]  do_anonymous_page+0x16e/0x8b0
[  346.048044][T25971] loop3: detected capacity change from 0 to 264192
[  346.051636][T25968]  handle_mm_fault+0x96f/0x1a70
[  346.051663][T25968]  do_user_addr_fault+0x60c/0xc00
[  346.068251][T25968]  exc_page_fault+0x94/0x230
[  346.072855][T25968]  asm_exc_page_fault+0x1e/0x30
[  346.077708][T25968] RIP: 0010:clear_user+0x60/0xa0
[  346.079741][T25971] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:22:28 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a5528", 0xf9}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  346.082732][T25968] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  346.082751][T25968] RSP: 0018:ffffc9000eb3fde8 EFLAGS: 00010206
[  346.117504][T25968] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009e00
[  346.125486][T25968] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc1000
[  346.134441][T25968] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  346.144016][T25968] R10: 0001c9000eb3fe47 R11: ffff88812df28080 R12: 0000000001010000
[  346.152736][T25968] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  346.161642][T25968]  ? clear_user+0x36/0xa0
[  346.166012][T25968]  ? clear_user+0x48/0xa0
[  346.170599][T25968]  evdev_ioctl_handler+0x11ed/0x17e0
[  346.176346][T25968]  evdev_ioctl+0x20/0x30
[  346.181035][T25968]  ? evdev_poll+0x110/0x110
[  346.186268][T25968]  __se_sys_ioctl+0xcb/0x140
[  346.191177][T25968]  __x64_sys_ioctl+0x3f/0x50
[  346.196480][T25968]  do_syscall_64+0x4a/0x90
[  346.201220][T25968]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  346.207635][T25968] RIP: 0033:0x4665d9
[  346.211730][T25968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  346.233146][T25968] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  346.242593][T25968] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  346.252446][T25996] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  346.253023][T25968] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  346.253064][T25968] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  346.253074][T25968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  346.253083][T25968] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:28 executing program 1 (fault-call:4 fault-nth:20):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  346.310146][T25988] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  346.318939][T25967] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  346.330341][T25967] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x74}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:28 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  346.357394][T25971] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  346.368869][T25971] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:28 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x74000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  346.428719][T26005] FAULT_INJECTION: forcing a failure.
[  346.428719][T26005] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  346.442586][T26005] CPU: 1 PID: 26005 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  346.451441][T26005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.451749][T26009] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  346.462216][T26005] Call Trace:
[  346.462227][T26005]  dump_stack+0x137/0x19d
[  346.462251][T26005]  should_fail+0x23c/0x250
[  346.462267][T26005]  __alloc_pages+0x102/0x320
[  346.462284][T26005]  alloc_pages_vma+0x391/0x660
[  346.492522][T26005]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  346.498098][T26005]  do_anonymous_page+0x16e/0x8b0
[  346.503176][T26005]  handle_mm_fault+0x96f/0x1a70
[  346.508038][T26005]  do_user_addr_fault+0x60c/0xc00
[  346.513069][T26005]  exc_page_fault+0x94/0x230
[  346.517706][T26005]  asm_exc_page_fault+0x1e/0x30
[  346.522560][T26005] RIP: 0010:clear_user+0x60/0xa0
[  346.527602][T26005] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  346.547694][T26005] RSP: 0018:ffffc9000ebffde8 EFLAGS: 00010206
[  346.554126][T26005] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009c00
[  346.562099][T26005] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc2000
[  346.570151][T26005] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  346.578118][T26005] R10: 0001c9000ebffe47 R11: ffff88812dd47080 R12: 0000000001010000
[  346.586101][T26005] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  346.594155][T26005]  ? clear_user+0x36/0xa0
[  346.598500][T26005]  ? clear_user+0x48/0xa0
[  346.603000][T26005]  evdev_ioctl_handler+0x11ed/0x17e0
[  346.608458][T26005]  evdev_ioctl+0x20/0x30
[  346.612697][T26005]  ? evdev_poll+0x110/0x110
[  346.617209][T26005]  __se_sys_ioctl+0xcb/0x140
[  346.621889][T26005]  __x64_sys_ioctl+0x3f/0x50
[  346.626670][T26005]  do_syscall_64+0x4a/0x90
[  346.631493][T26005]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  346.637570][T26005] RIP: 0033:0x4665d9
[  346.641476][T26005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  346.661761][T26005] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  346.670426][T26005] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:22:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x7a}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:28 executing program 1 (fault-call:4 fault-nth:21):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  346.678399][T26005] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  346.686655][T26005] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  346.695069][T26005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  346.703293][T26005] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  346.787850][T26029] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  346.798211][T26026] loop5: detected capacity change from 0 to 16383
[  346.799068][T26027] loop3: detected capacity change from 0 to 264192
[  346.811885][T26033] FAULT_INJECTION: forcing a failure.
[  346.811885][T26033] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  346.825378][T26033] CPU: 0 PID: 26033 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  346.834249][T26033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.844534][T26033] Call Trace:
[  346.847837][T26033]  dump_stack+0x137/0x19d
[  346.852254][T26033]  should_fail+0x23c/0x250
[  346.856661][T26033]  __alloc_pages+0x102/0x320
[  346.861252][T26033]  alloc_pages_vma+0x391/0x660
[  346.866007][T26033]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  346.871652][T26033]  do_anonymous_page+0x16e/0x8b0
[  346.876857][T26033]  handle_mm_fault+0x96f/0x1a70
[  346.881879][T26033]  do_user_addr_fault+0x60c/0xc00
[  346.887065][T26033]  exc_page_fault+0x94/0x230
[  346.891986][T26033]  asm_exc_page_fault+0x1e/0x30
[  346.897010][T26033] RIP: 0010:clear_user+0x60/0xa0
[  346.901959][T26033] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  346.921550][T26033] RSP: 0018:ffffc9000ebc7de8 EFLAGS: 00010206
[  346.927601][T26033] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009a00
[  346.935554][T26033] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc3000
[  346.943507][T26033] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  346.951546][T26033] R10: 0001c9000ebc7e47 R11: ffff88812e4b1000 R12: 0000000001010000
[  346.959658][T26033] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  346.967671][T26033]  ? clear_user+0x36/0xa0
[  346.972023][T26033]  ? clear_user+0x48/0xa0
[  346.976363][T26033]  evdev_ioctl_handler+0x11ed/0x17e0
[  346.981631][T26033]  evdev_ioctl+0x20/0x30
[  346.985870][T26033]  ? evdev_poll+0x110/0x110
[  346.990435][T26033]  __se_sys_ioctl+0xcb/0x140
[  346.995010][T26033]  __x64_sys_ioctl+0x3f/0x50
[  346.999584][T26033]  do_syscall_64+0x4a/0x90
[  347.003993][T26033]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  347.010063][T26033] RIP: 0033:0x4665d9
[  347.013960][T26033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  347.033742][T26033] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  347.043348][T26033] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  347.051410][T26033] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  347.059380][T26033] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  347.067532][T26033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  347.075572][T26033] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:29 executing program 1 (fault-call:4 fault-nth:22):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  347.087245][T26026] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  347.118639][T26029] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  347.120720][T26041] FAULT_INJECTION: forcing a failure.
17:22:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x116}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  347.120720][T26041] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  347.140286][T26041] CPU: 1 PID: 26041 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  347.149046][T26041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  347.159180][T26041] Call Trace:
[  347.162476][T26041]  dump_stack+0x137/0x19d
[  347.166858][T26041]  should_fail+0x23c/0x250
[  347.171277][T26041]  __alloc_pages+0x102/0x320
[  347.176151][T26041]  alloc_pages_vma+0x391/0x660
[  347.180981][T26041]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  347.186625][T26041]  do_anonymous_page+0x16e/0x8b0
[  347.191576][T26041]  handle_mm_fault+0x96f/0x1a70
[  347.196533][T26041]  do_user_addr_fault+0x60c/0xc00
[  347.201573][T26041]  exc_page_fault+0x94/0x230
[  347.206372][T26041]  asm_exc_page_fault+0x1e/0x30
[  347.211447][T26041] RIP: 0010:clear_user+0x60/0xa0
[  347.216590][T26041] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  347.236930][T26041] RSP: 0018:ffffc9000ec93de8 EFLAGS: 00010206
[  347.243199][T26041] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009800
[  347.251246][T26041] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc4000
[  347.259321][T26041] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  347.267294][T26041] R10: 0001c9000ec93e47 R11: ffff88812dd47080 R12: 0000000001010000
[  347.275273][T26041] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  347.283267][T26041]  ? clear_user+0x36/0xa0
[  347.287871][T26041]  ? clear_user+0x48/0xa0
[  347.292632][T26041]  evdev_ioctl_handler+0x11ed/0x17e0
[  347.297919][T26041]  evdev_ioctl+0x20/0x30
[  347.302151][T26041]  ? evdev_poll+0x110/0x110
[  347.306825][T26041]  __se_sys_ioctl+0xcb/0x140
[  347.311430][T26041]  __x64_sys_ioctl+0x3f/0x50
[  347.316229][T26041]  do_syscall_64+0x4a/0x90
[  347.320764][T26041]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  347.326667][T26041] RIP: 0033:0x4665d9
[  347.330575][T26041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  347.350585][T26041] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  347.359271][T26041] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  347.367363][T26041] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  347.375559][T26041] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  347.383969][T26041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  347.391936][T26041] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  347.410367][T26026] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  347.410500][T26047] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:29 executing program 1 (fault-call:4 fault-nth:23):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  347.421474][T26026] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  347.445470][T26047] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  347.501403][T26052] FAULT_INJECTION: forcing a failure.
[  347.501403][T26052] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  347.514760][T26052] CPU: 0 PID: 26052 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  347.523527][T26052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  347.534152][T26052] Call Trace:
[  347.537602][T26052]  dump_stack+0x137/0x19d
[  347.541973][T26052]  should_fail+0x23c/0x250
[  347.546472][T26052]  __alloc_pages+0x102/0x320
[  347.551151][T26052]  alloc_pages_vma+0x391/0x660
[  347.555995][T26052]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  347.561733][T26052]  do_anonymous_page+0x16e/0x8b0
[  347.566849][T26052]  handle_mm_fault+0x96f/0x1a70
[  347.571853][T26052]  do_user_addr_fault+0x60c/0xc00
[  347.576891][T26052]  exc_page_fault+0x94/0x230
[  347.581628][T26052]  asm_exc_page_fault+0x1e/0x30
[  347.586560][T26052] RIP: 0010:clear_user+0x60/0xa0
[  347.591585][T26052] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  347.611717][T26052] RSP: 0018:ffffc9000ec83de8 EFLAGS: 00010206
[  347.617795][T26052] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009600
[  347.626210][T26052] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc5000
[  347.634358][T26052] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  347.642327][T26052] R10: 0001c9000ec83e47 R11: ffff88812dd03000 R12: 0000000001010000
[  347.650312][T26052] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  347.658369][T26052]  ? clear_user+0x36/0xa0
[  347.662707][T26052]  ? clear_user+0x48/0xa0
[  347.667203][T26052]  evdev_ioctl_handler+0x11ed/0x17e0
[  347.672487][T26052]  evdev_ioctl+0x20/0x30
[  347.676803][T26052]  ? evdev_poll+0x110/0x110
[  347.681318][T26052]  __se_sys_ioctl+0xcb/0x140
[  347.685909][T26052]  __x64_sys_ioctl+0x3f/0x50
[  347.690496][T26052]  do_syscall_64+0x4a/0x90
[  347.695185][T26052]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  347.701307][T26052] RIP: 0033:0x4665d9
[  347.705195][T26052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  347.725791][T26052] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  347.734415][T26052] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  347.742386][T26052] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  347.750364][T26052] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  347.758434][T26052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  347.766942][T26052] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  347.794666][T26027] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  347.811780][T26027] EXT4-fs warning (device loop3): ext4_multi_mount_protect:386: Unable to create kmmpd thread for loop3.
17:22:30 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:22:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x300}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  348.190697][T26071] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:31 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa7", 0x122}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:31 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x10, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:31 executing program 1 (fault-call:4 fault-nth:24):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:31 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7a000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x500}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  349.156251][T26088] loop3: detected capacity change from 0 to 264192
[  349.173602][T26094] FAULT_INJECTION: forcing a failure.
[  349.173602][T26094] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  349.173757][T26088] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  349.188072][T26094] CPU: 0 PID: 26094 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  349.205915][T26094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  349.216058][T26094] Call Trace:
[  349.219340][T26094]  dump_stack+0x137/0x19d
[  349.223894][T26094]  should_fail+0x23c/0x250
[  349.228421][T26094]  __alloc_pages+0x102/0x320
[  349.233013][T26094]  alloc_pages_vma+0x391/0x660
[  349.237777][T26094]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  349.243325][T26094]  do_anonymous_page+0x16e/0x8b0
[  349.248384][T26094]  handle_mm_fault+0x96f/0x1a70
[  349.253232][T26094]  do_user_addr_fault+0x60c/0xc00
[  349.258413][T26094]  exc_page_fault+0x94/0x230
[  349.263006][T26094]  asm_exc_page_fault+0x1e/0x30
[  349.267911][T26094] RIP: 0010:clear_user+0x60/0xa0
[  349.272847][T26094] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  349.292622][T26094] RSP: 0018:ffffc9000ed5fde8 EFLAGS: 00010206
[  349.298773][T26094] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009400
[  349.306817][T26094] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc6000
[  349.314925][T26094] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  349.322909][T26094] R10: 0001c9000ed5fe47 R11: ffff88812df28080 R12: 0000000001010000
[  349.330961][T26094] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  349.338933][T26094]  ? clear_user+0x36/0xa0
[  349.343340][T26094]  ? clear_user+0x48/0xa0
[  349.347787][T26094]  evdev_ioctl_handler+0x11ed/0x17e0
[  349.353138][T26094]  evdev_ioctl+0x20/0x30
[  349.357371][T26094]  ? evdev_poll+0x110/0x110
[  349.361915][T26094]  __se_sys_ioctl+0xcb/0x140
[  349.366512][T26094]  __x64_sys_ioctl+0x3f/0x50
[  349.371095][T26094]  do_syscall_64+0x4a/0x90
[  349.371497][T26096] loop5: detected capacity change from 0 to 16383
[  349.375586][T26094]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  349.387976][T26094] RIP: 0033:0x4665d9
17:22:31 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:22:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x600}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  349.391865][T26094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  349.392464][T26096] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  349.411636][T26094] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  349.411694][T26094] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  349.437164][T26094] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  349.445165][T26094] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  349.453392][T26094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  349.461379][T26094] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  349.488084][T26096] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:22:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x608}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  349.499424][T26096] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  349.518515][T26088] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  349.529643][T26088] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:31 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x11, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:31 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7e060000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:31 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x700}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:31 executing program 1 (fault-call:4 fault-nth:25):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  349.645667][T26131] FAULT_INJECTION: forcing a failure.
[  349.645667][T26131] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  349.659352][T26131] CPU: 0 PID: 26131 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  349.668282][T26131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  349.671560][T26135] loop5: detected capacity change from 0 to 16383
[  349.678344][T26131] Call Trace:
[  349.678354][T26131]  dump_stack+0x137/0x19d
[  349.678377][T26131]  should_fail+0x23c/0x250
[  349.678400][T26131]  __alloc_pages+0x102/0x320
[  349.701414][T26131]  alloc_pages_vma+0x391/0x660
[  349.702408][T26135] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  349.706203][T26131]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  349.706228][T26131]  do_anonymous_page+0x16e/0x8b0
[  349.726019][T26131]  handle_mm_fault+0x96f/0x1a70
[  349.730877][T26131]  do_user_addr_fault+0x60c/0xc00
[  349.735898][T26131]  exc_page_fault+0x94/0x230
[  349.740503][T26131]  asm_exc_page_fault+0x1e/0x30
[  349.746052][T26131] RIP: 0010:clear_user+0x60/0xa0
[  349.750989][T26131] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  349.770681][T26131] RSP: 0018:ffffc9000eddfde8 EFLAGS: 00010206
[  349.776828][T26131] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009200
[  349.784788][T26131] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc7000
[  349.792784][T26131] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  349.800767][T26131] R10: 0001c9000eddfe47 R11: ffff888106cda040 R12: 0000000001010000
[  349.808821][T26131] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  349.817027][T26131]  ? clear_user+0x36/0xa0
[  349.821553][T26131]  ? clear_user+0x48/0xa0
[  349.825870][T26131]  evdev_ioctl_handler+0x11ed/0x17e0
[  349.831328][T26131]  evdev_ioctl+0x20/0x30
[  349.835649][T26131]  ? evdev_poll+0x110/0x110
[  349.840232][T26131]  __se_sys_ioctl+0xcb/0x140
[  349.844906][T26131]  __x64_sys_ioctl+0x3f/0x50
[  349.849528][T26131]  do_syscall_64+0x4a/0x90
[  349.853970][T26131]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  349.859873][T26131] RIP: 0033:0x4665d9
[  349.863984][T26131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  349.884115][T26131] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  349.892683][T26131] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  349.900659][T26131] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  349.908630][T26131] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  349.916759][T26131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  349.924838][T26131] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  349.955890][T26135] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  349.967138][T26135] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  350.011288][T26146] loop3: detected capacity change from 0 to 264192
[  350.026568][T26146] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  350.069793][T26146] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  350.081112][T26146] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:34 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa7", 0x122}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:34 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x806}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:34 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x12, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:34 executing program 1 (fault-call:4 fault-nth:26):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:34 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x84070000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:34 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xec0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  352.186603][T26179] loop5: detected capacity change from 0 to 16383
[  352.186896][T26176] validate_nla: 9 callbacks suppressed
[  352.186907][T26176] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  352.199014][T26179] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  352.209870][T26178] FAULT_INJECTION: forcing a failure.
[  352.209870][T26178] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  352.217159][T26174] loop3: detected capacity change from 0 to 264192
[  352.229847][T26178] CPU: 1 PID: 26178 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  352.229870][T26178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  352.251216][T26174] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  352.255752][T26178] Call Trace:
[  352.255761][T26178]  dump_stack+0x137/0x19d
[  352.272376][T26178]  should_fail+0x23c/0x250
[  352.276815][T26178]  __alloc_pages+0x102/0x320
[  352.281422][T26178]  alloc_pages_vma+0x391/0x660
[  352.286279][T26178]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  352.291824][T26178]  do_anonymous_page+0x16e/0x8b0
[  352.295251][T26176] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  352.299732][T26178]  handle_mm_fault+0x96f/0x1a70
[  352.299827][T26178]  do_user_addr_fault+0x60c/0xc00
[  352.317937][T26178]  exc_page_fault+0x94/0x230
[  352.322631][T26178]  asm_exc_page_fault+0x1e/0x30
[  352.327590][T26178] RIP: 0010:clear_user+0x60/0xa0
[  352.332524][T26178] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  352.352459][T26178] RSP: 0018:ffffc9000ee87de8 EFLAGS: 00010206
[  352.358528][T26178] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000009000
[  352.366507][T26178] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc8000
[  352.374505][T26178] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  352.382563][T26178] R10: 0001c9000ee87e47 R11: ffff88812e4b1000 R12: 0000000001010000
[  352.390539][T26178] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  352.398535][T26178]  ? clear_user+0x36/0xa0
[  352.402870][T26178]  ? clear_user+0x48/0xa0
[  352.407195][T26178]  evdev_ioctl_handler+0x11ed/0x17e0
[  352.412575][T26178]  evdev_ioctl+0x20/0x30
[  352.416876][T26178]  ? evdev_poll+0x110/0x110
[  352.421432][T26178]  __se_sys_ioctl+0xcb/0x140
[  352.426122][T26178]  __x64_sys_ioctl+0x3f/0x50
[  352.430734][T26178]  do_syscall_64+0x4a/0x90
[  352.435207][T26178]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  352.441188][T26178] RIP: 0033:0x4665d9
[  352.445099][T26178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  352.464699][T26178] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  352.473143][T26178] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:22:34 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x900}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  352.481316][T26178] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  352.489293][T26178] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  352.497447][T26178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  352.505415][T26178] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  352.519205][T26179] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:22:34 executing program 1 (fault-call:4 fault-nth:27):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  352.530308][T26179] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  352.530758][T26174] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  352.556154][T26174] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:34 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x86070000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:34 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x16, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  352.596527][T26198] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  352.635682][T26208] FAULT_INJECTION: forcing a failure.
[  352.635682][T26208] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  352.648993][T26208] CPU: 1 PID: 26208 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  352.657762][T26208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  352.667999][T26208] Call Trace:
[  352.671272][T26208]  dump_stack+0x137/0x19d
[  352.675708][T26208]  should_fail+0x23c/0x250
[  352.680204][T26208]  __alloc_pages+0x102/0x320
[  352.684786][T26208]  alloc_pages_vma+0x391/0x660
[  352.689591][T26208]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  352.695157][T26198] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  352.695265][T26208]  do_anonymous_page+0x16e/0x8b0
[  352.708257][T26208]  handle_mm_fault+0x96f/0x1a70
[  352.713115][T26208]  do_user_addr_fault+0x60c/0xc00
[  352.718298][T26208]  exc_page_fault+0x94/0x230
[  352.722937][T26208]  asm_exc_page_fault+0x1e/0x30
[  352.727879][T26208] RIP: 0010:clear_user+0x60/0xa0
[  352.732915][T26208] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  352.753708][T26208] RSP: 0018:ffffc9000eedfde8 EFLAGS: 00010206
[  352.759922][T26208] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008e00
[  352.768292][T26208] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fc9000
[  352.776347][T26208] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  352.784409][T26208] R10: 0001c9000eedfe47 R11: ffff88812e4b1000 R12: 0000000001010000
[  352.792379][T26208] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  352.800785][T26208]  ? clear_user+0x36/0xa0
[  352.805291][T26208]  ? clear_user+0x48/0xa0
[  352.810061][T26208]  evdev_ioctl_handler+0x11ed/0x17e0
[  352.815614][T26208]  evdev_ioctl+0x20/0x30
[  352.820010][T26208]  ? evdev_poll+0x110/0x110
[  352.824552][T26208]  __se_sys_ioctl+0xcb/0x140
[  352.829280][T26208]  __x64_sys_ioctl+0x3f/0x50
[  352.833924][T26208]  do_syscall_64+0x4a/0x90
[  352.838456][T26208]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  352.844343][T26208] RIP: 0033:0x4665d9
[  352.848243][T26208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  352.867940][T26208] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  352.876366][T26208] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  352.884339][T26208] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  352.892306][T26208] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  352.900270][T26208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  352.908345][T26208] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xa00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  352.946313][T26209] loop3: detected capacity change from 0 to 264192
[  352.972431][T26217] loop5: detected capacity change from 0 to 16383
[  352.987464][T26209] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  353.006370][T26217] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  353.012562][T26223] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  353.028752][T26223] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xb00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  353.039037][T26209] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  353.050125][T26209] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  353.084764][T26217] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  353.096145][T26217] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  353.142738][T26238] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  353.205306][T26238] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:37 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa7", 0x122}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:37 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8cffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:37 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x18, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:37 executing program 1 (fault-call:4 fault-nth:28):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xc00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:37 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf00, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  355.199278][T26260] loop5: detected capacity change from 0 to 16383
[  355.208077][T26264] FAULT_INJECTION: forcing a failure.
[  355.208077][T26264] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  355.211286][T26260] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  355.221358][T26264] CPU: 1 PID: 26264 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  355.231722][T26262] loop3: detected capacity change from 0 to 264192
[  355.239107][T26264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  355.239121][T26264] Call Trace:
[  355.239128][T26264]  dump_stack+0x137/0x19d
[  355.257388][T26262] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  355.259720][T26264]  should_fail+0x23c/0x250
[  355.276896][T26269] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  355.277618][T26264]  __alloc_pages+0x102/0x320
[  355.277639][T26264]  alloc_pages_vma+0x391/0x660
[  355.277657][T26264]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  355.300852][T26264]  do_anonymous_page+0x16e/0x8b0
[  355.305845][T26264]  handle_mm_fault+0x96f/0x1a70
[  355.310829][T26264]  do_user_addr_fault+0x60c/0xc00
[  355.311701][T26269] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  355.316057][T26264]  exc_page_fault+0x94/0x230
[  355.316084][T26264]  asm_exc_page_fault+0x1e/0x30
[  355.334082][T26264] RIP: 0010:clear_user+0x60/0xa0
17:22:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xd00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:37 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f0", 0x137}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  355.339114][T26264] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  355.358902][T26264] RSP: 0018:ffffc9000f003de8 EFLAGS: 00010206
[  355.365029][T26264] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008c00
[  355.373004][T26264] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fca000
[  355.381032][T26264] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  355.389012][T26264] R10: 0001c9000f003e47 R11: ffff888108f20080 R12: 0000000001010000
17:22:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xe00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  355.396980][T26264] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  355.405385][T26264]  ? clear_user+0x36/0xa0
[  355.409840][T26264]  ? clear_user+0x48/0xa0
[  355.414216][T26264]  evdev_ioctl_handler+0x11ed/0x17e0
[  355.419518][T26264]  evdev_ioctl+0x20/0x30
[  355.423755][T26264]  ? evdev_poll+0x110/0x110
[  355.428289][T26264]  __se_sys_ioctl+0xcb/0x140
[  355.432881][T26264]  __x64_sys_ioctl+0x3f/0x50
[  355.437471][T26264]  do_syscall_64+0x4a/0x90
[  355.441891][T26264]  entry_SYSCALL_64_after_hwframe+0x44/0xae
17:22:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1100}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  355.447805][T26264] RIP: 0033:0x4665d9
[  355.451697][T26264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  355.471477][T26264] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.479935][T26264] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  355.488106][T26264] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  355.496084][T26264] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  355.504133][T26264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  355.512296][T26264] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  355.534623][T26262] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:22:37 executing program 1 (fault-call:4 fault-nth:29):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:37 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa51e0000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  355.545878][T26262] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  355.562652][T26260] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  355.573969][T26260] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  355.626323][T26307] FAULT_INJECTION: forcing a failure.
[  355.626323][T26307] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  355.639660][T26307] CPU: 0 PID: 26307 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  355.648432][T26307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  355.658671][T26307] Call Trace:
[  355.662008][T26307]  dump_stack+0x137/0x19d
[  355.666370][T26307]  should_fail+0x23c/0x250
[  355.670794][T26307]  __alloc_pages+0x102/0x320
[  355.675420][T26307]  alloc_pages_vma+0x391/0x660
[  355.680199][T26307]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  355.685747][T26307]  do_anonymous_page+0x16e/0x8b0
[  355.690710][T26307]  handle_mm_fault+0x96f/0x1a70
[  355.695787][T26307]  ? __list_del_entry_valid+0x54/0xc0
[  355.701154][T26307]  ? __switch_to+0x14e/0x4b0
[  355.705739][T26307]  do_user_addr_fault+0x60c/0xc00
[  355.710805][T26307]  exc_page_fault+0x94/0x230
[  355.715451][T26307]  asm_exc_page_fault+0x1e/0x30
[  355.720300][T26307] RIP: 0010:clear_user+0x60/0xa0
[  355.725238][T26307] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  355.744928][T26307] RSP: 0018:ffffc9000f0bbde8 EFLAGS: 00010206
[  355.750989][T26307] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008a00
[  355.759078][T26307] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fcb000
[  355.767060][T26307] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  355.775025][T26307] R10: 0001c9000f0bbe47 R11: ffff88810954c040 R12: 0000000001010000
[  355.783000][T26307] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  355.791152][T26307]  ? clear_user+0x36/0xa0
[  355.795482][T26307]  ? clear_user+0x48/0xa0
[  355.799800][T26307]  evdev_ioctl_handler+0x11ed/0x17e0
[  355.805129][T26307]  evdev_ioctl+0x20/0x30
[  355.809380][T26307]  ? evdev_poll+0x110/0x110
[  355.813880][T26307]  __se_sys_ioctl+0xcb/0x140
[  355.818552][T26307]  __x64_sys_ioctl+0x3f/0x50
17:22:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1200}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:38 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x19, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  355.823235][T26307]  do_syscall_64+0x4a/0x90
[  355.827643][T26307]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  355.833536][T26307] RIP: 0033:0x4665d9
[  355.837426][T26307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  355.857122][T26307] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.867513][T26307] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:22:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1601}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  355.875491][T26307] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  355.883562][T26307] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  355.891549][T26307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  355.899512][T26307] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:38 executing program 1 (fault-call:4 fault-nth:30):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  355.968215][T26317] loop3: detected capacity change from 0 to 264192
[  355.975088][T26323] loop5: detected capacity change from 0 to 16383
[  355.982368][T26317] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:22:38 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa61e0000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  356.026461][T26317] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  356.037676][T26317] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  356.067839][T26323] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  356.081387][T26338] FAULT_INJECTION: forcing a failure.
[  356.081387][T26338] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  356.094786][T26338] CPU: 0 PID: 26338 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  356.103820][T26338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  356.114096][T26338] Call Trace:
[  356.117382][T26338]  dump_stack+0x137/0x19d
[  356.121709][T26338]  should_fail+0x23c/0x250
[  356.126128][T26338]  __alloc_pages+0x102/0x320
[  356.130726][T26338]  alloc_pages_vma+0x391/0x660
[  356.135494][T26338]  do_anonymous_page+0x16e/0x8b0
[  356.140445][T26338]  handle_mm_fault+0x96f/0x1a70
[  356.145291][T26338]  do_user_addr_fault+0x60c/0xc00
[  356.150434][T26338]  exc_page_fault+0x94/0x230
[  356.155036][T26338]  asm_exc_page_fault+0x1e/0x30
[  356.159892][T26338] RIP: 0010:clear_user+0x60/0xa0
[  356.164831][T26338] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  356.184962][T26338] RSP: 0018:ffffc9000f07bde8 EFLAGS: 00010206
[  356.191033][T26338] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008800
[  356.199063][T26338] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fcc000
[  356.207296][T26338] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  356.215272][T26338] R10: 0001c9000f07be47 R11: ffff88810954c040 R12: 0000000001010000
[  356.223238][T26338] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  356.231202][T26338]  ? clear_user+0x36/0xa0
[  356.235810][T26338]  ? clear_user+0x48/0xa0
[  356.240189][T26338]  evdev_ioctl_handler+0x11ed/0x17e0
[  356.245651][T26338]  evdev_ioctl+0x20/0x30
[  356.249893][T26338]  ? evdev_poll+0x110/0x110
[  356.254480][T26338]  __se_sys_ioctl+0xcb/0x140
[  356.259103][T26338]  __x64_sys_ioctl+0x3f/0x50
[  356.263697][T26338]  do_syscall_64+0x4a/0x90
[  356.268315][T26338]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  356.274231][T26338] RIP: 0033:0x4665d9
[  356.278142][T26338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  356.293775][T26323] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  356.297741][T26338] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  356.297762][T26338] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  356.297773][T26338] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  356.297784][T26338] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  356.308964][T26323] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  356.317708][T26338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  356.317723][T26338] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  356.427318][T26357] loop3: detected capacity change from 0 to 264192
[  356.438167][T26357] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  356.477572][T26357] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  356.488678][T26357] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:38 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:22:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:40 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f0", 0x137}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:40 executing program 1 (fault-call:4 fault-nth:31):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:40 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1b, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:40 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa71e0000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2500}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:40 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc00e, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  358.418494][T26393] FAULT_INJECTION: forcing a failure.
[  358.418494][T26393] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  358.427781][T26396] loop3: detected capacity change from 0 to 264192
[  358.431796][T26393] CPU: 0 PID: 26393 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  358.439056][T26398] validate_nla: 12 callbacks suppressed
[  358.439067][T26398] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3a00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  358.447239][T26393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  358.447252][T26393] Call Trace:
[  358.447259][T26393]  dump_stack+0x137/0x19d
[  358.459786][T26396] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  358.460981][T26393]  should_fail+0x23c/0x250
[  358.473617][T26398] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  358.474489][T26393]  __alloc_pages+0x102/0x320
[  358.474509][T26393]  alloc_pages_vma+0x391/0x660
[  358.474527][T26393]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  358.516025][T26393]  do_anonymous_page+0x16e/0x8b0
[  358.521074][T26393]  handle_mm_fault+0x96f/0x1a70
[  358.525995][T26393]  ? __switch_to+0x14e/0x4b0
[  358.526560][T26399] loop5: detected capacity change from 0 to 16383
[  358.530590][T26393]  do_user_addr_fault+0x60c/0xc00
[  358.530613][T26393]  exc_page_fault+0x94/0x230
[  358.546744][T26393]  asm_exc_page_fault+0x1e/0x30
[  358.551705][T26393] RIP: 0010:clear_user+0x60/0xa0
[  358.556688][T26393] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  358.576632][T26393] RSP: 0018:ffffc9000f1dfde8 EFLAGS: 00010206
[  358.582755][T26393] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008600
[  358.590713][T26393] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fcd000
[  358.598673][T26393] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  358.606715][T26393] R10: 0001c9000f1dfe47 R11: ffff88812dd47080 R12: 0000000001010000
[  358.614674][T26393] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  358.623284][T26393]  ? clear_user+0x36/0xa0
[  358.627623][T26393]  ? clear_user+0x48/0xa0
[  358.632043][T26393]  evdev_ioctl_handler+0x11ed/0x17e0
[  358.637314][T26393]  evdev_ioctl+0x20/0x30
[  358.641604][T26393]  ? evdev_poll+0x110/0x110
[  358.646128][T26393]  __se_sys_ioctl+0xcb/0x140
[  358.650709][T26393]  __x64_sys_ioctl+0x3f/0x50
[  358.655290][T26393]  do_syscall_64+0x4a/0x90
[  358.659693][T26393]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  358.665594][T26393] RIP: 0033:0x4665d9
[  358.669559][T26393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  358.689324][T26393] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  358.697827][T26393] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  358.705787][T26393] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  358.713767][T26393] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  358.721904][T26393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  358.729960][T26393] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  358.740708][T26399] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  358.745561][T26396] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:22:41 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb8010000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:41 executing program 1 (fault-call:4 fault-nth:32):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  358.760980][T26396] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  358.769648][T26414] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  358.822484][T26414] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  358.825711][T26399] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  358.842193][T26399] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  358.860121][T26423] FAULT_INJECTION: forcing a failure.
17:22:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4800}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:41 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb9010000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:41 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x22, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  358.860121][T26423] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  358.873743][T26423] CPU: 0 PID: 26423 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  358.882637][T26423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  358.892694][T26423] Call Trace:
[  358.896012][T26423]  dump_stack+0x137/0x19d
[  358.900365][T26423]  should_fail+0x23c/0x250
[  358.904819][T26423]  __alloc_pages+0x102/0x320
[  358.909421][T26423]  alloc_pages_vma+0x391/0x660
[  358.914368][T26423]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  358.919918][T26423]  do_anonymous_page+0x16e/0x8b0
[  358.924941][T26423]  handle_mm_fault+0x96f/0x1a70
[  358.929788][T26423]  do_user_addr_fault+0x60c/0xc00
[  358.934995][T26423]  exc_page_fault+0x94/0x230
[  358.939869][T26423]  asm_exc_page_fault+0x1e/0x30
[  358.944739][T26423] RIP: 0010:clear_user+0x60/0xa0
[  358.946500][T26428] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  358.949674][T26423] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  358.977359][T26423] RSP: 0018:ffffc9000f25fde8 EFLAGS: 00010206
[  358.983513][T26423] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008400
[  358.990270][T26428] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  358.991505][T26423] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fce000
[  358.991520][T26423] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  359.015596][T26423] R10: 0001c9000f25fe47 R11: ffff888108fc7040 R12: 0000000001010000
[  359.023661][T26423] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  359.031737][T26423]  ? clear_user+0x36/0xa0
[  359.036169][T26423]  ? clear_user+0x48/0xa0
[  359.040530][T26423]  evdev_ioctl_handler+0x11ed/0x17e0
[  359.045909][T26423]  evdev_ioctl+0x20/0x30
[  359.050171][T26423]  ? evdev_poll+0x110/0x110
[  359.054814][T26423]  __se_sys_ioctl+0xcb/0x140
[  359.059447][T26423]  __x64_sys_ioctl+0x3f/0x50
[  359.064034][T26423]  do_syscall_64+0x4a/0x90
[  359.068455][T26423]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  359.074499][T26423] RIP: 0033:0x4665d9
[  359.078515][T26423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  359.098293][T26423] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  359.106712][T26423] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  359.114766][T26423] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  359.122778][T26423] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  359.131282][T26423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  359.139444][T26423] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  359.179222][T26433] loop3: detected capacity change from 0 to 264192
[  359.204502][T26433] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  359.223161][T26441] loop5: detected capacity change from 0 to 16383
[  359.237897][T26441] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  359.266561][T26433] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  359.269374][T26441] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  359.277755][T26433] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  359.290013][T26441] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:43 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f0", 0x137}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:43 executing program 1 (fault-call:4 fault-nth:33):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:43 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xba010000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:43 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x25, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:43 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4c00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:43 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x33fe0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  361.413205][T26468] loop3: detected capacity change from 0 to 264192
[  361.420932][T26468] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  361.438209][T26477] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  361.447597][T26478] FAULT_INJECTION: forcing a failure.
[  361.447597][T26478] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  361.460966][T26478] CPU: 1 PID: 26478 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  361.469848][T26478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  361.480051][T26478] Call Trace:
[  361.483334][T26478]  dump_stack+0x137/0x19d
[  361.487748][T26478]  should_fail+0x23c/0x250
[  361.492169][T26478]  __alloc_pages+0x102/0x320
[  361.496846][T26478]  alloc_pages_vma+0x391/0x660
[  361.501603][T26478]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  361.507249][T26478]  do_anonymous_page+0x16e/0x8b0
[  361.512267][T26478]  handle_mm_fault+0x96f/0x1a70
[  361.517149][T26478]  ? __switch_to+0x14e/0x4b0
[  361.521751][T26478]  do_user_addr_fault+0x60c/0xc00
[  361.526772][T26478]  exc_page_fault+0x94/0x230
[  361.531391][T26478]  asm_exc_page_fault+0x1e/0x30
[  361.536250][T26478] RIP: 0010:clear_user+0x60/0xa0
[  361.542309][T26478] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  361.561943][T26478] RSP: 0018:ffffc9000f35bde8 EFLAGS: 00010206
[  361.568335][T26478] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008200
[  361.576573][T26478] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fcf000
[  361.584836][T26478] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  361.592936][T26478] R10: 0001c9000f35be47 R11: ffff888108fc7040 R12: 0000000001010000
[  361.600991][T26478] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  361.609153][T26478]  ? clear_user+0x36/0xa0
[  361.613658][T26478]  ? clear_user+0x48/0xa0
[  361.618063][T26478]  evdev_ioctl_handler+0x11ed/0x17e0
[  361.623560][T26478]  evdev_ioctl+0x20/0x30
[  361.628100][T26478]  ? evdev_poll+0x110/0x110
[  361.632966][T26478]  __se_sys_ioctl+0xcb/0x140
[  361.637555][T26478]  __x64_sys_ioctl+0x3f/0x50
[  361.642236][T26478]  do_syscall_64+0x4a/0x90
[  361.646663][T26478]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  361.652616][T26478] RIP: 0033:0x4665d9
[  361.656506][T26478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  361.677229][T26478] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  361.685832][T26478] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  361.694134][T26478] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  361.702282][T26478] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  361.710256][T26478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  361.718615][T26478] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  361.733970][T26479] loop5: detected capacity change from 0 to 16383
[  361.734404][T26477] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  361.750765][T26479] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:22:44 executing program 1 (fault-call:4 fault-nth:34):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  361.772289][T26468] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  361.783419][T26468] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  361.801697][T26493] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  361.811032][T26494] FAULT_INJECTION: forcing a failure.
[  361.811032][T26494] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  361.824675][T26494] CPU: 1 PID: 26494 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  361.833857][T26494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  361.844814][T26494] Call Trace:
[  361.848176][T26494]  dump_stack+0x137/0x19d
[  361.852509][T26494]  should_fail+0x23c/0x250
[  361.857002][T26494]  __alloc_pages+0x102/0x320
[  361.861585][T26494]  alloc_pages_vma+0x391/0x660
[  361.866430][T26494]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  361.871976][T26494]  do_anonymous_page+0x16e/0x8b0
[  361.877108][T26494]  handle_mm_fault+0x96f/0x1a70
[  361.882023][T26494]  do_user_addr_fault+0x60c/0xc00
[  361.887156][T26494]  exc_page_fault+0x94/0x230
[  361.891884][T26494]  asm_exc_page_fault+0x1e/0x30
[  361.896749][T26494] RIP: 0010:clear_user+0x60/0xa0
[  361.901854][T26494] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  361.922404][T26494] RSP: 0018:ffffc9000f383de8 EFLAGS: 00010206
[  361.928482][T26494] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000008000
[  361.936466][T26494] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd0000
[  361.944537][T26494] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  361.952533][T26494] R10: 0001c9000f383e47 R11: ffff888109403000 R12: 0000000001010000
[  361.960934][T26494] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  361.969212][T26494]  ? clear_user+0x36/0xa0
[  361.973542][T26494]  ? clear_user+0x48/0xa0
[  361.977868][T26494]  evdev_ioctl_handler+0x11ed/0x17e0
[  361.983237][T26494]  evdev_ioctl+0x20/0x30
[  361.987570][T26494]  ? evdev_poll+0x110/0x110
[  361.992071][T26494]  __se_sys_ioctl+0xcb/0x140
[  361.996661][T26494]  __x64_sys_ioctl+0x3f/0x50
[  362.001360][T26494]  do_syscall_64+0x4a/0x90
[  362.005855][T26494]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  362.011820][T26494] RIP: 0033:0x4665d9
[  362.015708][T26494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  362.035615][T26494] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  362.044201][T26494] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  362.052318][T26494] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  362.060310][T26494] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
17:22:44 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xbb010000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  362.068384][T26494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  362.076363][T26494] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  362.111936][T26479] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:22:44 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xbc010000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:44 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2e, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  362.123495][T26479] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  362.139765][T26493] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6800}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:44 executing program 1 (fault-call:4 fault-nth:35):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  362.206214][T26511] loop3: detected capacity change from 0 to 264192
[  362.213438][T26517] FAULT_INJECTION: forcing a failure.
[  362.213438][T26517] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  362.221491][T26511] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  362.226871][T26517] CPU: 1 PID: 26517 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  362.245115][T26517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  362.255252][T26517] Call Trace:
[  362.258534][T26517]  dump_stack+0x137/0x19d
[  362.262856][T26517]  should_fail+0x23c/0x250
[  362.267406][T26517]  __alloc_pages+0x102/0x320
[  362.272261][T26517]  alloc_pages_vma+0x391/0x660
[  362.277020][T26517]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  362.282589][T26517]  do_anonymous_page+0x16e/0x8b0
[  362.287596][T26517]  handle_mm_fault+0x96f/0x1a70
[  362.292548][T26517]  do_user_addr_fault+0x60c/0xc00
[  362.297623][T26517]  exc_page_fault+0x94/0x230
[  362.302218][T26517]  asm_exc_page_fault+0x1e/0x30
[  362.307158][T26517] RIP: 0010:clear_user+0x60/0xa0
[  362.312107][T26517] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  362.332430][T26517] RSP: 0018:ffffc9000f11fde8 EFLAGS: 00010206
[  362.338604][T26517] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007e00
[  362.346575][T26517] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd1000
[  362.354909][T26517] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  362.362915][T26517] R10: 0001c9000f11fe47 R11: ffff88812f57d040 R12: 0000000001010000
[  362.370923][T26517] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  362.378915][T26517]  ? clear_user+0x36/0xa0
[  362.383546][T26517]  ? clear_user+0x48/0xa0
[  362.387887][T26517]  evdev_ioctl_handler+0x11ed/0x17e0
[  362.393222][T26517]  evdev_ioctl+0x20/0x30
[  362.397477][T26517]  ? evdev_poll+0x110/0x110
[  362.401995][T26517]  __se_sys_ioctl+0xcb/0x140
[  362.406613][T26517]  __x64_sys_ioctl+0x3f/0x50
[  362.412087][T26517]  do_syscall_64+0x4a/0x90
[  362.416566][T26517]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  362.422492][T26517] RIP: 0033:0x4665d9
[  362.426376][T26517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  362.446070][T26517] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  362.454596][T26517] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  362.462862][T26517] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  362.470888][T26517] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  362.478856][T26517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  362.486910][T26517] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  362.499597][T26511] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  362.510699][T26511] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  362.546021][T26536] loop5: detected capacity change from 0 to 16383
[  362.553564][T26536] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  362.577937][T26536] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  362.589164][T26536] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:46 executing program 1 (fault-call:4 fault-nth:36):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:46 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a", 0x141}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6c00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:46 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x32, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:46 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc0010000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:46 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf0ff7f, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  364.467451][T26556] validate_nla: 1 callbacks suppressed
[  364.467480][T26556] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  364.483000][T26556] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  364.491379][T26557] loop3: detected capacity change from 0 to 264192
[  364.498487][T26565] loop5: detected capacity change from 0 to 16383
[  364.501803][T26564] FAULT_INJECTION: forcing a failure.
[  364.501803][T26564] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  364.509621][T26565] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  364.518432][T26564] CPU: 0 PID: 26564 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  364.536636][T26564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  364.546688][T26564] Call Trace:
[  364.550053][T26564]  dump_stack+0x137/0x19d
[  364.554397][T26564]  should_fail+0x23c/0x250
[  364.558834][T26564]  __alloc_pages+0x102/0x320
[  364.563458][T26564]  alloc_pages_vma+0x391/0x660
[  364.564613][T26557] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  364.568222][T26564]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  364.568250][T26564]  do_anonymous_page+0x16e/0x8b0
[  364.588087][T26564]  handle_mm_fault+0x96f/0x1a70
[  364.593037][T26564]  do_user_addr_fault+0x60c/0xc00
[  364.598056][T26564]  exc_page_fault+0x94/0x230
[  364.602720][T26564]  asm_exc_page_fault+0x1e/0x30
[  364.607651][T26564] RIP: 0010:clear_user+0x60/0xa0
[  364.612665][T26564] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  364.633126][T26564] RSP: 0018:ffffc9000f4bbde8 EFLAGS: 00010206
[  364.639509][T26564] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007c00
[  364.647471][T26564] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd2000
[  364.655538][T26564] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  364.663520][T26564] R10: 0001c9000f4bbe47 R11: ffff88812e2b5080 R12: 0000000001010000
[  364.671929][T26564] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  364.679908][T26564]  ? clear_user+0x36/0xa0
[  364.684419][T26564]  ? clear_user+0x48/0xa0
[  364.688732][T26564]  evdev_ioctl_handler+0x11ed/0x17e0
[  364.694127][T26564]  evdev_ioctl+0x20/0x30
[  364.698460][T26564]  ? evdev_poll+0x110/0x110
[  364.702959][T26564]  __se_sys_ioctl+0xcb/0x140
[  364.707600][T26564]  __x64_sys_ioctl+0x3f/0x50
[  364.712256][T26564]  do_syscall_64+0x4a/0x90
[  364.716753][T26564]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  364.722715][T26564] RIP: 0033:0x4665d9
[  364.726761][T26564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  364.746355][T26564] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  364.754819][T26564] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:22:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x7400}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  364.762776][T26564] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  364.770893][T26564] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  364.778864][T26564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  364.786821][T26564] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  364.808045][T26565] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  364.819326][T26565] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  364.848105][T26582] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:47 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x48, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:47 executing program 1 (fault-call:4 fault-nth:37):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x7a00}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  364.858177][T26557] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  364.869598][T26557] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  364.891880][T26582] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  364.935443][T26592] FAULT_INJECTION: forcing a failure.
[  364.935443][T26592] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  364.948843][T26592] CPU: 0 PID: 26592 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  364.957794][T26592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  364.968406][T26592] Call Trace:
[  364.971807][T26592]  dump_stack+0x137/0x19d
[  364.976145][T26592]  should_fail+0x23c/0x250
[  364.980629][T26592]  __alloc_pages+0x102/0x320
[  364.985226][T26592]  alloc_pages_vma+0x391/0x660
[  364.990068][T26592]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  364.995622][T26592]  do_anonymous_page+0x16e/0x8b0
[  365.000639][T26592]  handle_mm_fault+0x96f/0x1a70
[  365.005577][T26592]  ? __switch_to+0x14e/0x4b0
[  365.010181][T26592]  do_user_addr_fault+0x60c/0xc00
[  365.015199][T26592]  exc_page_fault+0x94/0x230
[  365.019145][T26601] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  365.019812][T26592]  asm_exc_page_fault+0x1e/0x30
[  365.033277][T26592] RIP: 0010:clear_user+0x60/0xa0
[  365.038307][T26592] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  365.057912][T26592] RSP: 0018:ffffc9000f50bde8 EFLAGS: 00010206
[  365.064068][T26592] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007a00
[  365.072257][T26592] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd3000
[  365.080316][T26592] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  365.088391][T26592] R10: 0001c9000f50be47 R11: ffff88812e55d040 R12: 0000000001010000
[  365.096484][T26592] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  365.104536][T26592]  ? clear_user+0x36/0xa0
[  365.108968][T26592]  ? clear_user+0x48/0xa0
[  365.113329][T26592]  evdev_ioctl_handler+0x11ed/0x17e0
[  365.118638][T26592]  evdev_ioctl+0x20/0x30
[  365.122875][T26592]  ? evdev_poll+0x110/0x110
[  365.127381][T26592]  __se_sys_ioctl+0xcb/0x140
17:22:47 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc0ed0000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  365.132274][T26592]  __x64_sys_ioctl+0x3f/0x50
[  365.137174][T26592]  do_syscall_64+0x4a/0x90
[  365.141675][T26592]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  365.147805][T26592] RIP: 0033:0x4665d9
[  365.151717][T26592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  365.171463][T26592] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  365.179904][T26592] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  365.187916][T26592] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  365.195897][T26592] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  365.204013][T26592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  365.212165][T26592] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  365.228229][T26600] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:47 executing program 1 (fault-call:4 fault-nth:38):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x34000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  365.236665][T26602] loop5: detected capacity change from 0 to 16383
[  365.249133][T26602] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  365.284866][T26615] FAULT_INJECTION: forcing a failure.
[  365.284866][T26615] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  365.298160][T26615] CPU: 1 PID: 26615 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  365.306927][T26615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  365.308363][T26616] loop3: detected capacity change from 0 to 264192
[  365.317012][T26615] Call Trace:
[  365.317021][T26615]  dump_stack+0x137/0x19d
[  365.317046][T26615]  should_fail+0x23c/0x250
[  365.327931][T26620] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  365.331261][T26615]  __alloc_pages+0x102/0x320
[  365.331296][T26615]  alloc_pages_vma+0x391/0x660
[  365.354161][T26615]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  365.360608][T26615]  do_anonymous_page+0x16e/0x8b0
[  365.365565][T26615]  handle_mm_fault+0x96f/0x1a70
[  365.370545][T26615]  do_user_addr_fault+0x60c/0xc00
[  365.375581][T26615]  exc_page_fault+0x94/0x230
[  365.380180][T26615]  asm_exc_page_fault+0x1e/0x30
[  365.385049][T26615] RIP: 0010:clear_user+0x60/0xa0
[  365.390083][T26615] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  365.409774][T26615] RSP: 0018:ffffc9000f567de8 EFLAGS: 00010206
[  365.415937][T26615] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007800
[  365.424105][T26615] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd4000
[  365.432060][T26615] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  365.440153][T26615] R10: 0001c9000f567e47 R11: ffff888106ca1080 R12: 0000000001010000
[  365.448332][T26615] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  365.456383][T26615]  ? clear_user+0x36/0xa0
[  365.460859][T26615]  ? clear_user+0x48/0xa0
[  365.465171][T26615]  evdev_ioctl_handler+0x11ed/0x17e0
[  365.470454][T26615]  evdev_ioctl+0x20/0x30
[  365.474707][T26615]  ? evdev_poll+0x110/0x110
[  365.479209][T26615]  __se_sys_ioctl+0xcb/0x140
[  365.483984][T26615]  __x64_sys_ioctl+0x3f/0x50
[  365.488564][T26615]  do_syscall_64+0x4a/0x90
[  365.493179][T26615]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  365.499081][T26615] RIP: 0033:0x4665d9
[  365.502961][T26615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  365.522814][T26615] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  365.531512][T26615] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  365.539486][T26615] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  365.547603][T26615] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  365.555675][T26615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  365.563772][T26615] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  365.599152][T26602] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  365.610386][T26602] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  365.666468][T26616] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  365.724812][T26616] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  365.736261][T26616] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:49 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:49 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a", 0x141}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400300}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:49 executing program 1 (fault-call:4 fault-nth:39):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:49 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc1030000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:49 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x4000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  367.528640][T26655] loop3: detected capacity change from 0 to 264192
[  367.529038][T26653] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  367.539236][T26655] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  367.544728][T26654] FAULT_INJECTION: forcing a failure.
[  367.544728][T26654] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  367.554459][T26656] loop5: detected capacity change from 0 to 16383
[  367.567507][T26654] CPU: 1 PID: 26654 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  367.567532][T26654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  367.589279][T26656] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  367.594573][T26654] Call Trace:
[  367.594583][T26654]  dump_stack+0x137/0x19d
[  367.611494][T26654]  should_fail+0x23c/0x250
[  367.616114][T26654]  __alloc_pages+0x102/0x320
[  367.617185][T26653] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xe0ffff}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  367.620744][T26654]  alloc_pages_vma+0x391/0x660
[  367.620768][T26654]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  367.639794][T26654]  do_anonymous_page+0x16e/0x8b0
[  367.644842][T26654]  handle_mm_fault+0x96f/0x1a70
[  367.649817][T26654]  do_user_addr_fault+0x60c/0xc00
[  367.654941][T26654]  exc_page_fault+0x94/0x230
[  367.659717][T26654]  asm_exc_page_fault+0x1e/0x30
[  367.664876][T26654] RIP: 0010:clear_user+0x60/0xa0
[  367.669969][T26654] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  367.676119][T26671] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  367.689939][T26654] RSP: 0018:ffffc9000f61fde8 EFLAGS: 00010206
[  367.689958][T26654] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007600
[  367.689969][T26654] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd5000
[  367.689980][T26654] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  367.728382][T26654] R10: 0001c9000f61fe47 R11: ffff88812f49d040 R12: 0000000001010000
[  367.736386][T26654] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  367.744469][T26654]  ? clear_user+0x36/0xa0
[  367.748816][T26654]  ? clear_user+0x48/0xa0
[  367.753322][T26654]  evdev_ioctl_handler+0x11ed/0x17e0
[  367.758837][T26654]  evdev_ioctl+0x20/0x30
[  367.763575][T26654]  ? evdev_poll+0x110/0x110
[  367.768298][T26654]  __se_sys_ioctl+0xcb/0x140
[  367.773240][T26654]  __x64_sys_ioctl+0x3f/0x50
[  367.778292][T26654]  do_syscall_64+0x4a/0x90
[  367.782877][T26654]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  367.790386][T26654] RIP: 0033:0x4665d9
[  367.794544][T26654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  367.814644][T26654] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
17:22:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  367.823841][T26654] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  367.831817][T26654] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  367.840095][T26654] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  367.848069][T26654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  367.856123][T26654] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:50 executing program 1 (fault-call:4 fault-nth:40):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  367.888526][T26656] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  367.899943][T26656] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  367.918454][T26655] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  367.929591][T26655] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  367.965714][T26685] FAULT_INJECTION: forcing a failure.
[  367.965714][T26685] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  367.979156][T26685] CPU: 1 PID: 26685 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
17:22:50 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x60, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  367.988100][T26685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  367.998304][T26685] Call Trace:
[  368.001586][T26685]  dump_stack+0x137/0x19d
[  368.006078][T26685]  should_fail+0x23c/0x250
[  368.010521][T26685]  __alloc_pages+0x102/0x320
[  368.015604][T26685]  alloc_pages_vma+0x391/0x660
[  368.020909][T26685]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  368.026553][T26685]  do_anonymous_page+0x16e/0x8b0
[  368.031675][T26685]  handle_mm_fault+0x96f/0x1a70
[  368.036546][T26685]  do_user_addr_fault+0x60c/0xc00
[  368.041580][T26685]  exc_page_fault+0x94/0x230
[  368.046191][T26685]  asm_exc_page_fault+0x1e/0x30
[  368.051252][T26685] RIP: 0010:clear_user+0x60/0xa0
[  368.056232][T26685] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  368.075885][T26685] RSP: 0018:ffffc9000f677de8 EFLAGS: 00010206
[  368.082074][T26685] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007400
[  368.090175][T26685] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd6000
[  368.098723][T26685] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  368.106694][T26685] R10: 0001c9000f677e47 R11: ffff88812f49d040 R12: 0000000001010000
[  368.115030][T26685] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  368.123011][T26685]  ? clear_user+0x36/0xa0
[  368.127353][T26685]  ? clear_user+0x48/0xa0
[  368.131709][T26685]  evdev_ioctl_handler+0x11ed/0x17e0
[  368.137007][T26685]  evdev_ioctl+0x20/0x30
[  368.141330][T26685]  ? evdev_poll+0x110/0x110
[  368.145827][T26685]  __se_sys_ioctl+0xcb/0x140
[  368.150417][T26685]  __x64_sys_ioctl+0x3f/0x50
[  368.155175][T26685]  do_syscall_64+0x4a/0x90
[  368.159638][T26685]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  368.165575][T26685] RIP: 0033:0x4665d9
[  368.169483][T26685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
17:22:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:50 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd6000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  368.189810][T26685] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.198231][T26685] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  368.206633][T26685] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  368.214810][T26685] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  368.222778][T26685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  368.230947][T26685] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:50 executing program 1 (fault-call:4 fault-nth:41):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  368.321092][T26710] FAULT_INJECTION: forcing a failure.
[  368.321092][T26710] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  368.334880][T26710] CPU: 1 PID: 26710 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  368.343755][T26710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  368.354254][T26710] Call Trace:
[  368.357837][T26710]  dump_stack+0x137/0x19d
[  368.362316][T26710]  should_fail+0x23c/0x250
[  368.366810][T26710]  __alloc_pages+0x102/0x320
[  368.371406][T26710]  alloc_pages_vma+0x391/0x660
[  368.376528][T26710]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  368.382323][T26710]  do_anonymous_page+0x16e/0x8b0
[  368.387309][T26710]  handle_mm_fault+0x96f/0x1a70
[  368.392395][T26710]  do_user_addr_fault+0x60c/0xc00
[  368.397643][T26710]  exc_page_fault+0x94/0x230
[  368.402444][T26710]  asm_exc_page_fault+0x1e/0x30
[  368.407339][T26710] RIP: 0010:clear_user+0x60/0xa0
[  368.412279][T26710] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  368.432182][T26710] RSP: 0018:ffffc9000f71bde8 EFLAGS: 00010206
[  368.438269][T26710] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007200
[  368.446305][T26710] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd7000
[  368.454277][T26710] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  368.462866][T26710] R10: 0001c9000f71be47 R11: ffff88810031e000 R12: 0000000001010000
[  368.471062][T26710] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  368.479291][T26710]  ? clear_user+0x36/0xa0
[  368.483672][T26710]  ? clear_user+0x48/0xa0
[  368.488010][T26710]  evdev_ioctl_handler+0x11ed/0x17e0
[  368.493391][T26710]  evdev_ioctl+0x20/0x30
[  368.498022][T26710]  ? evdev_poll+0x110/0x110
[  368.502661][T26710]  __se_sys_ioctl+0xcb/0x140
[  368.507309][T26710]  __x64_sys_ioctl+0x3f/0x50
[  368.511933][T26710]  do_syscall_64+0x4a/0x90
[  368.516443][T26710]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  368.522488][T26710] RIP: 0033:0x4665d9
[  368.526375][T26710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  368.546453][T26710] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  368.555495][T26710] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  368.563922][T26710] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  368.572193][T26710] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  368.580858][T26710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  368.588853][T26710] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  368.603496][T26711] loop5: detected capacity change from 0 to 16383
[  368.617679][T26707] loop3: detected capacity change from 0 to 264192
[  368.632481][T26711] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  368.644445][T26707] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  368.671754][T26711] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  368.683717][T26711] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  368.695457][T26707] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  368.710067][T26707] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:52 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a", 0x141}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:52 executing program 1 (fault-call:4 fault-nth:42):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:52 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x68, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:52 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd7000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:52 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  370.538534][T26746] validate_nla: 3 callbacks suppressed
[  370.538546][T26746] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  370.548230][T26750] FAULT_INJECTION: forcing a failure.
[  370.548230][T26750] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  370.554335][T26749] loop5: detected capacity change from 0 to 16383
[  370.565729][T26750] CPU: 1 PID: 26750 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
17:22:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  370.565753][T26750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  370.573158][T26747] loop3: detected capacity change from 0 to 264192
[  370.581049][T26750] Call Trace:
[  370.581060][T26750]  dump_stack+0x137/0x19d
[  370.581085][T26750]  should_fail+0x23c/0x250
[  370.581101][T26750]  __alloc_pages+0x102/0x320
[  370.593150][T26746] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  370.597800][T26750]  alloc_pages_vma+0x391/0x660
[  370.597825][T26750]  ? page_add_new_anon_rmap+0x26d/0x2c0
17:22:52 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c", 0x146}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  370.609796][T26749] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  370.610096][T26750]  do_anonymous_page+0x16e/0x8b0
[  370.627546][T26747] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  370.629364][T26750]  handle_mm_fault+0x96f/0x1a70
[  370.663074][T26750]  do_user_addr_fault+0x60c/0xc00
[  370.668199][T26750]  exc_page_fault+0x94/0x230
[  370.672836][T26750]  asm_exc_page_fault+0x1e/0x30
[  370.677728][T26750] RIP: 0010:clear_user+0x60/0xa0
[  370.682889][T26750] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  370.703033][T26750] RSP: 0018:ffffc9000f7bbde8 EFLAGS: 00010206
[  370.709118][T26750] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000007000
[  370.717484][T26750] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd8000
[  370.725698][T26750] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  370.734807][T26750] R10: 0001c9000f7bbe47 R11: ffff88810961d040 R12: 0000000001010000
[  370.742865][T26750] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  370.751127][T26750]  ? clear_user+0x36/0xa0
[  370.755470][T26750]  ? clear_user+0x48/0xa0
[  370.759882][T26750]  evdev_ioctl_handler+0x11ed/0x17e0
[  370.765202][T26750]  evdev_ioctl+0x20/0x30
[  370.769454][T26750]  ? evdev_poll+0x110/0x110
[  370.774073][T26750]  __se_sys_ioctl+0xcb/0x140
[  370.778854][T26750]  __x64_sys_ioctl+0x3f/0x50
[  370.783574][T26750]  do_syscall_64+0x4a/0x90
[  370.788226][T26750]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  370.789268][T26777] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  370.794254][T26750] RIP: 0033:0x4665d9
[  370.794271][T26750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  370.828973][T26750] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.837396][T26750] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  370.843011][T26749] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  370.845375][T26750] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  370.845390][T26750] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  370.856488][T26749] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:53 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6c, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  370.864517][T26750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  370.894828][T26750] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  370.904229][T26747] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  370.915459][T26747] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:53 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c", 0x146}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:53 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd8000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  370.954363][T26775] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:22:53 executing program 1 (fault-call:4 fault-nth:43):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  371.047315][T26787] loop5: detected capacity change from 0 to 16383
[  371.063602][T26797] FAULT_INJECTION: forcing a failure.
[  371.063602][T26797] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  371.076922][T26797] CPU: 0 PID: 26797 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  371.086587][T26797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  371.096950][T26797] Call Trace:
[  371.100381][T26797]  dump_stack+0x137/0x19d
[  371.104705][T26797]  should_fail+0x23c/0x250
[  371.109173][T26797]  __alloc_pages+0x102/0x320
[  371.114280][T26797]  alloc_pages_vma+0x391/0x660
[  371.119186][T26797]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  371.124797][T26797]  do_anonymous_page+0x16e/0x8b0
[  371.129809][T26797]  handle_mm_fault+0x96f/0x1a70
[  371.134844][T26797]  ? __switch_to+0x14e/0x4b0
[  371.139539][T26797]  do_user_addr_fault+0x60c/0xc00
[  371.144837][T26797]  exc_page_fault+0x94/0x230
[  371.149426][T26797]  asm_exc_page_fault+0x1e/0x30
[  371.154281][T26797] RIP: 0010:clear_user+0x60/0xa0
[  371.159326][T26797] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  371.179892][T26797] RSP: 0018:ffffc9000f82bde8 EFLAGS: 00010206
[  371.186038][T26797] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006e00
[  371.194057][T26797] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fd9000
[  371.202013][T26797] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  371.210262][T26797] R10: 0001c9000f82be47 R11: ffff888106ca1080 R12: 0000000001010000
[  371.218283][T26797] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  371.226342][T26797]  ? clear_user+0x36/0xa0
[  371.230724][T26797]  ? clear_user+0x48/0xa0
[  371.235050][T26797]  evdev_ioctl_handler+0x11ed/0x17e0
[  371.240639][T26797]  evdev_ioctl+0x20/0x30
[  371.244867][T26797]  ? evdev_poll+0x110/0x110
[  371.249507][T26797]  __se_sys_ioctl+0xcb/0x140
[  371.254239][T26797]  __x64_sys_ioctl+0x3f/0x50
[  371.258838][T26797]  do_syscall_64+0x4a/0x90
[  371.263280][T26797]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  371.269230][T26797] RIP: 0033:0x4665d9
[  371.273207][T26797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  371.292939][T26797] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  371.301334][T26797] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  371.309315][T26797] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  371.317460][T26797] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  371.325546][T26797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  371.333613][T26797] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  371.350145][T26805] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  371.354515][T26803] loop3: detected capacity change from 0 to 264192
[  371.359074][T26804] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  371.375520][T26803] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  371.416957][T26787] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  371.426555][T26803] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  371.437636][T26803] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6080000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  371.462563][T26817] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  371.471787][T26817] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  371.482002][T26787] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  371.493192][T26787] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:53 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd9000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:53 executing program 1 (fault-call:4 fault-nth:44):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  371.583325][T26828] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  371.583615][T26829] FAULT_INJECTION: forcing a failure.
[  371.583615][T26829] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  371.604753][T26829] CPU: 0 PID: 26829 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  371.613523][T26829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  371.623622][T26829] Call Trace:
[  371.627591][T26829]  dump_stack+0x137/0x19d
[  371.631987][T26829]  should_fail+0x23c/0x250
[  371.636524][T26829]  __alloc_pages+0x102/0x320
[  371.641219][T26829]  alloc_pages_vma+0x391/0x660
[  371.645988][T26829]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  371.651794][T26829]  do_anonymous_page+0x16e/0x8b0
[  371.657076][T26829]  handle_mm_fault+0x96f/0x1a70
[  371.661952][T26829]  do_user_addr_fault+0x60c/0xc00
[  371.667145][T26829]  exc_page_fault+0x94/0x230
[  371.671804][T26829]  asm_exc_page_fault+0x1e/0x30
[  371.676648][T26829] RIP: 0010:clear_user+0x60/0xa0
[  371.681767][T26829] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  371.701363][T26829] RSP: 0018:ffffc9000f893de8 EFLAGS: 00010206
[  371.707569][T26829] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006c00
[  371.715541][T26829] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fda000
[  371.723589][T26829] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  371.731601][T26829] R10: 0001c9000f893e47 R11: ffff8881095a1000 R12: 0000000001010000
[  371.739634][T26829] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  371.747712][T26829]  ? clear_user+0x36/0xa0
[  371.752129][T26829]  ? clear_user+0x48/0xa0
[  371.756463][T26829]  evdev_ioctl_handler+0x11ed/0x17e0
[  371.761837][T26829]  evdev_ioctl+0x20/0x30
[  371.766079][T26829]  ? evdev_poll+0x110/0x110
[  371.770638][T26829]  __se_sys_ioctl+0xcb/0x140
[  371.775236][T26829]  __x64_sys_ioctl+0x3f/0x50
[  371.779849][T26829]  do_syscall_64+0x4a/0x90
[  371.784270][T26829]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  371.790218][T26829] RIP: 0033:0x4665d9
[  371.794110][T26829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  371.813712][T26829] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  371.822148][T26829] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  371.830207][T26829] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  371.838264][T26829] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  371.846321][T26829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  371.854301][T26829] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  371.878805][T26834] loop3: detected capacity change from 0 to 264192
[  371.898301][T26828] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  371.919893][T26834] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  371.975817][T26834] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  371.987140][T26834] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:22:54 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x7ffff000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:22:54 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x74, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:54 executing program 1 (fault-call:4 fault-nth:45):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x7000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  372.498594][T26853] loop5: detected capacity change from 0 to 16383
[  372.501345][T26856] FAULT_INJECTION: forcing a failure.
[  372.501345][T26856] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  372.507546][T26853] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  372.518476][T26856] CPU: 0 PID: 26856 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  372.518500][T26856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  372.518509][T26856] Call Trace:
[  372.518515][T26856]  dump_stack+0x137/0x19d
[  372.518535][T26856]  should_fail+0x23c/0x250
[  372.518554][T26856]  __alloc_pages+0x102/0x320
[  372.518568][T26856]  alloc_pages_vma+0x391/0x660
[  372.568344][T26856]  do_anonymous_page+0x16e/0x8b0
[  372.573300][T26856]  handle_mm_fault+0x96f/0x1a70
[  372.577903][T26853] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  372.578188][T26856]  do_user_addr_fault+0x60c/0xc00
[  372.589603][T26853] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  372.594572][T26856]  exc_page_fault+0x94/0x230
[  372.613709][T26856]  asm_exc_page_fault+0x1e/0x30
[  372.618569][T26856] RIP: 0010:clear_user+0x60/0xa0
[  372.623524][T26856] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  372.643619][T26856] RSP: 0018:ffffc9000f967de8 EFLAGS: 00010206
[  372.649671][T26856] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006a00
[  372.657769][T26856] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fdb000
[  372.665901][T26856] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  372.674182][T26856] R10: 0001c9000f967e47 R11: ffff88812e36c080 R12: 0000000001010000
[  372.682147][T26856] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  372.690125][T26856]  ? clear_user+0x36/0xa0
[  372.694465][T26856]  ? clear_user+0x48/0xa0
[  372.698792][T26856]  evdev_ioctl_handler+0x11ed/0x17e0
[  372.704181][T26856]  evdev_ioctl+0x20/0x30
[  372.708438][T26856]  ? evdev_poll+0x110/0x110
[  372.712937][T26856]  __se_sys_ioctl+0xcb/0x140
[  372.717674][T26856]  __x64_sys_ioctl+0x3f/0x50
[  372.722271][T26856]  do_syscall_64+0x4a/0x90
[  372.726782][T26856]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  372.732784][T26856] RIP: 0033:0x4665d9
[  372.736678][T26856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  372.756500][T26856] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  372.764915][T26856] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  372.773110][T26856] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  372.781176][T26856] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  372.789147][T26856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  372.797199][T26856] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:56 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c", 0x146}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:56 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xda000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x8000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:56 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7a, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:56 executing program 1 (fault-call:4 fault-nth:46):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:56 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc0000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  374.050670][T26888] loop5: detected capacity change from 0 to 16383
[  374.054022][T26892] FAULT_INJECTION: forcing a failure.
[  374.054022][T26892] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  374.060714][T26888] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  374.070646][T26892] CPU: 0 PID: 26892 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  374.089045][T26892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
17:22:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x9000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  374.099757][T26892] Call Trace:
[  374.103228][T26892]  dump_stack+0x137/0x19d
[  374.105385][T26889] loop3: detected capacity change from 0 to 264192
[  374.107738][T26892]  should_fail+0x23c/0x250
[  374.107763][T26892]  __alloc_pages+0x102/0x320
[  374.121446][T26889] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  374.123295][T26892]  alloc_pages_vma+0x391/0x660
[  374.123321][T26892]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  374.142614][T26892]  do_anonymous_page+0x16e/0x8b0
17:22:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xa000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  374.147653][T26892]  handle_mm_fault+0x96f/0x1a70
[  374.152635][T26892]  do_user_addr_fault+0x60c/0xc00
[  374.157869][T26892]  exc_page_fault+0x94/0x230
[  374.162577][T26892]  asm_exc_page_fault+0x1e/0x30
[  374.167715][T26892] RIP: 0010:clear_user+0x60/0xa0
[  374.172813][T26892] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  374.192789][T26892] RSP: 0018:ffffc9000f9fbde8 EFLAGS: 00010206
17:22:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xb000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  374.198859][T26892] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006800
[  374.206894][T26892] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fdc000
[  374.214909][T26892] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  374.222918][T26892] R10: 0001c9000f9fbe47 R11: ffff888108fdf040 R12: 0000000001010000
[  374.230975][T26892] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  374.239179][T26892]  ? clear_user+0x36/0xa0
[  374.243510][T26892]  ? clear_user+0x48/0xa0
[  374.247856][T26892]  evdev_ioctl_handler+0x11ed/0x17e0
[  374.253247][T26892]  evdev_ioctl+0x20/0x30
[  374.257514][T26892]  ? evdev_poll+0x110/0x110
[  374.262046][T26892]  __se_sys_ioctl+0xcb/0x140
[  374.266645][T26892]  __x64_sys_ioctl+0x3f/0x50
[  374.271237][T26892]  do_syscall_64+0x4a/0x90
[  374.275658][T26892]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  374.281688][T26892] RIP: 0033:0x4665d9
[  374.285575][T26892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  374.305202][T26892] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  374.313685][T26892] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  374.321662][T26892] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  374.331539][T26892] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  374.339704][T26892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
17:22:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xc000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:56 executing program 1 (fault-call:4 fault-nth:47):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  374.347698][T26892] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  374.400667][T26889] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  374.406695][T26931] FAULT_INJECTION: forcing a failure.
[  374.406695][T26931] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  374.412284][T26889] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  374.425709][T26931] CPU: 0 PID: 26931 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  374.440487][T26888] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  374.448954][T26931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  374.448967][T26931] Call Trace:
[  374.448973][T26931]  dump_stack+0x137/0x19d
[  374.460310][T26888] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  374.470458][T26931]  should_fail+0x23c/0x250
[  374.470484][T26931]  __alloc_pages+0x102/0x320
[  374.470500][T26931]  alloc_pages_vma+0x391/0x660
[  374.470518][T26931]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  374.512842][T26931]  do_anonymous_page+0x16e/0x8b0
[  374.517860][T26931]  handle_mm_fault+0x96f/0x1a70
[  374.522893][T26931]  do_user_addr_fault+0x60c/0xc00
[  374.527919][T26931]  exc_page_fault+0x94/0x230
[  374.532575][T26931]  asm_exc_page_fault+0x1e/0x30
[  374.537641][T26931] RIP: 0010:clear_user+0x60/0xa0
[  374.543094][T26931] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  374.563347][T26931] RSP: 0018:ffffc9000fa93de8 EFLAGS: 00010206
[  374.569720][T26931] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006600
[  374.577996][T26931] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fdd000
[  374.586017][T26931] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  374.594011][T26931] R10: 0001c9000fa93e47 R11: ffff88812e54b040 R12: 0000000001010000
[  374.602465][T26931] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  374.610447][T26931]  ? clear_user+0x36/0xa0
[  374.614783][T26931]  ? clear_user+0x48/0xa0
[  374.619183][T26931]  evdev_ioctl_handler+0x11ed/0x17e0
[  374.624485][T26931]  evdev_ioctl+0x20/0x30
[  374.628738][T26931]  ? evdev_poll+0x110/0x110
[  374.633575][T26931]  __se_sys_ioctl+0xcb/0x140
[  374.638245][T26931]  __x64_sys_ioctl+0x3f/0x50
[  374.643620][T26931]  do_syscall_64+0x4a/0x90
[  374.648150][T26931]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  374.654038][T26931] RIP: 0033:0x4665d9
[  374.657923][T26931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  374.677657][T26931] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  374.686136][T26931] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  374.694121][T26931] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:22:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xd000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  374.702094][T26931] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  374.710062][T26931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  374.718041][T26931] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:22:59 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc51", 0x149}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:22:59 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xdaffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:59 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfe, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:22:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xe000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:22:59 executing program 1 (fault-call:4 fault-nth:48):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:22:59 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc00e0000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  377.070213][T26963] validate_nla: 14 callbacks suppressed
[  377.070271][T26963] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  377.085583][T26965] loop5: detected capacity change from 0 to 16383
[  377.086433][T26967] FAULT_INJECTION: forcing a failure.
[  377.086433][T26967] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  377.097362][T26965] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  377.105422][T26967] CPU: 1 PID: 26967 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  377.115634][T26966] loop3: detected capacity change from 0 to 264192
[  377.123180][T26967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.136164][T26966] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  377.140098][T26967] Call Trace:
[  377.140106][T26967]  dump_stack+0x137/0x19d
[  377.140130][T26967]  should_fail+0x23c/0x250
[  377.140150][T26967]  __alloc_pages+0x102/0x320
[  377.140180][T26967]  alloc_pages_vma+0x391/0x660
[  377.140195][T26967]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  377.163664][T26963] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  377.166079][T26967]  do_anonymous_page+0x16e/0x8b0
[  377.189432][T26967]  handle_mm_fault+0x96f/0x1a70
[  377.194304][T26967]  do_user_addr_fault+0x60c/0xc00
[  377.199628][T26967]  exc_page_fault+0x94/0x230
[  377.204338][T26967]  asm_exc_page_fault+0x1e/0x30
[  377.209201][T26967] RIP: 0010:clear_user+0x60/0xa0
[  377.214340][T26967] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  377.234322][T26967] RSP: 0018:ffffc9000fb23de8 EFLAGS: 00010206
[  377.240453][T26967] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006400
[  377.248444][T26967] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fde000
[  377.256595][T26967] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  377.264572][T26967] R10: 0001c9000fb23e47 R11: ffff88812e7ba080 R12: 0000000001010000
[  377.272544][T26967] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  377.280585][T26967]  ? clear_user+0x36/0xa0
[  377.285132][T26967]  ? clear_user+0x48/0xa0
[  377.289517][T26967]  evdev_ioctl_handler+0x11ed/0x17e0
[  377.294812][T26967]  evdev_ioctl+0x20/0x30
[  377.299299][T26967]  ? evdev_poll+0x110/0x110
[  377.303840][T26967]  __se_sys_ioctl+0xcb/0x140
[  377.308516][T26967]  __x64_sys_ioctl+0x3f/0x50
[  377.313159][T26967]  do_syscall_64+0x4a/0x90
[  377.317577][T26967]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  377.323466][T26967] RIP: 0033:0x4665d9
[  377.327359][T26967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  377.348116][T26967] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  377.356741][T26967] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:22:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x10000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  377.365283][T26967] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  377.373845][T26967] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  377.381980][T26967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  377.389972][T26967] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  377.415690][T26965] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  377.424224][T26986] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  377.426836][T26965] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  377.437972][T26966] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:22:59 executing program 1 (fault-call:4 fault-nth:49):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  377.460862][T26966] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  377.479947][T26986] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  377.508489][T26997] FAULT_INJECTION: forcing a failure.
[  377.508489][T26997] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  377.521965][T26997] CPU: 1 PID: 26997 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  377.530736][T26997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.541139][T26997] Call Trace:
[  377.544425][T26997]  dump_stack+0x137/0x19d
[  377.548965][T26997]  should_fail+0x23c/0x250
[  377.553633][T26997]  __alloc_pages+0x102/0x320
[  377.558514][T26997]  alloc_pages_vma+0x391/0x660
[  377.563478][T26997]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  377.569225][T26997]  do_anonymous_page+0x16e/0x8b0
[  377.574252][T26997]  handle_mm_fault+0x96f/0x1a70
[  377.579365][T26997]  do_user_addr_fault+0x60c/0xc00
[  377.584513][T26997]  exc_page_fault+0x94/0x230
[  377.589328][T26997]  asm_exc_page_fault+0x1e/0x30
[  377.594307][T26997] RIP: 0010:clear_user+0x60/0xa0
[  377.599303][T26997] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  377.619029][T26997] RSP: 0018:ffffc9000fb53de8 EFLAGS: 00010206
[  377.625096][T26997] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006200
[  377.633069][T26997] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fdf000
[  377.641221][T26997] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  377.649186][T26997] R10: 0001c9000fb53e47 R11: ffff888107b64040 R12: 0000000001010000
[  377.657155][T26997] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  377.665213][T26997]  ? clear_user+0x36/0xa0
[  377.669555][T26997]  ? clear_user+0x48/0xa0
[  377.673885][T26997]  evdev_ioctl_handler+0x11ed/0x17e0
[  377.679165][T26997]  evdev_ioctl+0x20/0x30
[  377.683395][T26997]  ? evdev_poll+0x110/0x110
[  377.687897][T26997]  __se_sys_ioctl+0xcb/0x140
[  377.692541][T26997]  __x64_sys_ioctl+0x3f/0x50
[  377.697165][T26997]  do_syscall_64+0x4a/0x90
[  377.701588][T26997]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  377.707533][T26997] RIP: 0033:0x4665d9
[  377.711424][T26997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  377.731059][T26997] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  377.739580][T26997] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  377.747648][T26997] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  377.755916][T26997] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  377.763922][T26997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
17:22:59 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xe2ffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:00 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1ba, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:00 executing program 1 (fault-call:4 fault-nth:50):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x11000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  377.772075][T26997] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  377.830783][T27006] FAULT_INJECTION: forcing a failure.
[  377.830783][T27006] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  377.844687][T27006] CPU: 1 PID: 27006 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  377.853883][T27006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  377.864391][T27006] Call Trace:
[  377.867740][T27006]  dump_stack+0x137/0x19d
[  377.869191][T27014] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  377.872081][T27006]  should_fail+0x23c/0x250
[  377.872103][T27006]  __alloc_pages+0x102/0x320
[  377.887976][T27014] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  377.891138][T27006]  alloc_pages_vma+0x391/0x660
[  377.904507][T27006]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  377.910241][T27006]  do_anonymous_page+0x16e/0x8b0
[  377.915193][T27006]  handle_mm_fault+0x96f/0x1a70
[  377.920063][T27006]  do_user_addr_fault+0x60c/0xc00
[  377.925464][T27006]  exc_page_fault+0x94/0x230
[  377.930213][T27006]  asm_exc_page_fault+0x1e/0x30
[  377.935078][T27006] RIP: 0010:clear_user+0x60/0xa0
[  377.940016][T27006] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  377.959789][T27006] RSP: 0018:ffffc9000fae3de8 EFLAGS: 00010206
[  377.966014][T27006] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000006000
[  377.973987][T27006] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe0000
[  377.981954][T27006] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  377.989930][T27006] R10: 0001c9000fae3e47 R11: ffff888107b64040 R12: 0000000001010000
[  377.997998][T27006] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  378.005997][T27006]  ? clear_user+0x36/0xa0
[  378.010386][T27006]  ? clear_user+0x48/0xa0
[  378.015550][T27006]  evdev_ioctl_handler+0x11ed/0x17e0
[  378.020914][T27006]  evdev_ioctl+0x20/0x30
[  378.025528][T27006]  ? evdev_poll+0x110/0x110
[  378.030983][T27006]  __se_sys_ioctl+0xcb/0x140
[  378.035740][T27006]  __x64_sys_ioctl+0x3f/0x50
[  378.040319][T27006]  do_syscall_64+0x4a/0x90
[  378.044736][T27006]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  378.050902][T27006] RIP: 0033:0x4665d9
[  378.054848][T27006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  378.074883][T27006] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  378.084394][T27006] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  378.092553][T27006] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  378.100525][T27006] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  378.108516][T27006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  378.116491][T27006] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  378.131467][T27013] loop5: detected capacity change from 0 to 16383
[  378.155946][T27018] loop3: detected capacity change from 0 to 264192
[  378.179388][T27013] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  378.188689][T27018] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  378.227498][T27013] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  378.238734][T27013] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  378.258764][T27018] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  378.269843][T27018] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:02 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc51", 0x149}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x12000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:02 executing program 1 (fault-call:4 fault-nth:51):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1bb, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:02 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf0ffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:02 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xe03f0300, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  380.099840][T27049] FAULT_INJECTION: forcing a failure.
[  380.099840][T27049] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  380.106902][T27050] loop5: detected capacity change from 0 to 16383
[  380.113416][T27049] CPU: 0 PID: 27049 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  380.124483][T27050] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  380.128550][T27049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.128562][T27049] Call Trace:
[  380.128569][T27049]  dump_stack+0x137/0x19d
[  380.138300][T27051] loop3: detected capacity change from 0 to 264192
[  380.149213][T27049]  should_fail+0x23c/0x250
[  380.149239][T27049]  __alloc_pages+0x102/0x320
[  380.149256][T27049]  alloc_pages_vma+0x391/0x660
[  380.162737][T27051] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  380.163367][T27049]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  380.174534][T27053] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  380.177096][T27049]  do_anonymous_page+0x16e/0x8b0
[  380.177127][T27049]  handle_mm_fault+0x96f/0x1a70
[  380.209595][T27049]  do_user_addr_fault+0x60c/0xc00
[  380.214641][T27049]  exc_page_fault+0x94/0x230
[  380.219249][T27049]  asm_exc_page_fault+0x1e/0x30
[  380.220090][T27053] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  380.224104][T27049] RIP: 0010:clear_user+0x60/0xa0
17:23:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x16010000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  380.224128][T27049] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  380.257090][T27049] RSP: 0018:ffffc9000fc63de8 EFLAGS: 00010206
[  380.263249][T27049] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005e00
[  380.271250][T27049] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe1000
[  380.273527][T27068] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  380.279325][T27049] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
17:23:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x20000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  380.279340][T27049] R10: 0001c9000fc63e47 R11: ffff88812dcec000 R12: 0000000001010000
[  380.288889][T27068] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  380.295374][T27049] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  380.295417][T27049]  ? clear_user+0x36/0xa0
[  380.323711][T27049]  ? clear_user+0x48/0xa0
[  380.328048][T27049]  evdev_ioctl_handler+0x11ed/0x17e0
[  380.333339][T27049]  evdev_ioctl+0x20/0x30
[  380.337680][T27049]  ? evdev_poll+0x110/0x110
[  380.343241][T27049]  __se_sys_ioctl+0xcb/0x140
[  380.347940][T27049]  __x64_sys_ioctl+0x3f/0x50
[  380.353001][T27049]  do_syscall_64+0x4a/0x90
[  380.358321][T27049]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  380.364452][T27049] RIP: 0033:0x4665d9
[  380.368363][T27049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  380.388290][T27049] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.396707][T27049] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  380.404802][T27049] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  380.412769][T27049] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  380.420968][T27049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  380.428930][T27049] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x25000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  380.457220][T27050] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  380.468436][T27050] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  380.487141][T27051] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:23:02 executing program 1 (fault-call:4 fault-nth:52):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  380.498252][T27051] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  380.540107][T27086] FAULT_INJECTION: forcing a failure.
[  380.540107][T27086] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  380.553398][T27086] CPU: 0 PID: 27086 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  380.562417][T27086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.572584][T27086] Call Trace:
[  380.575863][T27086]  dump_stack+0x137/0x19d
[  380.580220][T27086]  should_fail+0x23c/0x250
[  380.584658][T27086]  __alloc_pages+0x102/0x320
[  380.589274][T27086]  alloc_pages_vma+0x391/0x660
[  380.594185][T27086]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  380.599728][T27086]  do_anonymous_page+0x16e/0x8b0
[  380.604694][T27086]  handle_mm_fault+0x96f/0x1a70
[  380.609548][T27086]  do_user_addr_fault+0x60c/0xc00
[  380.614600][T27086]  exc_page_fault+0x94/0x230
[  380.619479][T27086]  asm_exc_page_fault+0x1e/0x30
[  380.624348][T27086] RIP: 0010:clear_user+0x60/0xa0
[  380.629282][T27086] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  380.649175][T27086] RSP: 0018:ffffc9000fc93de8 EFLAGS: 00010206
[  380.655395][T27086] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005c00
[  380.663455][T27086] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe2000
[  380.671425][T27086] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  380.679396][T27086] R10: 0001c9000fc93e47 R11: ffff88812dcec000 R12: 0000000001010000
[  380.687366][T27086] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  380.696308][T27086]  ? clear_user+0x36/0xa0
[  380.700821][T27086]  ? clear_user+0x48/0xa0
[  380.705261][T27086]  evdev_ioctl_handler+0x11ed/0x17e0
[  380.710679][T27086]  evdev_ioctl+0x20/0x30
[  380.715014][T27086]  ? evdev_poll+0x110/0x110
[  380.719524][T27086]  __se_sys_ioctl+0xcb/0x140
[  380.724119][T27086]  __x64_sys_ioctl+0x3f/0x50
[  380.728715][T27086]  do_syscall_64+0x4a/0x90
[  380.733143][T27086]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  380.739148][T27086] RIP: 0033:0x4665d9
[  380.743139][T27086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  380.762744][T27086] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  380.771162][T27086] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  380.779132][T27086] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:23:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3a000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  380.787104][T27086] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  380.795073][T27086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  380.803036][T27086] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:03 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf5ffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  380.922292][T27108] loop3: detected capacity change from 0 to 264192
[  380.932844][T27108] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  380.980808][T27108] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  380.992090][T27108] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:05 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc51", 0x149}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:05 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1c8, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x48000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:05 executing program 1 (fault-call:4 fault-nth:53):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:05 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:05 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x7ffffffff000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  383.128308][T27133] FAULT_INJECTION: forcing a failure.
[  383.128308][T27133] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  383.141594][T27133] CPU: 0 PID: 27133 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  383.147282][T27137] validate_nla: 6 callbacks suppressed
[  383.147294][T27137] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  383.150556][T27133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  383.150570][T27133] Call Trace:
17:23:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4c000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  383.150577][T27133]  dump_stack+0x137/0x19d
[  383.159023][T27137] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  383.164246][T27133]  should_fail+0x23c/0x250
[  383.191065][T27134] loop5: detected capacity change from 0 to 16383
[  383.194422][T27133]  __alloc_pages+0x102/0x320
[  383.205403][T27133]  alloc_pages_vma+0x391/0x660
[  383.205561][T27134] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  383.210171][T27133]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  383.224717][T27133]  do_anonymous_page+0x16e/0x8b0
[  383.229683][T27133]  handle_mm_fault+0x96f/0x1a70
[  383.234536][T27133]  do_user_addr_fault+0x60c/0xc00
[  383.239608][T27133]  exc_page_fault+0x94/0x230
[  383.244229][T27133]  asm_exc_page_fault+0x1e/0x30
[  383.249083][T27133] RIP: 0010:clear_user+0x60/0xa0
[  383.254032][T27133] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  383.256325][T27152] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  383.273641][T27133] RSP: 0018:ffffc9000fdbfde8 EFLAGS: 00010206
[  383.273661][T27133] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005a00
[  383.273672][T27133] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe3000
[  383.273683][T27133] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  383.273694][T27133] R10: 0001c9000fdbfe47 R11: ffff88812e3b3040 R12: 0000000001010000
[  383.296393][T27136] loop3: detected capacity change from 0 to 264192
[  383.303776][T27133] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  383.303794][T27133]  ? clear_user+0x36/0xa0
[  383.338570][T27133]  ? clear_user+0x48/0xa0
[  383.342970][T27133]  evdev_ioctl_handler+0x11ed/0x17e0
[  383.343410][T27136] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  383.348395][T27133]  evdev_ioctl+0x20/0x30
[  383.348418][T27133]  ? evdev_poll+0x110/0x110
[  383.348433][T27133]  __se_sys_ioctl+0xcb/0x140
[  383.370787][T27133]  __x64_sys_ioctl+0x3f/0x50
[  383.375401][T27133]  do_syscall_64+0x4a/0x90
[  383.380011][T27133]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  383.388945][T27133] RIP: 0033:0x4665d9
[  383.392914][T27133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  383.415581][T27133] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  383.423995][T27133] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  383.431961][T27133] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  383.439921][T27133] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  383.447891][T27133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  383.456270][T27133] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x60000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:05 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1d0, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  383.476495][T27134] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  383.487728][T27134] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  383.494831][T27136] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  383.513614][T27136] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:05 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf9fdffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  383.572193][T27167] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  383.581515][T27167] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x68000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  383.642960][T27173] loop5: detected capacity change from 0 to 16383
[  383.655152][T27173] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  383.684341][T27182] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  383.696797][T27182] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:05 executing program 1 (fault-call:4 fault-nth:54):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  383.726811][T27173] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  383.738065][T27173] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  383.765906][T27186] loop3: detected capacity change from 0 to 264192
[  383.792662][T27186] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  383.812415][T27193] FAULT_INJECTION: forcing a failure.
[  383.812415][T27193] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  383.826050][T27193] CPU: 0 PID: 27193 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  383.834816][T27193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  383.845036][T27193] Call Trace:
[  383.848344][T27193]  dump_stack+0x137/0x19d
[  383.852783][T27193]  should_fail+0x23c/0x250
[  383.857287][T27193]  __alloc_pages+0x102/0x320
[  383.861902][T27193]  alloc_pages_vma+0x391/0x660
[  383.866694][T27193]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  383.872244][T27193]  do_anonymous_page+0x16e/0x8b0
[  383.877303][T27193]  handle_mm_fault+0x96f/0x1a70
[  383.882161][T27193]  do_user_addr_fault+0x60c/0xc00
[  383.887189][T27193]  exc_page_fault+0x94/0x230
[  383.891797][T27193]  asm_exc_page_fault+0x1e/0x30
[  383.896651][T27193] RIP: 0010:clear_user+0x60/0xa0
[  383.901577][T27193] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  383.921261][T27193] RSP: 0018:ffffc9000fdbfde8 EFLAGS: 00010206
[  383.927375][T27193] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005800
[  383.935595][T27193] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe4000
[  383.943560][T27193] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  383.951558][T27193] R10: 0001c9000fdbfe47 R11: ffff888107b64040 R12: 0000000001010000
[  383.959546][T27193] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  383.967570][T27193]  ? clear_user+0x36/0xa0
[  383.971906][T27193]  ? clear_user+0x48/0xa0
[  383.976244][T27193]  evdev_ioctl_handler+0x11ed/0x17e0
[  383.981545][T27193]  evdev_ioctl+0x20/0x30
[  383.985783][T27193]  ? evdev_poll+0x110/0x110
[  383.990551][T27193]  __se_sys_ioctl+0xcb/0x140
[  383.995205][T27193]  __x64_sys_ioctl+0x3f/0x50
[  383.999872][T27193]  do_syscall_64+0x4a/0x90
[  384.004284][T27193]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  384.010293][T27193] RIP: 0033:0x4665d9
[  384.014179][T27193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  384.034448][T27193] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  384.042863][T27193] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  384.050918][T27193] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  384.058882][T27193] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  384.066917][T27193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  384.074880][T27193] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  384.091312][T27186] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  384.102762][T27186] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:08 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114", 0x14a}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6c000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:08 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1f3, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:08 executing program 1 (fault-call:4 fault-nth:55):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:08 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfbffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:08 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf0ff7f00000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  386.131430][T27221] FAULT_INJECTION: forcing a failure.
[  386.131430][T27221] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  386.144716][T27221] CPU: 1 PID: 27221 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  386.150296][T27222] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  386.153610][T27221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  386.153624][T27221] Call Trace:
[  386.153631][T27221]  dump_stack+0x137/0x19d
[  386.162696][T27225] loop3: detected capacity change from 0 to 264192
[  386.171796][T27221]  should_fail+0x23c/0x250
[  386.171821][T27221]  __alloc_pages+0x102/0x320
[  386.171839][T27221]  alloc_pages_vma+0x391/0x660
[  386.179511][T27225] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  386.179608][T27221]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  386.187150][T27226] loop5: detected capacity change from 0 to 16383
[  386.190600][T27221]  do_anonymous_page+0x16e/0x8b0
[  386.190630][T27221]  handle_mm_fault+0x96f/0x1a70
[  386.196206][T27222] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  386.200001][T27221]  do_user_addr_fault+0x60c/0xc00
[  386.200023][T27221]  exc_page_fault+0x94/0x230
[  386.213049][T27226] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  386.214809][T27221]  asm_exc_page_fault+0x1e/0x30
[  386.214834][T27221] RIP: 0010:clear_user+0x60/0xa0
17:23:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x74000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x7a000000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  386.267490][T27221] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  386.287131][T27221] RSP: 0018:ffffc9000ff17de8 EFLAGS: 00010206
[  386.293209][T27221] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005600
[  386.293472][T27244] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  386.301379][T27221] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe5000
[  386.301396][T27221] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  386.301407][T27221] R10: 0001c9000ff17e47 R11: ffff88812e7fd080 R12: 0000000001010000
[  386.301417][T27221] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  386.301431][T27221]  ? clear_user+0x36/0xa0
[  386.346131][T27221]  ? clear_user+0x48/0xa0
[  386.350569][T27221]  evdev_ioctl_handler+0x11ed/0x17e0
[  386.355973][T27221]  evdev_ioctl+0x20/0x30
[  386.360237][T27221]  ? evdev_poll+0x110/0x110
[  386.364888][T27221]  __se_sys_ioctl+0xcb/0x140
[  386.369584][T27221]  __x64_sys_ioctl+0x3f/0x50
[  386.374171][T27221]  do_syscall_64+0x4a/0x90
[  386.378628][T27221]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  386.384579][T27221] RIP: 0033:0x4665d9
[  386.388494][T27221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  386.408107][T27221] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  386.416518][T27221] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  386.424505][T27221] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  386.432492][T27221] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  386.440462][T27221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  386.448516][T27221] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x9effffff}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:08 executing program 1 (fault-call:4 fault-nth:56):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  386.474868][T27225] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  386.486000][T27225] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  386.507179][T27226] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  386.518277][T27226] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  386.555744][T27262] FAULT_INJECTION: forcing a failure.
[  386.555744][T27262] name fail_page_alloc, interval 1, probability 0, space 0, times 0
17:23:08 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfdfdffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:08 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1f4, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  386.569009][T27262] CPU: 1 PID: 27262 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  386.577815][T27262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  386.587977][T27262] Call Trace:
[  386.591274][T27262]  dump_stack+0x137/0x19d
[  386.595717][T27262]  should_fail+0x23c/0x250
[  386.600258][T27262]  __alloc_pages+0x102/0x320
[  386.604860][T27262]  alloc_pages_vma+0x391/0x660
[  386.609622][T27262]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  386.615319][T27262]  do_anonymous_page+0x16e/0x8b0
[  386.620337][T27262]  handle_mm_fault+0x96f/0x1a70
[  386.625188][T27262]  do_user_addr_fault+0x60c/0xc00
[  386.630363][T27262]  exc_page_fault+0x94/0x230
[  386.634962][T27262]  asm_exc_page_fault+0x1e/0x30
[  386.645637][T27262] RIP: 0010:clear_user+0x60/0xa0
[  386.650598][T27262] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  386.670380][T27262] RSP: 0018:ffffc9000ffdbde8 EFLAGS: 00010206
[  386.676466][T27262] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005400
[  386.684439][T27262] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe6000
[  386.692405][T27262] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  386.700766][T27262] R10: 0001c9000ffdbe47 R11: ffff888107b64040 R12: 0000000001010000
[  386.708732][T27262] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  386.716759][T27262]  ? clear_user+0x36/0xa0
[  386.721180][T27262]  ? clear_user+0x48/0xa0
[  386.725509][T27262]  evdev_ioctl_handler+0x11ed/0x17e0
[  386.730797][T27262]  evdev_ioctl+0x20/0x30
[  386.735058][T27262]  ? evdev_poll+0x110/0x110
[  386.739559][T27262]  __se_sys_ioctl+0xcb/0x140
[  386.744218][T27262]  __x64_sys_ioctl+0x3f/0x50
[  386.748829][T27262]  do_syscall_64+0x4a/0x90
[  386.753326][T27262]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  386.759245][T27262] RIP: 0033:0x4665d9
[  386.763244][T27262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  386.783020][T27262] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  386.791680][T27262] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  386.799647][T27262] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  386.807664][T27262] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  386.815639][T27262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  386.823685][T27262] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  386.893732][T27271] loop5: detected capacity change from 0 to 16383
[  386.902728][T27267] loop3: detected capacity change from 0 to 264192
[  386.914979][T27267] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  386.915947][T27271] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  386.939676][T27267] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  386.950956][T27267] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  386.974641][T27271] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  386.985810][T27271] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:11 executing program 1 (fault-call:4 fault-nth:57):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:11 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114", 0x14a}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:11 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfeffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:11 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1f5, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:11 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf0ffffff7f0000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xefffffff}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  389.164239][T27304] loop5: detected capacity change from 0 to 16383
[  389.172816][T27304] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  389.180737][T27316] FAULT_INJECTION: forcing a failure.
[  389.180737][T27316] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  389.189483][T27314] validate_nla: 5 callbacks suppressed
[  389.189496][T27314] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.195300][T27316] CPU: 0 PID: 27316 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  389.208249][T27307] loop3: detected capacity change from 0 to 264192
[  389.208821][T27316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  389.208838][T27316] Call Trace:
[  389.208844][T27316]  dump_stack+0x137/0x19d
[  389.220030][T27307] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  389.224333][T27316]  should_fail+0x23c/0x250
[  389.224357][T27316]  __alloc_pages+0x102/0x320
17:23:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xf0ffffff}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  389.224427][T27316]  alloc_pages_vma+0x391/0x660
[  389.237601][T27314] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.237946][T27316]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  389.278911][T27316]  do_anonymous_page+0x16e/0x8b0
[  389.284000][T27316]  handle_mm_fault+0x96f/0x1a70
[  389.288868][T27316]  ? __switch_to+0x14e/0x4b0
[  389.292073][T27304] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  389.293831][T27316]  do_user_addr_fault+0x60c/0xc00
[  389.304909][T27304] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  389.309870][T27316]  exc_page_fault+0x94/0x230
[  389.328834][T27316]  asm_exc_page_fault+0x1e/0x30
[  389.333767][T27316] RIP: 0010:clear_user+0x60/0xa0
[  389.338726][T27316] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  389.339181][T27328] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.358727][T27316] RSP: 0018:ffffc900100bfde8 EFLAGS: 00010206
[  389.358747][T27316] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005200
[  389.358758][T27316] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe7000
[  389.358769][T27316] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  389.358779][T27316] R10: 0001c900100bfe47 R11: ffff88812df16000 R12: 0000000001010000
[  389.358789][T27316] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
17:23:11 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1f6, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:11 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xff0f0000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  389.358805][T27316]  ? clear_user+0x36/0xa0
[  389.376456][T27307] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  389.381032][T27316]  ? clear_user+0x48/0xa0
[  389.381055][T27316]  evdev_ioctl_handler+0x11ed/0x17e0
[  389.389057][T27307] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  389.397009][T27316]  evdev_ioctl+0x20/0x30
[  389.397029][T27316]  ? evdev_poll+0x110/0x110
[  389.397044][T27316]  __se_sys_ioctl+0xcb/0x140
[  389.466028][T27316]  __x64_sys_ioctl+0x3f/0x50
[  389.470706][T27316]  do_syscall_64+0x4a/0x90
[  389.475190][T27316]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  389.481223][T27316] RIP: 0033:0x4665d9
[  389.485203][T27316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  389.505099][T27316] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
17:23:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffffe000}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  389.514822][T27316] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  389.522912][T27316] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  389.530945][T27316] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  389.538912][T27316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  389.546958][T27316] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:11 executing program 1 (fault-call:4 fault-nth:58):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  389.583195][T27340] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.614443][T27346] FAULT_INJECTION: forcing a failure.
[  389.614443][T27346] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  389.622222][T27340] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.627928][T27346] CPU: 1 PID: 27346 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  389.644718][T27346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  389.655047][T27346] Call Trace:
[  389.658402][T27346]  dump_stack+0x137/0x19d
[  389.662750][T27346]  should_fail+0x23c/0x250
[  389.667164][T27346]  __alloc_pages+0x102/0x320
[  389.671807][T27346]  alloc_pages_vma+0x391/0x660
[  389.676560][T27346]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  389.682136][T27346]  do_anonymous_page+0x16e/0x8b0
[  389.687163][T27346]  handle_mm_fault+0x96f/0x1a70
[  389.692034][T27346]  ? __list_del_entry_valid+0x54/0xc0
[  389.697626][T27346]  ? __switch_to+0x14e/0x4b0
[  389.702222][T27346]  do_user_addr_fault+0x60c/0xc00
[  389.707243][T27346]  exc_page_fault+0x94/0x230
[  389.711840][T27346]  asm_exc_page_fault+0x1e/0x30
[  389.716707][T27346] RIP: 0010:clear_user+0x60/0xa0
[  389.721647][T27346] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  389.741501][T27346] RSP: 0018:ffffc90010107de8 EFLAGS: 00010206
[  389.747660][T27346] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000005000
[  389.755656][T27346] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe8000
[  389.763746][T27346] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  389.771820][T27346] R10: 0001c90010107e47 R11: ffff88812f439040 R12: 0000000001010000
[  389.779811][T27346] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  389.787831][T27346]  ? clear_user+0x36/0xa0
[  389.792211][T27346]  ? clear_user+0x48/0xa0
[  389.796595][T27346]  evdev_ioctl_handler+0x11ed/0x17e0
[  389.801890][T27346]  evdev_ioctl+0x20/0x30
[  389.806132][T27346]  ? evdev_poll+0x110/0x110
[  389.810627][T27346]  __se_sys_ioctl+0xcb/0x140
[  389.815343][T27346]  __x64_sys_ioctl+0x3f/0x50
[  389.820020][T27346]  do_syscall_64+0x4a/0x90
[  389.824434][T27346]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  389.830518][T27346] RIP: 0033:0x4665d9
[  389.834526][T27346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  389.854174][T27346] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  389.862688][T27346] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  389.870668][T27346] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:23:12 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffffff7f}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  389.878635][T27346] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  389.886715][T27346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  389.895290][T27346] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  389.919201][T27349] loop3: detected capacity change from 0 to 264192
[  389.926195][T27348] loop5: detected capacity change from 0 to 16383
17:23:12 executing program 1 (fault-call:4 fault-nth:59):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  389.935866][T27356] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.944910][T27349] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  389.954777][T27348] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  389.965075][T27356] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  389.999973][T27349] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  390.011094][T27349] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  390.026222][T27348] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  390.031192][T27372] FAULT_INJECTION: forcing a failure.
[  390.031192][T27372] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  390.037395][T27348] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  390.065199][T27372] CPU: 1 PID: 27372 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  390.074105][T27372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  390.084260][T27372] Call Trace:
[  390.087913][T27372]  dump_stack+0x137/0x19d
[  390.092264][T27372]  should_fail+0x23c/0x250
[  390.096689][T27372]  __alloc_pages+0x102/0x320
[  390.101363][T27372]  alloc_pages_vma+0x391/0x660
[  390.106179][T27372]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  390.111747][T27372]  do_anonymous_page+0x16e/0x8b0
[  390.116820][T27372]  handle_mm_fault+0x96f/0x1a70
[  390.121947][T27372]  do_user_addr_fault+0x60c/0xc00
[  390.127038][T27372]  exc_page_fault+0x94/0x230
[  390.131697][T27372]  asm_exc_page_fault+0x1e/0x30
[  390.136657][T27372] RIP: 0010:clear_user+0x60/0xa0
[  390.141633][T27372] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  390.161319][T27372] RSP: 0018:ffffc9001017fde8 EFLAGS: 00010206
[  390.167385][T27372] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004e00
[  390.175416][T27372] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fe9000
[  390.183380][T27372] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  390.191510][T27372] R10: 0001c9001017fe47 R11: ffff88812dd30080 R12: 0000000001010000
[  390.199505][T27372] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  390.207465][T27372]  ? clear_user+0x36/0xa0
[  390.211798][T27372]  ? clear_user+0x48/0xa0
[  390.216126][T27372]  evdev_ioctl_handler+0x11ed/0x17e0
[  390.221406][T27372]  evdev_ioctl+0x20/0x30
[  390.225832][T27372]  ? evdev_poll+0x110/0x110
[  390.230333][T27372]  __se_sys_ioctl+0xcb/0x140
[  390.234969][T27372]  __x64_sys_ioctl+0x3f/0x50
[  390.239560][T27372]  do_syscall_64+0x4a/0x90
[  390.244002][T27372]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  390.250070][T27372] RIP: 0033:0x4665d9
[  390.253966][T27372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  390.273798][T27372] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  390.282288][T27372] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  390.290300][T27372] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  390.298441][T27372] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  390.306400][T27372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  390.314531][T27372] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:14 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114", 0x14a}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffffff9e}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:14 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xff1f0000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1f9, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:14 executing program 1 (fault-call:4 fault-nth:60):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:14 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  392.174969][T27388] loop3: detected capacity change from 0 to 264192
[  392.187012][T27388] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  392.207558][T27397] FAULT_INJECTION: forcing a failure.
[  392.207558][T27397] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  392.210057][T27403] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  392.220824][T27397] CPU: 0 PID: 27397 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  392.231140][T27403] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  392.237714][T27397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.256342][T27397] Call Trace:
[  392.259625][T27397]  dump_stack+0x137/0x19d
[  392.263966][T27397]  should_fail+0x23c/0x250
[  392.268380][T27397]  __alloc_pages+0x102/0x320
[  392.272967][T27397]  alloc_pages_vma+0x391/0x660
[  392.276149][T27400] loop5: detected capacity change from 0 to 16383
[  392.277743][T27397]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  392.289688][T27397]  do_anonymous_page+0x16e/0x8b0
[  392.294712][T27397]  handle_mm_fault+0x96f/0x1a70
[  392.297510][T27400] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  392.299571][T27397]  ? __switch_to+0x14e/0x4b0
[  392.299597][T27397]  do_user_addr_fault+0x60c/0xc00
[  392.318369][T27397]  exc_page_fault+0x94/0x230
17:23:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffffffef}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  392.323088][T27397]  asm_exc_page_fault+0x1e/0x30
[  392.327963][T27397] RIP: 0010:clear_user+0x60/0xa0
[  392.332906][T27397] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  392.356142][T27397] RSP: 0018:ffffc900101efde8 EFLAGS: 00010206
[  392.362275][T27397] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004c00
[  392.370421][T27397] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fea000
[  392.378563][T27397] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  392.386603][T27397] R10: 0001c900101efe47 R11: 000188810036f000 R12: 0000000001010000
[  392.394620][T27397] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  392.404652][T27397]  ? clear_user+0x36/0xa0
[  392.409001][T27397]  ? clear_user+0x48/0xa0
[  392.413417][T27397]  evdev_ioctl_handler+0x11ed/0x17e0
[  392.418801][T27397]  evdev_ioctl+0x20/0x30
[  392.423062][T27397]  ? evdev_poll+0x110/0x110
[  392.427578][T27397]  __se_sys_ioctl+0xcb/0x140
[  392.432164][T27397]  __x64_sys_ioctl+0x3f/0x50
[  392.436799][T27397]  do_syscall_64+0x4a/0x90
[  392.441220][T27397]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  392.447166][T27397] RIP: 0033:0x4665d9
[  392.451053][T27397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  392.453810][T27417] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  392.470660][T27397] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  392.470684][T27397] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  392.470695][T27397] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  392.470706][T27397] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  392.511378][T27397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  392.519347][T27397] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  392.528560][T27388] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  392.539840][T27388] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:14 executing program 1 (fault-call:4 fault-nth:61):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xfffffff0}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  392.569330][T27400] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  392.580438][T27400] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x4, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  392.631145][T27426] FAULT_INJECTION: forcing a failure.
[  392.631145][T27426] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  392.645224][T27426] CPU: 0 PID: 27426 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  392.654040][T27426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.664111][T27426] Call Trace:
[  392.667417][T27426]  dump_stack+0x137/0x19d
[  392.671937][T27426]  should_fail+0x23c/0x250
[  392.676409][T27426]  __alloc_pages+0x102/0x320
[  392.681600][T27426]  alloc_pages_vma+0x391/0x660
[  392.686682][T27426]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  392.692325][T27426]  do_anonymous_page+0x16e/0x8b0
[  392.697259][T27426]  handle_mm_fault+0x96f/0x1a70
[  392.702186][T27426]  do_user_addr_fault+0x60c/0xc00
[  392.707250][T27426]  exc_page_fault+0x94/0x230
[  392.711928][T27426]  asm_exc_page_fault+0x1e/0x30
[  392.716799][T27426] RIP: 0010:clear_user+0x60/0xa0
[  392.721741][T27426] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  392.741413][T27426] RSP: 0018:ffffc900101afde8 EFLAGS: 00010206
[  392.747515][T27426] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004a00
[  392.755577][T27426] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000feb000
[  392.763923][T27426] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  392.771890][T27426] R10: 0001c900101afe47 R11: ffff888106d06080 R12: 0000000001010000
[  392.779853][T27426] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  392.787882][T27426]  ? clear_user+0x36/0xa0
[  392.792386][T27426]  ? clear_user+0x48/0xa0
[  392.796920][T27426]  evdev_ioctl_handler+0x11ed/0x17e0
[  392.802292][T27426]  evdev_ioctl+0x20/0x30
[  392.806543][T27426]  ? evdev_poll+0x110/0x110
[  392.811032][T27426]  __se_sys_ioctl+0xcb/0x140
[  392.815737][T27426]  __x64_sys_ioctl+0x3f/0x50
[  392.820418][T27426]  do_syscall_64+0x4a/0x90
[  392.824983][T27426]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  392.830919][T27426] RIP: 0033:0x4665d9
[  392.834807][T27426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  392.854786][T27426] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  392.863258][T27426] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  392.871276][T27426] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:23:15 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x8, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  392.879341][T27426] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  392.887456][T27426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  392.895419][T27426] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  392.910344][T27435] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  392.920933][T27435] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:23:15 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffbffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  392.952991][T27441] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  392.962838][T27441] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  392.980911][T27441] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  393.001112][T27441] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  393.051621][T27451] loop3: detected capacity change from 0 to 264192
[  393.084661][T27451] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  393.132518][T27451] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  393.143697][T27451] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:17 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:17 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1fa, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:17 executing program 1 (fault-call:4 fault-nth:62):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x19, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:17 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffff0300, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:17 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xf00000000000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  395.235930][T27476] loop3: detected capacity change from 0 to 264192
[  395.242755][T27477] loop5: detected capacity change from 0 to 16383
[  395.244240][T27475] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  395.258673][T27477] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  395.266725][T27475] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  395.269165][T27478] FAULT_INJECTION: forcing a failure.
[  395.269165][T27478] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  395.277327][T27476] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  395.290523][T27478] CPU: 1 PID: 27478 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  395.308373][T27478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  395.318605][T27478] Call Trace:
[  395.321960][T27478]  dump_stack+0x137/0x19d
[  395.326302][T27478]  should_fail+0x23c/0x250
[  395.330731][T27478]  __alloc_pages+0x102/0x320
17:23:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x29, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:17 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  395.335533][T27478]  alloc_pages_vma+0x391/0x660
[  395.340305][T27478]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  395.346053][T27478]  do_anonymous_page+0x16e/0x8b0
[  395.350997][T27478]  handle_mm_fault+0x96f/0x1a70
[  395.355988][T27478]  do_user_addr_fault+0x60c/0xc00
[  395.361228][T27478]  exc_page_fault+0x94/0x230
[  395.365819][T27478]  asm_exc_page_fault+0x1e/0x30
[  395.370792][T27478] RIP: 0010:clear_user+0x60/0xa0
[  395.375761][T27478] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  395.388232][T27499] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  395.395571][T27478] RSP: 0018:ffffc9001033fde8 EFLAGS: 00010206
[  395.395590][T27478] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004800
[  395.395601][T27478] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fec000
[  395.395613][T27478] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
17:23:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0x19, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  395.423876][T27499] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  395.427045][T27478] R10: 0001c9001033fe47 R11: ffff88812e3f8040 R12: 0000000001010000
[  395.427061][T27478] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  395.427075][T27478]  ? clear_user+0x36/0xa0
[  395.464670][T27478]  ? clear_user+0x48/0xa0
[  395.468993][T27478]  evdev_ioctl_handler+0x11ed/0x17e0
[  395.474310][T27478]  evdev_ioctl+0x20/0x30
[  395.478584][T27478]  ? evdev_poll+0x110/0x110
[  395.483095][T27478]  __se_sys_ioctl+0xcb/0x140
[  395.487816][T27478]  __x64_sys_ioctl+0x3f/0x50
[  395.492414][T27478]  do_syscall_64+0x4a/0x90
[  395.496838][T27478]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  395.502738][T27478] RIP: 0033:0x4665d9
[  395.506715][T27478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  395.526625][T27478] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
17:23:17 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  395.535035][T27478] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  395.543099][T27478] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  395.551405][T27478] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  395.559438][T27478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  395.567402][T27478] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:17 executing program 1 (fault-call:4 fault-nth:63):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  395.605418][T27476] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  395.616595][T27476] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  395.619102][T27477] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  395.642182][T27477] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  395.642526][T27519] FAULT_INJECTION: forcing a failure.
[  395.642526][T27519] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  395.670234][T27519] CPU: 0 PID: 27519 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  395.679008][T27519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  395.689091][T27519] Call Trace:
[  395.692373][T27519]  dump_stack+0x137/0x19d
[  395.696767][T27519]  should_fail+0x23c/0x250
[  395.701320][T27519]  __alloc_pages+0x102/0x320
17:23:17 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1fb, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:17 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffff1f00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  395.705935][T27519]  alloc_pages_vma+0x391/0x660
[  395.710730][T27519]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  395.716287][T27519]  do_anonymous_page+0x16e/0x8b0
[  395.721306][T27519]  handle_mm_fault+0x96f/0x1a70
[  395.726160][T27519]  do_user_addr_fault+0x60c/0xc00
[  395.731197][T27519]  exc_page_fault+0x94/0x230
[  395.735894][T27519]  asm_exc_page_fault+0x1e/0x30
[  395.740747][T27519] RIP: 0010:clear_user+0x60/0xa0
[  395.745772][T27519] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  395.765541][T27519] RSP: 0018:ffffc90010413de8 EFLAGS: 00010206
[  395.771679][T27519] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004600
[  395.779673][T27519] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fed000
[  395.787680][T27519] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  395.795745][T27519] R10: 0001c90010413e47 R11: ffff88812e4b1000 R12: 0000000001010000
[  395.804004][T27519] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  395.811987][T27519]  ? clear_user+0x36/0xa0
[  395.816320][T27519]  ? clear_user+0x48/0xa0
[  395.820645][T27519]  evdev_ioctl_handler+0x11ed/0x17e0
[  395.826148][T27519]  evdev_ioctl+0x20/0x30
[  395.830468][T27519]  ? evdev_poll+0x110/0x110
[  395.835231][T27519]  __se_sys_ioctl+0xcb/0x140
[  395.839834][T27519]  __x64_sys_ioctl+0x3f/0x50
[  395.844419][T27519]  do_syscall_64+0x4a/0x90
[  395.848955][T27519]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  395.854876][T27519] RIP: 0033:0x4665d9
[  395.858760][T27519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  395.878619][T27519] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  395.887203][T27519] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  395.895172][T27519] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  395.898581][T27532] validate_nla: 5 callbacks suppressed
[  395.898593][T27532] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  395.903152][T27519] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  395.903165][T27519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  395.903174][T27519] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:18 executing program 1 (fault-call:4 fault-nth:64):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  395.966932][T27532] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  396.001761][T27538] FAULT_INJECTION: forcing a failure.
[  396.001761][T27538] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  396.015059][T27538] CPU: 0 PID: 27538 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  396.023935][T27538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  396.025100][T27545] loop5: detected capacity change from 0 to 16383
[  396.033997][T27538] Call Trace:
[  396.034008][T27538]  dump_stack+0x137/0x19d
[  396.047722][T27545] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  396.048142][T27538]  should_fail+0x23c/0x250
[  396.061583][T27538]  __alloc_pages+0x102/0x320
[  396.066174][T27538]  alloc_pages_vma+0x391/0x660
[  396.070991][T27538]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  396.076586][T27538]  do_anonymous_page+0x16e/0x8b0
[  396.081551][T27538]  handle_mm_fault+0x96f/0x1a70
[  396.086411][T27538]  do_user_addr_fault+0x60c/0xc00
[  396.091455][T27538]  exc_page_fault+0x94/0x230
[  396.096059][T27538]  asm_exc_page_fault+0x1e/0x30
[  396.100921][T27538] RIP: 0010:clear_user+0x60/0xa0
[  396.105862][T27538] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  396.125475][T27538] RSP: 0018:ffffc90010453de8 EFLAGS: 00010206
[  396.131604][T27538] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004400
[  396.139569][T27538] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fee000
[  396.147539][T27538] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  396.155552][T27538] R10: 0001c90010453e47 R11: ffff888106c84080 R12: 0000000001010000
17:23:18 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x0, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  396.163575][T27538] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  396.171560][T27538]  ? clear_user+0x36/0xa0
[  396.175893][T27538]  ? clear_user+0x48/0xa0
[  396.180243][T27538]  evdev_ioctl_handler+0x11ed/0x17e0
[  396.185529][T27538]  evdev_ioctl+0x20/0x30
[  396.189811][T27538]  ? evdev_poll+0x110/0x110
[  396.194318][T27538]  __se_sys_ioctl+0xcb/0x140
[  396.198998][T27538]  __x64_sys_ioctl+0x3f/0x50
[  396.203760][T27538]  do_syscall_64+0x4a/0x90
[  396.208247][T27538]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  396.214249][T27538] RIP: 0033:0x4665d9
[  396.218136][T27538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  396.221827][T27545] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  396.237959][T27538] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  396.237983][T27538] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  396.237994][T27538] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  396.238004][T27538] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  396.238014][T27538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  396.238026][T27538] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  396.249364][T27545] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:18 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1fe, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  396.272720][T27561] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  396.321364][T27551] loop3: detected capacity change from 0 to 264192
[  396.331045][T27551] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  396.345860][T27561] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  396.379817][T27551] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  396.391231][T27551] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  396.437031][T27574] loop5: detected capacity change from 0 to 16383
[  396.445990][T27574] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  396.465163][T27574] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  396.476243][T27574] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:18 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc000000000000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:18 executing program 1 (fault-call:4 fault-nth:65):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:18 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x3, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:18 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffe000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  396.771214][T27591] loop3: detected capacity change from 0 to 264192
[  396.778037][T27597] FAULT_INJECTION: forcing a failure.
[  396.778037][T27597] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  396.791310][T27597] CPU: 1 PID: 27597 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  396.800130][T27597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  396.803604][T27591] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  396.810184][T27597] Call Trace:
[  396.810201][T27597]  dump_stack+0x137/0x19d
[  396.826928][T27597]  should_fail+0x23c/0x250
[  396.831354][T27597]  __alloc_pages+0x102/0x320
[  396.836012][T27597]  alloc_pages_vma+0x391/0x660
[  396.840800][T27597]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  396.846436][T27597]  do_anonymous_page+0x16e/0x8b0
[  396.851704][T27597]  ? sync_mm_rss+0x136/0x150
[  396.856282][T27597]  handle_mm_fault+0x96f/0x1a70
[  396.861123][T27597]  ? __switch_to+0x14e/0x4b0
[  396.866078][T27597]  do_user_addr_fault+0x60c/0xc00
[  396.872585][T27597]  exc_page_fault+0x94/0x230
[  396.877376][T27597]  asm_exc_page_fault+0x1e/0x30
[  396.882464][T27597] RIP: 0010:clear_user+0x60/0xa0
[  396.887394][T27597] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  396.907991][T27597] RSP: 0018:ffffc9001053bde8 EFLAGS: 00010206
[  396.914066][T27597] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004200
[  396.922249][T27597] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fef000
[  396.930802][T27597] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  396.938864][T27597] R10: 0001c9001053be47 R11: ffff88812e3b3040 R12: 0000000001010000
[  396.946821][T27597] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  396.954842][T27597]  ? clear_user+0x36/0xa0
[  396.959271][T27597]  ? clear_user+0x48/0xa0
[  396.963593][T27597]  evdev_ioctl_handler+0x11ed/0x17e0
[  396.968954][T27597]  evdev_ioctl+0x20/0x30
[  396.973190][T27597]  ? evdev_poll+0x110/0x110
[  396.977702][T27597]  __se_sys_ioctl+0xcb/0x140
[  396.982409][T27597]  __x64_sys_ioctl+0x3f/0x50
[  396.987026][T27597]  do_syscall_64+0x4a/0x90
[  396.991428][T27597]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  396.997393][T27597] RIP: 0033:0x4665d9
[  397.001334][T27597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  397.021155][T27597] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  397.029551][T27597] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  397.037688][T27597] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  397.046134][T27597] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  397.054459][T27597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  397.062677][T27597] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  397.087543][T27591] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  397.098735][T27591] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:20 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:20 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x202, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x4, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:20 executing program 1 (fault-call:4 fault-nth:66):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:20 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffbff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:20 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xc00e000000000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  398.636115][T27632] FAULT_INJECTION: forcing a failure.
[  398.636115][T27632] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.636493][T27627] loop5: detected capacity change from 0 to 16383
[  398.650193][T27632] CPU: 1 PID: 27632 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  398.663156][T27628] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  398.665445][T27632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  398.665458][T27632] Call Trace:
[  398.665464][T27632]  dump_stack+0x137/0x19d
[  398.665488][T27632]  should_fail+0x23c/0x250
[  398.681001][T27628] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  398.684021][T27632]  __alloc_pages+0x102/0x320
[  398.684047][T27632]  alloc_pages_vma+0x391/0x660
[  398.684065][T27632]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  398.684084][T27632]  do_anonymous_page+0x16e/0x8b0
[  398.684103][T27632]  handle_mm_fault+0x96f/0x1a70
[  398.684147][T27632]  do_user_addr_fault+0x60c/0xc00
[  398.684162][T27632]  exc_page_fault+0x94/0x230
[  398.735582][T27643] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  398.739009][T27632]  asm_exc_page_fault+0x1e/0x30
[  398.739036][T27632] RIP: 0010:clear_user+0x60/0xa0
[  398.739054][T27632] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  398.748337][T27643] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  398.752124][T27632] RSP: 0018:ffffc900105d7de8 EFLAGS: 00010206
[  398.752143][T27632] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000004000
[  398.752155][T27632] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff0000
[  398.807256][T27632] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  398.815672][T27632] R10: 0001c900105d7e47 R11: ffff888106cda040 R12: 0000000001010000
[  398.823667][T27632] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  398.830662][T27648] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  398.831642][T27632]  ? clear_user+0x36/0xa0
[  398.831668][T27632]  ? clear_user+0x48/0xa0
[  398.848944][T27632]  evdev_ioctl_handler+0x11ed/0x17e0
[  398.854243][T27632]  evdev_ioctl+0x20/0x30
[  398.858699][T27632]  ? evdev_poll+0x110/0x110
[  398.863208][T27632]  __se_sys_ioctl+0xcb/0x140
[  398.866168][T27648] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  398.867914][T27632]  __x64_sys_ioctl+0x3f/0x50
[  398.867939][T27632]  do_syscall_64+0x4a/0x90
[  398.885154][T27632]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  398.891087][T27632] RIP: 0033:0x4665d9
[  398.894981][T27632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  398.914589][T27632] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  398.923024][T27632] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:23:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x5, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x6, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x9, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0xa, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  398.931148][T27632] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  398.939392][T27632] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  398.947365][T27632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  398.955422][T27632] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  398.965730][T27627] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  398.974867][T27633] loop3: detected capacity change from 0 to 264192
17:23:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0xb, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  399.020968][T27633] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  399.040245][T27627] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  399.051456][T27627] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:21 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x204, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  399.095338][T27633] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  399.106534][T27633] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  399.212649][T27681] loop5: detected capacity change from 0 to 16383
[  399.248702][T27681] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  399.294825][T27681] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  399.306274][T27681] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:23 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0xc, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:23 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdf9, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:23 executing program 1 (fault-call:4 fault-nth:67):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:23 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x205, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:23 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0xe03f030000000000, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  401.662095][T27706] FAULT_INJECTION: forcing a failure.
[  401.662095][T27706] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  401.675424][T27706] CPU: 0 PID: 27706 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  401.684370][T27706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  401.687774][T27708] validate_nla: 12 callbacks suppressed
[  401.687787][T27708] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  401.694545][T27706] Call Trace:
[  401.694554][T27706]  dump_stack+0x137/0x19d
[  401.694578][T27706]  should_fail+0x23c/0x250
[  401.700191][T27708] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  401.708328][T27706]  __alloc_pages+0x102/0x320
[  401.708417][T27706]  alloc_pages_vma+0x391/0x660
[  401.713668][T27710] loop5: detected capacity change from 0 to 16383
[  401.716195][T27706]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  401.726242][T27710] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  401.728890][T27706]  do_anonymous_page+0x16e/0x8b0
[  401.736597][T27707] loop3: detected capacity change from 0 to 264192
[  401.738491][T27706]  handle_mm_fault+0x96f/0x1a70
[  401.738521][T27706]  ? __switch_to+0x14e/0x4b0
[  401.762414][T27707] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  401.764775][T27706]  do_user_addr_fault+0x60c/0xc00
[  401.764804][T27706]  exc_page_fault+0x94/0x230
[  401.764827][T27706]  asm_exc_page_fault+0x1e/0x30
[  401.778831][T27708] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  401.780817][T27706] RIP: 0010:clear_user+0x60/0xa0
[  401.780840][T27706] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  401.780856][T27706] RSP: 0018:ffffc900106e3de8 EFLAGS: 00010206
[  401.789971][T27708] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  401.794971][T27706] 
[  401.794976][T27706] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003e00
[  401.794989][T27706] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff1000
[  401.795001][T27706] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  401.878695][T27706] R10: 0001c900106e3e47 R11: ffff888106cda040 R12: 0000000001010000
[  401.886757][T27706] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  401.894842][T27706]  ? clear_user+0x36/0xa0
[  401.899182][T27706]  ? clear_user+0x48/0xa0
[  401.903510][T27706]  evdev_ioctl_handler+0x11ed/0x17e0
[  401.908981][T27706]  evdev_ioctl+0x20/0x30
17:23:24 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x10, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  401.913373][T27706]  ? evdev_poll+0x110/0x110
[  401.917878][T27706]  __se_sys_ioctl+0xcb/0x140
[  401.918535][T27732] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  401.922485][T27706]  __x64_sys_ioctl+0x3f/0x50
[  401.930693][T27732] __nla_validate_parse: 2 callbacks suppressed
[  401.930704][T27732] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  401.935237][T27706]  do_syscall_64+0x4a/0x90
[  401.935261][T27706]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  401.961082][T27706] RIP: 0033:0x4665d9
[  401.965077][T27706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  401.984915][T27706] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  401.993441][T27706] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  402.001422][T27706] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:23:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x11, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  402.009411][T27706] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  402.017518][T27706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  402.025593][T27706] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  402.049686][T27710] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  402.050247][T27707] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  402.060812][T27710] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  402.072368][T27707] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  402.102126][T27743] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
17:23:24 executing program 1 (fault-call:4 fault-nth:68):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x14, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  402.121344][T27742] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  402.166751][T27747] FAULT_INJECTION: forcing a failure.
[  402.166751][T27747] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  402.180066][T27747] CPU: 1 PID: 27747 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  402.188853][T27747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.196691][T27753] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  402.198907][T27747] Call Trace:
[  402.198915][T27747]  dump_stack+0x137/0x19d
[  402.207924][T27753] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  402.210349][T27747]  should_fail+0x23c/0x250
[  402.210368][T27747]  __alloc_pages+0x102/0x320
[  402.210384][T27747]  alloc_pages_vma+0x391/0x660
[  402.237591][T27747]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  402.243351][T27747]  do_anonymous_page+0x16e/0x8b0
[  402.248333][T27747]  handle_mm_fault+0x96f/0x1a70
[  402.253262][T27747]  ? __list_del_entry_valid+0x54/0xc0
[  402.258645][T27747]  ? __switch_to+0x14e/0x4b0
[  402.263246][T27747]  do_user_addr_fault+0x60c/0xc00
[  402.268329][T27747]  exc_page_fault+0x94/0x230
[  402.273019][T27747]  asm_exc_page_fault+0x1e/0x30
[  402.277976][T27747] RIP: 0010:clear_user+0x60/0xa0
[  402.282922][T27747] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  402.302709][T27747] RSP: 0018:ffffc9001070bde8 EFLAGS: 00010206
[  402.308841][T27747] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003c00
[  402.316861][T27747] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff2000
[  402.325082][T27747] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  402.333342][T27747] R10: 0001c9001070be47 R11: ffff88810031e000 R12: 0000000001010000
[  402.341554][T27747] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  402.349674][T27747]  ? clear_user+0x36/0xa0
[  402.354004][T27747]  ? clear_user+0x48/0xa0
[  402.358380][T27747]  evdev_ioctl_handler+0x11ed/0x17e0
[  402.363701][T27747]  evdev_ioctl+0x20/0x30
[  402.368046][T27747]  ? evdev_poll+0x110/0x110
[  402.372590][T27747]  __se_sys_ioctl+0xcb/0x140
[  402.377254][T27747]  __x64_sys_ioctl+0x3f/0x50
[  402.381863][T27747]  do_syscall_64+0x4a/0x90
[  402.386334][T27747]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  402.392345][T27747] RIP: 0033:0x4665d9
[  402.396376][T27747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
17:23:24 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfd, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:24 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x206, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x29, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  402.415990][T27747] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  402.424437][T27747] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  402.432436][T27747] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  402.440406][T27747] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  402.448639][T27747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  402.456613][T27747] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:24 executing program 1 (fault-call:4 fault-nth:69):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  402.493018][T27761] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  402.547424][T27765] FAULT_INJECTION: forcing a failure.
[  402.547424][T27765] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  402.560154][T27761] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  402.560767][T27765] CPU: 1 PID: 27765 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  402.578766][T27765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.588852][T27765] Call Trace:
[  402.592237][T27765]  dump_stack+0x137/0x19d
[  402.596581][T27765]  should_fail+0x23c/0x250
[  402.601010][T27765]  __alloc_pages+0x102/0x320
[  402.605693][T27765]  alloc_pages_vma+0x391/0x660
[  402.610481][T27765]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  402.616035][T27765]  do_anonymous_page+0x16e/0x8b0
[  402.621135][T27765]  handle_mm_fault+0x96f/0x1a70
[  402.626001][T27765]  do_user_addr_fault+0x60c/0xc00
[  402.631091][T27765]  exc_page_fault+0x94/0x230
[  402.635673][T27765]  asm_exc_page_fault+0x1e/0x30
[  402.640622][T27765] RIP: 0010:clear_user+0x60/0xa0
[  402.645660][T27765] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  402.665651][T27765] RSP: 0018:ffffc9001073bde8 EFLAGS: 00010206
[  402.673378][T27765] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003a00
[  402.681346][T27765] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff3000
[  402.689472][T27765] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  402.697442][T27765] R10: 0001c9001073be47 R11: ffff88810961d040 R12: 0000000001010000
[  402.705413][T27765] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  402.713423][T27765]  ? clear_user+0x36/0xa0
[  402.718027][T27765]  ? clear_user+0x48/0xa0
[  402.722357][T27765]  evdev_ioctl_handler+0x11ed/0x17e0
[  402.727647][T27765]  evdev_ioctl+0x20/0x30
[  402.731894][T27765]  ? evdev_poll+0x110/0x110
[  402.736443][T27765]  __se_sys_ioctl+0xcb/0x140
[  402.741286][T27765]  __x64_sys_ioctl+0x3f/0x50
[  402.745979][T27765]  do_syscall_64+0x4a/0x90
[  402.750409][T27765]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  402.756361][T27765] RIP: 0033:0x4665d9
[  402.760247][T27765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  402.779963][T27765] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  402.788383][T27765] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:23:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  402.796527][T27765] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  402.804497][T27765] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  402.812554][T27765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  402.820658][T27765] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  402.848532][T27780] loop5: detected capacity change from 0 to 16383
[  402.855796][T27781] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  402.868060][T27780] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  402.890266][T27785] loop3: detected capacity change from 0 to 264192
17:23:25 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  402.911361][T27780] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  402.922468][T27780] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  402.924323][T27785] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  403.062015][T27785] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  403.073222][T27785] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:25 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x4)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:27 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:27 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x209, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:27 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff0f, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:27 executing program 1 (fault-call:4 fault-nth:70):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:27 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  404.893130][T27830] loop3: detected capacity change from 0 to 264192
[  404.900888][T27829] FAULT_INJECTION: forcing a failure.
[  404.900888][T27829] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  404.907011][T27833] loop5: detected capacity change from 0 to 16383
[  404.914549][T27829] CPU: 0 PID: 27829 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  404.926528][T27833] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  404.930288][T27829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  404.949457][T27829] Call Trace:
[  404.952901][T27829]  dump_stack+0x137/0x19d
[  404.957283][T27829]  should_fail+0x23c/0x250
[  404.961737][T27829]  __alloc_pages+0x102/0x320
[  404.965271][T27830] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  404.966342][T27829]  alloc_pages_vma+0x391/0x660
[  404.980703][T27829]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  404.986335][T27829]  do_anonymous_page+0x16e/0x8b0
[  404.991294][T27829]  handle_mm_fault+0x96f/0x1a70
[  404.996194][T27829]  do_user_addr_fault+0x60c/0xc00
[  405.001227][T27829]  exc_page_fault+0x94/0x230
[  405.005878][T27829]  asm_exc_page_fault+0x1e/0x30
[  405.010790][T27829] RIP: 0010:clear_user+0x60/0xa0
[  405.015757][T27829] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
17:23:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  405.022210][T27833] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  405.035440][T27829] RSP: 0018:ffffc900108bbde8 EFLAGS: 00010206
[  405.035461][T27829] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003800
[  405.035472][T27829] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff4000
[  405.035495][T27829] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  405.035506][T27829] R10: 0001c900108bbe47 R11: ffff88810961d040 R12: 0000000001010000
17:23:27 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x20a, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  405.046540][T27833] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  405.052553][T27829] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  405.104962][T27830] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  405.107444][T27829]  ? clear_user+0x36/0xa0
[  405.119270][T27830] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  405.123543][T27829]  ? clear_user+0x48/0xa0
[  405.142435][T27829]  evdev_ioctl_handler+0x11ed/0x17e0
[  405.148430][T27829]  evdev_ioctl+0x20/0x30
[  405.152682][T27829]  ? evdev_poll+0x110/0x110
[  405.157181][T27829]  __se_sys_ioctl+0xcb/0x140
[  405.161757][T27829]  __x64_sys_ioctl+0x3f/0x50
[  405.166335][T27829]  do_syscall_64+0x4a/0x90
[  405.170831][T27829]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  405.176716][T27829] RIP: 0033:0x4665d9
[  405.180621][T27829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  405.200296][T27829] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  405.208699][T27829] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  405.216769][T27829] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  405.224729][T27829] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  405.232861][T27829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  405.240996][T27829] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x6, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:27 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff7f, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  405.298376][T27861] loop5: detected capacity change from 0 to 16383
[  405.309998][T27861] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:23:27 executing program 1 (fault-call:4 fault-nth:71):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  405.387441][T27887] FAULT_INJECTION: forcing a failure.
[  405.387441][T27887] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  405.387464][T27861] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  405.400728][T27887] CPU: 0 PID: 27887 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  405.411776][T27861] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  405.421038][T27887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  405.421053][T27887] Call Trace:
[  405.421060][T27887]  dump_stack+0x137/0x19d
[  405.421084][T27887]  should_fail+0x23c/0x250
[  405.457623][T27887]  __alloc_pages+0x102/0x320
[  405.462215][T27887]  alloc_pages_vma+0x391/0x660
[  405.463684][T27885] loop3: detected capacity change from 0 to 264192
[  405.467011][T27887]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  405.467037][T27887]  do_anonymous_page+0x16e/0x8b0
[  405.484161][T27887]  handle_mm_fault+0x96f/0x1a70
[  405.489149][T27887]  ? __switch_to+0x14e/0x4b0
[  405.493816][T27887]  do_user_addr_fault+0x60c/0xc00
[  405.498858][T27887]  exc_page_fault+0x94/0x230
[  405.503526][T27887]  asm_exc_page_fault+0x1e/0x30
[  405.508557][T27887] RIP: 0010:clear_user+0x60/0xa0
[  405.513489][T27887] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  405.533269][T27887] RSP: 0018:ffffc900109c3de8 EFLAGS: 00010206
[  405.539355][T27887] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003600
[  405.547318][T27887] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff5000
[  405.555547][T27887] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  405.563627][T27887] R10: 0001c900109c3e47 R11: ffff888108fc7040 R12: 0000000001010000
[  405.571766][T27887] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  405.579741][T27887]  ? clear_user+0x36/0xa0
[  405.584152][T27887]  ? clear_user+0x48/0xa0
[  405.588556][T27887]  evdev_ioctl_handler+0x11ed/0x17e0
[  405.593859][T27887]  evdev_ioctl+0x20/0x30
[  405.598151][T27887]  ? evdev_poll+0x110/0x110
[  405.602731][T27887]  __se_sys_ioctl+0xcb/0x140
[  405.607411][T27887]  __x64_sys_ioctl+0x3f/0x50
[  405.612126][T27887]  do_syscall_64+0x4a/0x90
[  405.616643][T27887]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  405.617155][T27885] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  405.622548][T27887] RIP: 0033:0x4665d9
[  405.622566][T27887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  405.622583][T27887] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  405.664050][T27887] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  405.672053][T27887] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  405.680984][T27887] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  405.688972][T27887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  405.696945][T27887] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  405.722525][T27885] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  405.733803][T27885] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:30 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:30 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x20b, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:30 executing program 1 (fault-call:4 fault-nth:72):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:30 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffff8c, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:30 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  407.908611][T27916] loop5: detected capacity change from 0 to 16383
[  407.916692][T27916] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  407.926311][T27921] FAULT_INJECTION: forcing a failure.
[  407.926311][T27921] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  407.929168][T27924] validate_nla: 7 callbacks suppressed
[  407.929181][T27924] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  407.939814][T27921] CPU: 0 PID: 27921 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  407.948843][T27925] loop3: detected capacity change from 0 to 264192
[  407.953334][T27921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  407.953349][T27921] Call Trace:
[  407.982190][T27921]  dump_stack+0x137/0x19d
[  407.986584][T27921]  should_fail+0x23c/0x250
[  407.990999][T27921]  __alloc_pages+0x102/0x320
[  407.995581][T27921]  alloc_pages_vma+0x391/0x660
[  408.000350][T27921]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  408.005885][T27921]  do_anonymous_page+0x16e/0x8b0
[  408.011008][T27921]  handle_mm_fault+0x96f/0x1a70
[  408.015904][T27921]  ? __list_del_entry_valid+0x54/0xc0
[  408.021282][T27921]  ? __switch_to+0x14e/0x4b0
[  408.025865][T27921]  do_user_addr_fault+0x60c/0xc00
[  408.030881][T27921]  exc_page_fault+0x94/0x230
[  408.035511][T27921]  asm_exc_page_fault+0x1e/0x30
[  408.040447][T27921] RIP: 0010:clear_user+0x60/0xa0
[  408.045467][T27921] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  408.065232][T27921] RSP: 0018:ffffc90010a57de8 EFLAGS: 00010206
[  408.071279][T27921] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003400
[  408.079259][T27921] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff6000
[  408.087270][T27921] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  408.095229][T27921] R10: 0001c90010a57e47 R11: ffff88812e55d040 R12: 0000000001010000
[  408.103191][T27921] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  408.111149][T27921]  ? clear_user+0x36/0xa0
[  408.115528][T27921]  ? clear_user+0x48/0xa0
[  408.119925][T27921]  evdev_ioctl_handler+0x11ed/0x17e0
[  408.125467][T27921]  evdev_ioctl+0x20/0x30
[  408.129705][T27921]  ? evdev_poll+0x110/0x110
[  408.134192][T27921]  __se_sys_ioctl+0xcb/0x140
[  408.138841][T27921]  __x64_sys_ioctl+0x3f/0x50
[  408.143418][T27921]  do_syscall_64+0x4a/0x90
[  408.147831][T27921]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  408.153712][T27921] RIP: 0033:0x4665d9
[  408.157590][T27921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  408.177467][T27921] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  408.185952][T27921] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  408.193911][T27921] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  408.201867][T27921] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  408.209821][T27921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  408.217853][T27921] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  408.233589][T27925] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  408.245424][T27924] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:30 executing program 1 (fault-call:4 fault-nth:73):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0xa, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  408.253200][T27916] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  408.264641][T27916] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  408.303237][T27936] FAULT_INJECTION: forcing a failure.
[  408.303237][T27936] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  408.316648][T27936] CPU: 0 PID: 27936 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  408.325668][T27936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  408.335817][T27936] Call Trace:
[  408.339092][T27936]  dump_stack+0x137/0x19d
[  408.343432][T27936]  should_fail+0x23c/0x250
[  408.347842][T27936]  __alloc_pages+0x102/0x320
[  408.352437][T27936]  alloc_pages_vma+0x391/0x660
[  408.357198][T27936]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  408.362891][T27936]  do_anonymous_page+0x16e/0x8b0
[  408.367941][T27936]  handle_mm_fault+0x96f/0x1a70
[  408.372817][T27936]  ? __switch_to+0x14e/0x4b0
[  408.377414][T27936]  do_user_addr_fault+0x60c/0xc00
[  408.382449][T27936]  exc_page_fault+0x94/0x230
[  408.387035][T27936]  asm_exc_page_fault+0x1e/0x30
[  408.391979][T27936] RIP: 0010:clear_user+0x60/0xa0
[  408.396993][T27936] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  408.413839][T27944] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  408.416769][T27936] RSP: 0018:ffffc90010a5fde8 EFLAGS: 00010206
[  408.430907][T27936] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003200
[  408.438889][T27936] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff7000
[  408.446865][T27936] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  408.454928][T27936] R10: 0001c90010a5fe47 R11: 0001c90010a9fda8 R12: 0000000001010000
[  408.462932][T27936] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  408.471056][T27936]  ? clear_user+0x36/0xa0
[  408.475464][T27936]  ? clear_user+0x48/0xa0
[  408.479888][T27936]  evdev_ioctl_handler+0x11ed/0x17e0
[  408.485184][T27936]  evdev_ioctl+0x20/0x30
[  408.489547][T27936]  ? evdev_poll+0x110/0x110
[  408.494156][T27936]  __se_sys_ioctl+0xcb/0x140
[  408.498968][T27936]  __x64_sys_ioctl+0x3f/0x50
[  408.503563][T27936]  do_syscall_64+0x4a/0x90
[  408.508071][T27936]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  408.513975][T27936] RIP: 0033:0x4665d9
[  408.517864][T27936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  408.537899][T27936] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
17:23:30 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x20c, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  408.546307][T27936] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  408.554897][T27936] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  408.562967][T27936] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  408.571148][T27936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  408.579433][T27936] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  408.591980][T27943] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:30 executing program 1 (fault-call:4 fault-nth:74):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:30 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0xb, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  408.601207][T27925] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  408.612422][T27925] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:30 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffffda, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  408.679466][T27951] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  408.689592][T27955] FAULT_INJECTION: forcing a failure.
[  408.689592][T27955] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  408.702869][T27955] CPU: 0 PID: 27955 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  408.711625][T27955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  408.721930][T27955] Call Trace:
[  408.725217][T27955]  dump_stack+0x137/0x19d
[  408.730234][T27955]  should_fail+0x23c/0x250
[  408.734652][T27955]  __alloc_pages+0x102/0x320
[  408.739372][T27955]  alloc_pages_vma+0x391/0x660
[  408.744329][T27955]  ? __tsan_read8+0x11a/0x180
[  408.749020][T27955]  do_anonymous_page+0x16e/0x8b0
[  408.754100][T27955]  handle_mm_fault+0x96f/0x1a70
[  408.758948][T27955]  ? __list_del_entry_valid+0x54/0xc0
[  408.764313][T27955]  ? __switch_to+0x14e/0x4b0
[  408.768912][T27955]  do_user_addr_fault+0x60c/0xc00
[  408.773937][T27955]  exc_page_fault+0x94/0x230
[  408.778525][T27955]  asm_exc_page_fault+0x1e/0x30
[  408.783430][T27955] RIP: 0010:clear_user+0x60/0xa0
[  408.788435][T27955] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  408.809160][T27955] RSP: 0018:ffffc90010a07de8 EFLAGS: 00010206
[  408.815347][T27955] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000003000
[  408.816435][T27964] loop3: detected capacity change from 0 to 264192
[  408.823326][T27955] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff8000
[  408.823342][T27955] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  408.823354][T27955] R10: 0001c90010a07e47 R11: ffff888108f21000 R12: 0000000001010000
[  408.823366][T27955] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  408.858512][T27964] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  408.861692][T27955]  ? clear_user+0x36/0xa0
[  408.861716][T27955]  ? clear_user+0x48/0xa0
[  408.879880][T27955]  evdev_ioctl_handler+0x11ed/0x17e0
[  408.885241][T27955]  evdev_ioctl+0x20/0x30
[  408.889555][T27955]  ? evdev_poll+0x110/0x110
[  408.894195][T27955]  __se_sys_ioctl+0xcb/0x140
[  408.898871][T27955]  __x64_sys_ioctl+0x3f/0x50
[  408.903460][T27955]  do_syscall_64+0x4a/0x90
[  408.908029][T27955]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  408.913977][T27955] RIP: 0033:0x4665d9
[  408.917876][T27955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  408.937481][T27955] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  408.947462][T27955] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  408.955439][T27955] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  408.963514][T27955] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  408.971786][T27955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  408.979889][T27955] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  409.002358][T27973] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  409.022139][T27976] loop5: detected capacity change from 0 to 16383
[  409.022723][T27964] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  409.039766][T27964] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  409.067765][T27976] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  409.089879][T27976] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  409.101223][T27976] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:33 executing program 1 (fault-call:4 fault-nth:75):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:33 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x3, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:33 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xffffffe2, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x10, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:33 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x237, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:33 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xec0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  410.940587][T28006] FAULT_INJECTION: forcing a failure.
[  410.940587][T28006] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  410.942100][T28009] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  410.953964][T28006] CPU: 0 PID: 28006 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  410.967703][T28009] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  410.970962][T28006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
17:23:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x11, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  410.970974][T28006] Call Trace:
[  410.970982][T28006]  dump_stack+0x137/0x19d
[  410.992186][T28002] loop3: detected capacity change from 0 to 264192
[  410.993250][T28006]  should_fail+0x23c/0x250
[  411.000205][T28002] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  411.004149][T28006]  __alloc_pages+0x102/0x320
[  411.004171][T28006]  alloc_pages_vma+0x391/0x660
[  411.004189][T28006]  do_anonymous_page+0x16e/0x8b0
[  411.026115][T28004] loop5: detected capacity change from 0 to 16383
[  411.027220][T28006]  handle_mm_fault+0x96f/0x1a70
[  411.039011][T28004] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  411.043485][T28006]  do_user_addr_fault+0x60c/0xc00
[  411.043508][T28006]  exc_page_fault+0x94/0x230
[  411.043530][T28006]  asm_exc_page_fault+0x1e/0x30
[  411.067334][T28006] RIP: 0010:clear_user+0x60/0xa0
[  411.072382][T28006] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  411.085440][T28002] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  411.092285][T28006] RSP: 0018:ffffc90010b97de8 EFLAGS: 00010206
[  411.092304][T28006] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002e00
[  411.092317][T28006] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ff9000
[  411.092326][T28006] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  411.103573][T28002] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  411.109580][T28006] R10: 0001c90010b97e47 R11: ffff888108f20080 R12: 0000000001010000
[  411.109595][T28006] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  411.152995][T28023] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  411.156023][T28006]  ? clear_user+0x36/0xa0
[  411.156054][T28006]  ? clear_user+0x48/0xa0
17:23:33 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff0, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  411.168692][T28004] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  411.172511][T28006]  evdev_ioctl_handler+0x11ed/0x17e0
[  411.172538][T28006]  evdev_ioctl+0x20/0x30
[  411.176995][T28004] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  411.181302][T28006]  ? evdev_poll+0x110/0x110
[  411.220933][T28006]  __se_sys_ioctl+0xcb/0x140
[  411.225540][T28006]  __x64_sys_ioctl+0x3f/0x50
[  411.230141][T28006]  do_syscall_64+0x4a/0x90
[  411.234653][T28006]  entry_SYSCALL_64_after_hwframe+0x44/0xae
17:23:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x19, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  411.240576][T28006] RIP: 0033:0x4665d9
[  411.244478][T28006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  411.264182][T28006] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  411.272670][T28006] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  411.280709][T28006] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:23:33 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x244, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  411.288900][T28006] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  411.296972][T28006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  411.304943][T28006] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:33 executing program 1 (fault-call:4 fault-nth:76):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  411.361395][T28040] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  411.390988][T28049] FAULT_INJECTION: forcing a failure.
[  411.390988][T28049] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  411.404318][T28049] CPU: 0 PID: 28049 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  411.413134][T28049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  411.423199][T28049] Call Trace:
[  411.426612][T28049]  dump_stack+0x137/0x19d
[  411.430958][T28049]  should_fail+0x23c/0x250
[  411.435365][T28049]  __alloc_pages+0x102/0x320
[  411.439981][T28049]  alloc_pages_vma+0x391/0x660
[  411.444745][T28049]  do_anonymous_page+0x16e/0x8b0
[  411.449718][T28049]  handle_mm_fault+0x96f/0x1a70
[  411.454655][T28049]  ? __switch_to+0x14e/0x4b0
[  411.455969][T28051] loop3: detected capacity change from 0 to 264192
[  411.459256][T28049]  do_user_addr_fault+0x60c/0xc00
[  411.459279][T28049]  exc_page_fault+0x94/0x230
[  411.475340][T28049]  asm_exc_page_fault+0x1e/0x30
[  411.480205][T28049] RIP: 0010:clear_user+0x60/0xa0
[  411.485136][T28049] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  411.494289][T28051] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  411.504767][T28049] RSP: 0018:ffffc90010c37de8 EFLAGS: 00010206
[  411.504788][T28049] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002c00
[  411.504798][T28049] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ffa000
[  411.536351][T28049] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  411.544505][T28049] R10: 0001c90010c37e47 R11: ffff888100260080 R12: 0000000001010000
[  411.553600][T28049] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  411.561852][T28049]  ? clear_user+0x36/0xa0
[  411.566184][T28049]  ? clear_user+0x48/0xa0
[  411.570713][T28049]  evdev_ioctl_handler+0x11ed/0x17e0
[  411.576809][T28049]  evdev_ioctl+0x20/0x30
[  411.581052][T28049]  ? evdev_poll+0x110/0x110
[  411.585638][T28049]  __se_sys_ioctl+0xcb/0x140
[  411.590336][T28049]  __x64_sys_ioctl+0x3f/0x50
[  411.595858][T28049]  do_syscall_64+0x4a/0x90
[  411.600284][T28049]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  411.606190][T28049] RIP: 0033:0x4665d9
[  411.610102][T28049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  411.630267][T28049] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  411.638676][T28049] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  411.646737][T28049] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
17:23:33 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x25, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  411.654794][T28049] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  411.662996][T28049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  411.671000][T28049] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  411.683501][T28052] loop5: detected capacity change from 0 to 16383
[  411.686327][T28051] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  411.697606][T28052] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:23:33 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff5, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  411.701235][T28051] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  411.763159][T28052] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  411.774266][T28052] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  411.851760][T28079] loop3: detected capacity change from 0 to 264192
[  411.874778][T28079] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  411.923868][T28079] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  411.935022][T28079] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:36 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:36 executing program 1 (fault-call:4 fault-nth:77):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x64, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:36 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x245, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:36 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:36 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf00)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  413.960454][T28099] FAULT_INJECTION: forcing a failure.
[  413.960454][T28099] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  413.961922][T28101] loop3: detected capacity change from 0 to 264192
[  413.973750][T28099] CPU: 1 PID: 28099 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  413.982609][T28101] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  413.989066][T28099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  413.989081][T28099] Call Trace:
[  413.989088][T28099]  dump_stack+0x137/0x19d
[  413.989112][T28099]  should_fail+0x23c/0x250
[  414.020255][T28099]  __alloc_pages+0x102/0x320
[  414.021782][T28107] validate_nla: 3 callbacks suppressed
[  414.021794][T28107] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  414.024848][T28099]  alloc_pages_vma+0x391/0x660
[  414.024871][T28099]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  414.024892][T28099]  do_anonymous_page+0x16e/0x8b0
[  414.053578][T28099]  handle_mm_fault+0x96f/0x1a70
17:23:36 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  414.059133][T28099]  do_user_addr_fault+0x60c/0xc00
[  414.061573][T28106] loop5: detected capacity change from 0 to 16383
[  414.064167][T28099]  exc_page_fault+0x94/0x230
[  414.075212][T28099]  asm_exc_page_fault+0x1e/0x30
[  414.075258][T28106] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  414.080067][T28099] RIP: 0010:clear_user+0x60/0xa0
17:23:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x500, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  414.080090][T28099] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  414.080105][T28099] RSP: 0018:ffffc90010cfbde8 EFLAGS: 00010206
[  414.111551][T28107] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  414.113821][T28099] 
[  414.113826][T28099] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002a00
[  414.113843][T28099] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ffb000
[  414.113855][T28099] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  414.113866][T28099] R10: 0001c90010cfbe47 R11: ffff88812dd03000 R12: 0000000001010000
[  414.113877][T28099] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  414.113887][T28099]  ? clear_user+0x36/0xa0
[  414.174920][T28099]  ? clear_user+0x48/0xa0
[  414.179256][T28099]  evdev_ioctl_handler+0x11ed/0x17e0
[  414.184659][T28099]  evdev_ioctl+0x20/0x30
[  414.188927][T28099]  ? evdev_poll+0x110/0x110
[  414.193495][T28099]  __se_sys_ioctl+0xcb/0x140
[  414.198170][T28099]  __x64_sys_ioctl+0x3f/0x50
[  414.202754][T28099]  do_syscall_64+0x4a/0x90
[  414.207241][T28099]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  414.213243][T28099] RIP: 0033:0x4665d9
[  414.217281][T28099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  414.237072][T28099] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  414.245481][T28099] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  414.253488][T28099] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  414.261475][T28099] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  414.269612][T28099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  414.277680][T28099] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:36 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  414.307970][T28129] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  414.327710][T28101] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  414.335378][T28106] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:23:36 executing program 1 (fault-call:4 fault-nth:78):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0xff0b, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:36 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x260, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  414.338903][T28101] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  414.350076][T28106] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  414.368048][T28129] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:36 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  414.445746][T28147] FAULT_INJECTION: forcing a failure.
[  414.445746][T28147] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  414.458618][T28151] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  414.459009][T28147] CPU: 1 PID: 28147 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  414.476490][T28147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  414.486549][T28147] Call Trace:
[  414.489969][T28147]  dump_stack+0x137/0x19d
[  414.494341][T28147]  should_fail+0x23c/0x250
[  414.498768][T28147]  __alloc_pages+0x102/0x320
[  414.503397][T28147]  alloc_pages_vma+0x391/0x660
[  414.508260][T28147]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  414.513805][T28147]  do_anonymous_page+0x16e/0x8b0
[  414.518751][T28147]  handle_mm_fault+0x96f/0x1a70
[  414.523752][T28147]  do_user_addr_fault+0x60c/0xc00
[  414.528797][T28147]  exc_page_fault+0x94/0x230
[  414.534624][T28147]  asm_exc_page_fault+0x1e/0x30
[  414.539493][T28147] RIP: 0010:clear_user+0x60/0xa0
[  414.544425][T28147] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  414.564134][T28147] RSP: 0018:ffffc90010da3de8 EFLAGS: 00010206
[  414.570279][T28147] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002800
[  414.578246][T28147] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ffc000
[  414.587030][T28147] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  414.595227][T28147] R10: 0001c90010da3e47 R11: ffff88812dd03000 R12: 0000000001010000
[  414.603200][T28147] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  414.611188][T28147]  ? clear_user+0x36/0xa0
[  414.615537][T28147]  ? clear_user+0x48/0xa0
[  414.619975][T28147]  evdev_ioctl_handler+0x11ed/0x17e0
[  414.625329][T28147]  evdev_ioctl+0x20/0x30
[  414.629572][T28147]  ? evdev_poll+0x110/0x110
[  414.634132][T28147]  __se_sys_ioctl+0xcb/0x140
[  414.638893][T28147]  __x64_sys_ioctl+0x3f/0x50
[  414.643493][T28147]  do_syscall_64+0x4a/0x90
[  414.648010][T28147]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  414.654109][T28147] RIP: 0033:0x4665d9
[  414.658004][T28147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  414.677674][T28147] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  414.686216][T28147] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:23:36 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  414.694273][T28147] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  414.703025][T28147] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  414.710999][T28147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  414.718968][T28147] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:37 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffb, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:37 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:37 executing program 1 (fault-call:4 fault-nth:79):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  414.756519][T28160] loop5: detected capacity change from 0 to 16383
[  414.783697][T28160] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  414.796071][T28164] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  414.830266][T28160] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  414.841918][T28160] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  414.857917][T28180] loop3: detected capacity change from 0 to 264192
[  414.868091][T28180] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  414.878301][T28183] FAULT_INJECTION: forcing a failure.
[  414.878301][T28183] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  414.891683][T28183] CPU: 1 PID: 28183 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  414.900454][T28183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  414.910565][T28183] Call Trace:
[  414.913850][T28183]  dump_stack+0x137/0x19d
[  414.918222][T28183]  should_fail+0x23c/0x250
[  414.922714][T28183]  __alloc_pages+0x102/0x320
[  414.927304][T28183]  alloc_pages_vma+0x391/0x660
[  414.932075][T28183]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  414.937628][T28183]  do_anonymous_page+0x16e/0x8b0
[  414.942590][T28183]  handle_mm_fault+0x96f/0x1a70
[  414.947455][T28183]  ? __switch_to+0x14e/0x4b0
[  414.952073][T28183]  do_user_addr_fault+0x60c/0xc00
[  414.957196][T28183]  exc_page_fault+0x94/0x230
[  414.961848][T28183]  asm_exc_page_fault+0x1e/0x30
[  414.966716][T28183] RIP: 0010:clear_user+0x60/0xa0
[  414.971656][T28183] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  414.993880][T28183] RSP: 0018:ffffc90010d6bde8 EFLAGS: 00010206
[  414.999999][T28183] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002600
[  415.008032][T28183] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ffd000
[  415.016090][T28183] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  415.024212][T28183] R10: 0001c90010d6be47 R11: ffff88812f49d040 R12: 0000000001010000
[  415.032182][T28183] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  415.040174][T28183]  ? clear_user+0x36/0xa0
[  415.044606][T28183]  ? clear_user+0x48/0xa0
[  415.048986][T28183]  evdev_ioctl_handler+0x11ed/0x17e0
[  415.054318][T28183]  evdev_ioctl+0x20/0x30
[  415.058609][T28183]  ? evdev_poll+0x110/0x110
[  415.063544][T28183]  __se_sys_ioctl+0xcb/0x140
[  415.068135][T28183]  __x64_sys_ioctl+0x3f/0x50
[  415.072724][T28183]  do_syscall_64+0x4a/0x90
[  415.077142][T28183]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  415.083029][T28183] RIP: 0033:0x4665d9
[  415.086989][T28183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  415.106678][T28183] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  415.115091][T28183] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  415.123068][T28183] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  415.131141][T28183] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  415.139212][T28183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  415.147271][T28183] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  415.166742][T28180] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  415.177853][T28180] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:37 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:37 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:37 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x300, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x2, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:37 executing program 1 (fault-call:4 fault-nth:80):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:37 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffe, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  415.390576][T28214] FAULT_INJECTION: forcing a failure.
[  415.390576][T28214] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  415.391299][T28217] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  415.403979][T28214] CPU: 1 PID: 28214 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  415.404002][T28214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  415.412688][T28218] loop3: detected capacity change from 0 to 264192
[  415.420919][T28214] Call Trace:
[  415.420929][T28214]  dump_stack+0x137/0x19d
[  415.420954][T28214]  should_fail+0x23c/0x250
[  415.420971][T28214]  __alloc_pages+0x102/0x320
[  415.436727][T28218] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  415.437612][T28214]  alloc_pages_vma+0x391/0x660
[  415.451176][T28217] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  415.454423][T28214]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  415.454457][T28214]  do_anonymous_page+0x16e/0x8b0
[  415.486897][T28214]  handle_mm_fault+0x96f/0x1a70
[  415.491782][T28214]  do_user_addr_fault+0x60c/0xc00
[  415.496835][T28214]  exc_page_fault+0x94/0x230
[  415.501435][T28214]  asm_exc_page_fault+0x1e/0x30
[  415.506326][T28214] RIP: 0010:clear_user+0x60/0xa0
[  415.507640][T28216] loop5: detected capacity change from 0 to 16383
[  415.511276][T28214] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
17:23:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x3, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:37 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  415.537476][T28216] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  415.537842][T28214] RSP: 0018:ffffc90010edfde8 EFLAGS: 00010206
[  415.537860][T28214] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002400
[  415.560980][T28214] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000ffe000
[  415.569480][T28214] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  415.575345][T28236] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:37 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x4, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  415.577508][T28214] R10: 0001c90010edfe47 R11: ffff88812e452040 R12: 0000000001010000
[  415.577524][T28214] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  415.577537][T28214]  ? clear_user+0x36/0xa0
[  415.598989][T28236] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  415.601881][T28214]  ? clear_user+0x48/0xa0
[  415.601907][T28214]  evdev_ioctl_handler+0x11ed/0x17e0
[  415.624125][T28214]  evdev_ioctl+0x20/0x30
[  415.628378][T28214]  ? evdev_poll+0x110/0x110
[  415.632886][T28214]  __se_sys_ioctl+0xcb/0x140
[  415.637531][T28214]  __x64_sys_ioctl+0x3f/0x50
[  415.642171][T28214]  do_syscall_64+0x4a/0x90
[  415.646657][T28214]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  415.652610][T28214] RIP: 0033:0x4665d9
[  415.656494][T28214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  415.677064][T28214] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  415.685500][T28214] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  415.693546][T28214] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  415.701508][T28214] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  415.709482][T28214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  415.717453][T28214] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x5, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  415.744643][T28218] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  415.748806][T28216] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  415.755796][T28218] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x6, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:38 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  415.767516][T28216] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  415.885094][T28266] loop3: detected capacity change from 0 to 264192
[  415.903724][T28266] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  415.944063][T28266] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  415.955151][T28266] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:38 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc00e)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:38 executing program 1 (fault-call:4 fault-nth:81):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x7, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:38 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3c1, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:38 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xedc000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  416.372208][T28283] loop3: detected capacity change from 0 to 264192
[  416.373723][T28290] FAULT_INJECTION: forcing a failure.
[  416.373723][T28290] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  416.378960][T28287] loop5: detected capacity change from 0 to 16383
[  416.392277][T28290] CPU: 0 PID: 28290 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  416.392300][T28290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  416.392309][T28290] Call Trace:
17:23:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x8, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  416.392315][T28290]  dump_stack+0x137/0x19d
[  416.425841][T28290]  should_fail+0x23c/0x250
[  416.430289][T28290]  __alloc_pages+0x102/0x320
[  416.434998][T28290]  alloc_pages_vma+0x391/0x660
[  416.438860][T28283] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  416.439799][T28290]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  416.454670][T28290]  do_anonymous_page+0x16e/0x8b0
[  416.459655][T28290]  handle_mm_fault+0x96f/0x1a70
[  416.464519][T28290]  ? __switch_to+0x14e/0x4b0
17:23:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x9, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  416.469340][T28290]  do_user_addr_fault+0x60c/0xc00
[  416.474485][T28290]  exc_page_fault+0x94/0x230
[  416.479167][T28290]  asm_exc_page_fault+0x1e/0x30
[  416.484187][T28290] RIP: 0010:clear_user+0x60/0xa0
[  416.489199][T28290] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  416.508363][T28287] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  416.509363][T28290] RSP: 0018:ffffc9001102fde8 EFLAGS: 00010206
[  416.509380][T28290] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002200
[  416.509392][T28290] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000000fff000
[  416.540522][T28290] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  416.548526][T28290] R10: 0001c9001102fe47 R11: ffff888107bed000 R12: 0000000001010000
[  416.556717][T28290] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  416.564931][T28290]  ? clear_user+0x36/0xa0
[  416.569259][T28290]  ? clear_user+0x48/0xa0
[  416.573584][T28290]  evdev_ioctl_handler+0x11ed/0x17e0
[  416.578963][T28290]  evdev_ioctl+0x20/0x30
[  416.583238][T28290]  ? evdev_poll+0x110/0x110
[  416.593047][T28290]  __se_sys_ioctl+0xcb/0x140
[  416.597652][T28290]  __x64_sys_ioctl+0x3f/0x50
[  416.602312][T28290]  do_syscall_64+0x4a/0x90
[  416.606742][T28290]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  416.612659][T28290] RIP: 0033:0x4665d9
[  416.616627][T28290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  416.637881][T28290] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  416.646458][T28290] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  416.654463][T28290] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  416.662554][T28290] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  416.670723][T28290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  416.678699][T28290] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  416.697901][T28283] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  416.709159][T28283] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  416.728184][T28287] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  416.739314][T28287] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:40 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:40 executing program 1 (fault-call:4 fault-nth:82):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0xa, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:40 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:40 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x402, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:40 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x33fe0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  418.581650][T28339] loop5: detected capacity change from 0 to 16383
[  418.588253][T28338] loop3: detected capacity change from 0 to 264192
[  418.600196][T28338] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  418.610516][T28339] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:23:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0xb, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  418.635072][T28339] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  418.646366][T28339] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  418.657730][T28354] FAULT_INJECTION: forcing a failure.
[  418.657730][T28354] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  418.674472][T28354] CPU: 1 PID: 28354 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
17:23:40 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0xc, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:40 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x406, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  418.683302][T28354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  418.693450][T28354] Call Trace:
[  418.696746][T28354]  dump_stack+0x137/0x19d
[  418.701078][T28354]  should_fail+0x23c/0x250
[  418.705589][T28354]  __alloc_pages+0x102/0x320
[  418.710192][T28354]  alloc_pages+0x21d/0x310
[  418.714789][T28354]  pte_alloc_one+0x29/0xb0
[  418.719295][T28354]  __pte_alloc+0x2f/0x210
[  418.723755][T28354]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  418.729450][T28354]  do_anonymous_page+0x79b/0x8b0
17:23:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0xd, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  418.734485][T28354]  handle_mm_fault+0x96f/0x1a70
[  418.739464][T28354]  ? __switch_to+0x14e/0x4b0
[  418.744056][T28354]  do_user_addr_fault+0x60c/0xc00
[  418.749177][T28354]  exc_page_fault+0x94/0x230
[  418.753952][T28354]  asm_exc_page_fault+0x1e/0x30
[  418.758867][T28354] RIP: 0010:clear_user+0x60/0xa0
[  418.763820][T28354] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  418.783704][T28354] RSP: 0018:ffffc9001113fde8 EFLAGS: 00010206
[  418.789788][T28354] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002000
[  418.797763][T28354] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001000000
[  418.805741][T28354] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  418.813712][T28354] R10: 0001c9001113fe47 R11: ffff88812e36c080 R12: 0000000001010000
[  418.821794][T28354] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  418.830004][T28354]  ? clear_user+0x36/0xa0
17:23:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0xe, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  418.834364][T28354]  ? clear_user+0x48/0xa0
[  418.838876][T28354]  evdev_ioctl_handler+0x11ed/0x17e0
[  418.844179][T28354]  evdev_ioctl+0x20/0x30
[  418.848562][T28354]  ? evdev_poll+0x110/0x110
[  418.853070][T28354]  __se_sys_ioctl+0xcb/0x140
[  418.857686][T28354]  __x64_sys_ioctl+0x3f/0x50
[  418.862424][T28354]  do_syscall_64+0x4a/0x90
[  418.866844][T28354]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  418.873648][T28354] RIP: 0033:0x4665d9
17:23:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x10, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  418.877550][T28354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  418.897871][T28354] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  418.906297][T28354] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  418.914344][T28354] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  418.922665][T28354] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  418.930813][T28354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  418.938780][T28354] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  418.954412][T28338] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  418.965526][T28338] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  419.030138][T28386] loop5: detected capacity change from 0 to 16383
[  419.039575][T28386] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  419.068397][T28386] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  419.079610][T28386] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:43 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(0x0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:43 executing program 1 (fault-call:4 fault-nth:83):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:43 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:43 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x11, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:43 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:43 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x410, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  421.643176][T28414] loop3: detected capacity change from 0 to 264192
[  421.650320][T28417] loop5: detected capacity change from 0 to 16383
[  421.654756][T28420] validate_nla: 24 callbacks suppressed
[  421.654769][T28420] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  421.661433][T28414] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  421.666041][T28415] FAULT_INJECTION: forcing a failure.
[  421.666041][T28415] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  421.674782][T28417] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  421.680046][T28415] CPU: 0 PID: 28415 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  421.711564][T28415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  421.721111][T28420] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  421.721646][T28415] Call Trace:
[  421.721655][T28415]  dump_stack+0x137/0x19d
[  421.738144][T28415]  should_fail+0x23c/0x250
[  421.742622][T28415]  __alloc_pages+0x102/0x320
[  421.747311][T28415]  alloc_pages_vma+0x391/0x660
[  421.752084][T28415]  do_anonymous_page+0x16e/0x8b0
[  421.757153][T28415]  handle_mm_fault+0x96f/0x1a70
[  421.762028][T28415]  ? __switch_to+0x14e/0x4b0
[  421.764591][T28414] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  421.766615][T28415]  do_user_addr_fault+0x60c/0xc00
[  421.766636][T28415]  exc_page_fault+0x94/0x230
17:23:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x12, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:44 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  421.777755][T28414] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  421.782835][T28415]  asm_exc_page_fault+0x1e/0x30
[  421.807121][T28415] RIP: 0010:clear_user+0x60/0xa0
[  421.812074][T28415] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  421.833128][T28415] RSP: 0018:ffffc9001120fde8 EFLAGS: 00010206
[  421.839199][T28415] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000002000
[  421.847261][T28415] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001000000
[  421.854984][T28439] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  421.855241][T28415] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  421.869465][T28439] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  421.871394][T28415] R10: 0001c9001120fe47 R11: ffff88812f667040 R12: 0000000001010000
17:23:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x25, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  421.871409][T28415] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  421.895501][T28415]  ? clear_user+0x36/0xa0
[  421.899878][T28415]  ? clear_user+0x48/0xa0
[  421.904241][T28415]  evdev_ioctl_handler+0x11ed/0x17e0
[  421.909530][T28415]  evdev_ioctl+0x20/0x30
[  421.913799][T28415]  ? evdev_poll+0x110/0x110
[  421.918329][T28415]  __se_sys_ioctl+0xcb/0x140
[  421.922937][T28415]  __x64_sys_ioctl+0x3f/0x50
[  421.927536][T28415]  do_syscall_64+0x4a/0x90
[  421.932059][T28415]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  421.937986][T28415] RIP: 0033:0x4665d9
[  421.941884][T28415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  421.961679][T28415] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  421.970097][T28415] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  421.978142][T28415] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  421.986117][T28415] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  421.994218][T28415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  422.002186][T28415] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  422.025900][T28446] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  422.029422][T28417] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:23:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x3a, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  422.034836][T28446] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  422.045264][T28417] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:44 executing program 1 (fault-call:4 fault-nth:84):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:44 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x500, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  422.090970][T28455] loop3: detected capacity change from 0 to 264192
[  422.101571][T28455] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  422.116351][T28458] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  422.151864][T28455] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  422.162998][T28455] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  422.189653][T28458] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  422.203880][T28465] FAULT_INJECTION: forcing a failure.
[  422.203880][T28465] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  422.217162][T28465] CPU: 1 PID: 28465 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  422.226021][T28465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  422.236098][T28465] Call Trace:
[  422.239444][T28465]  dump_stack+0x137/0x19d
[  422.243781][T28465]  should_fail+0x23c/0x250
[  422.248251][T28465]  __alloc_pages+0x102/0x320
[  422.252831][T28465]  alloc_pages_vma+0x391/0x660
[  422.257614][T28465]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  422.263193][T28465]  do_anonymous_page+0x16e/0x8b0
[  422.268170][T28465]  handle_mm_fault+0x96f/0x1a70
[  422.273026][T28465]  ? __list_del_entry_valid+0x54/0xc0
[  422.278469][T28465]  ? __switch_to+0x14e/0x4b0
[  422.283076][T28465]  do_user_addr_fault+0x60c/0xc00
[  422.288110][T28465]  exc_page_fault+0x94/0x230
[  422.292801][T28465]  asm_exc_page_fault+0x1e/0x30
[  422.297691][T28465] RIP: 0010:clear_user+0x60/0xa0
[  422.302645][T28465] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  422.322489][T28465] RSP: 0018:ffffc90011257de8 EFLAGS: 00010206
[  422.328876][T28465] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001e00
[  422.336880][T28465] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001001000
[  422.344945][T28465] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  422.353466][T28465] R10: 0001c90011257e47 R11: ffff88810031e000 R12: 0000000001010000
[  422.361434][T28465] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  422.369434][T28465]  ? clear_user+0x36/0xa0
[  422.373799][T28465]  ? clear_user+0x48/0xa0
[  422.378307][T28465]  evdev_ioctl_handler+0x11ed/0x17e0
[  422.383858][T28465]  evdev_ioctl+0x20/0x30
[  422.388306][T28465]  ? evdev_poll+0x110/0x110
[  422.392860][T28465]  __se_sys_ioctl+0xcb/0x140
[  422.397672][T28465]  __x64_sys_ioctl+0x3f/0x50
[  422.402621][T28465]  do_syscall_64+0x4a/0x90
[  422.407138][T28465]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  422.413047][T28465] RIP: 0033:0x4665d9
[  422.416940][T28465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  422.436577][T28465] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  422.445074][T28465] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
17:23:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x48, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  422.453052][T28465] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  422.461022][T28465] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  422.469012][T28465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  422.477190][T28465] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  422.520506][T28479] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  422.528860][T28478] loop5: detected capacity change from 0 to 16383
[  422.535660][T28479] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  422.570000][T28478] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  422.642938][T28478] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  422.654499][T28478] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:46 executing program 1 (fault-call:4 fault-nth:85):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:46 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:46 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7ffffffffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:46 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x4c, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:46 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x502, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:46 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x4000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  424.669060][T28505] FAULT_INJECTION: forcing a failure.
[  424.669060][T28505] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  424.682457][T28505] CPU: 0 PID: 28505 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  424.691387][T28505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  424.701885][T28505] Call Trace:
[  424.705162][T28505]  dump_stack+0x137/0x19d
[  424.706099][T28509] loop5: detected capacity change from 0 to 16383
[  424.709498][T28505]  should_fail+0x23c/0x250
[  424.720344][T28505]  __alloc_pages+0x102/0x320
[  424.721450][T28509] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  424.724977][T28505]  alloc_pages_vma+0x391/0x660
[  424.724999][T28505]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  424.738803][T28504] loop3: detected capacity change from 0 to 264192
[  424.739292][T28505]  do_anonymous_page+0x16e/0x8b0
[  424.750984][T28504] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  424.751511][T28505]  handle_mm_fault+0x96f/0x1a70
[  424.770330][T28505]  do_user_addr_fault+0x60c/0xc00
[  424.775447][T28505]  exc_page_fault+0x94/0x230
[  424.780125][T28505]  asm_exc_page_fault+0x1e/0x30
[  424.784981][T28505] RIP: 0010:clear_user+0x60/0xa0
[  424.789930][T28505] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  424.809698][T28505] RSP: 0018:ffffc9001135bde8 EFLAGS: 00010206
[  424.814614][T28509] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  424.815771][T28505] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001c00
[  424.826997][T28509] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  424.834920][T28505] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001002000
[  424.834934][T28505] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  424.834945][T28505] R10: 0001c9001135be47 R11: ffff88810031e000 R12: 0000000001010000
[  424.834956][T28505] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  424.881631][T28505]  ? clear_user+0x36/0xa0
[  424.885992][T28505]  ? clear_user+0x48/0xa0
[  424.890400][T28505]  evdev_ioctl_handler+0x11ed/0x17e0
[  424.891103][T28504] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  424.895700][T28505]  evdev_ioctl+0x20/0x30
[  424.906937][T28504] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  424.911138][T28505]  ? evdev_poll+0x110/0x110
[  424.930250][T28505]  __se_sys_ioctl+0xcb/0x140
[  424.934855][T28505]  __x64_sys_ioctl+0x3f/0x50
[  424.939556][T28505]  do_syscall_64+0x4a/0x90
[  424.943974][T28505]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  424.949962][T28505] RIP: 0033:0x4665d9
[  424.953844][T28505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  424.973689][T28505] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  424.982236][T28505] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  424.990210][T28505] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  424.998178][T28505] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  425.006154][T28505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
17:23:47 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x600, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x60, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:47 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  425.014214][T28505] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x68, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:47 executing program 1 (fault-call:4 fault-nth:86):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  425.087660][T28543] loop3: detected capacity change from 0 to 264192
[  425.099640][T28543] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  425.136894][T28547] loop5: detected capacity change from 0 to 16383
[  425.147225][T28547] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  425.167208][T28557] FAULT_INJECTION: forcing a failure.
[  425.167208][T28557] name fail_page_alloc, interval 1, probability 0, space 0, times 0
17:23:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x6c, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  425.180516][T28557] CPU: 1 PID: 28557 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  425.189279][T28557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  425.199469][T28557] Call Trace:
[  425.202756][T28557]  dump_stack+0x137/0x19d
[  425.207211][T28557]  should_fail+0x23c/0x250
[  425.211685][T28557]  __alloc_pages+0x102/0x320
[  425.216274][T28557]  alloc_pages_vma+0x391/0x660
[  425.221074][T28557]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  425.226695][T28557]  do_anonymous_page+0x16e/0x8b0
[  425.231707][T28557]  handle_mm_fault+0x96f/0x1a70
17:23:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x74, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  425.236566][T28557]  ? __switch_to+0x14e/0x4b0
[  425.241197][T28557]  do_user_addr_fault+0x60c/0xc00
[  425.246232][T28557]  exc_page_fault+0x94/0x230
[  425.250871][T28557]  asm_exc_page_fault+0x1e/0x30
[  425.255749][T28557] RIP: 0010:clear_user+0x60/0xa0
[  425.260736][T28557] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  425.280524][T28557] RSP: 0018:ffffc90011427de8 EFLAGS: 00010206
[  425.286884][T28557] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001a00
[  425.294852][T28557] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001003000
[  425.302849][T28557] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  425.311106][T28557] R10: 0001c90011427e47 R11: ffff88812dcec000 R12: 0000000001010000
[  425.319076][T28557] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  425.328680][T28557]  ? clear_user+0x36/0xa0
[  425.333023][T28557]  ? clear_user+0x48/0xa0
[  425.337458][T28557]  evdev_ioctl_handler+0x11ed/0x17e0
[  425.343127][T28557]  evdev_ioctl+0x20/0x30
[  425.347370][T28557]  ? evdev_poll+0x110/0x110
[  425.351868][T28557]  __se_sys_ioctl+0xcb/0x140
[  425.356464][T28557]  __x64_sys_ioctl+0x3f/0x50
[  425.361138][T28557]  do_syscall_64+0x4a/0x90
[  425.365563][T28557]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  425.371529][T28557] RIP: 0033:0x4665d9
[  425.375470][T28557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  425.395246][T28557] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  425.403656][T28557] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  425.411618][T28557] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  425.419586][T28557] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  425.427716][T28557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  425.435731][T28557] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  425.444548][T28543] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  425.455810][T28543] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  425.471294][T28547] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  425.482458][T28547] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:49 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:49 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x7a, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:49 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xe0ffff00000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:49 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x602, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:49 executing program 1 (fault-call:4 fault-nth:87):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:49 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  427.723438][T28593] loop5: detected capacity change from 0 to 16383
[  427.749689][T28593] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  427.760460][T28602] FAULT_INJECTION: forcing a failure.
[  427.760460][T28602] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  427.773828][T28602] CPU: 0 PID: 28602 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  427.779088][T28604] validate_nla: 10 callbacks suppressed
[  427.779101][T28604] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  427.782685][T28602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  427.782697][T28602] Call Trace:
[  427.782704][T28602]  dump_stack+0x137/0x19d
[  427.782797][T28602]  should_fail+0x23c/0x250
[  427.798464][T28601] loop3: detected capacity change from 0 to 264192
[  427.806638][T28602]  __alloc_pages+0x102/0x320
[  427.806663][T28602]  alloc_pages_vma+0x391/0x660
[  427.806682][T28602]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  427.806701][T28602]  do_anonymous_page+0x16e/0x8b0
[  427.810468][T28604] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  427.814296][T28602]  handle_mm_fault+0x96f/0x1a70
[  427.814324][T28602]  do_user_addr_fault+0x60c/0xc00
[  427.824862][T28601] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  427.825223][T28602]  exc_page_fault+0x94/0x230
[  427.877216][T28602]  asm_exc_page_fault+0x1e/0x30
[  427.882069][T28602] RIP: 0010:clear_user+0x60/0xa0
[  427.887005][T28602] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  427.906633][T28602] RSP: 0018:ffffc900114f7de8 EFLAGS: 00010206
[  427.912696][T28602] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001800
[  427.920667][T28602] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001004000
[  427.928768][T28602] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  427.936738][T28602] R10: 0001c900114f7e47 R11: ffff88812e7d1000 R12: 0000000001010000
[  427.944722][T28602] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  427.952686][T28602]  ? clear_user+0x36/0xa0
[  427.957010][T28602]  ? clear_user+0x48/0xa0
[  427.961432][T28602]  evdev_ioctl_handler+0x11ed/0x17e0
[  427.966735][T28602]  evdev_ioctl+0x20/0x30
[  427.970974][T28602]  ? evdev_poll+0x110/0x110
[  427.975656][T28602]  __se_sys_ioctl+0xcb/0x140
[  427.980247][T28602]  __x64_sys_ioctl+0x3f/0x50
[  427.984829][T28602]  do_syscall_64+0x4a/0x90
[  427.989239][T28602]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  427.995159][T28602] RIP: 0033:0x4665d9
[  427.999048][T28602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
17:23:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0x4, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  428.018990][T28602] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  428.027541][T28602] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  428.035828][T28602] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  428.044671][T28602] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  428.053173][T28602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  428.061250][T28602] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  428.081232][T28616] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  428.090133][T28593] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  428.090417][T28616] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  428.101395][T28593] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0x8, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  428.102609][T28601] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  428.135065][T28601] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:50 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x604, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:50 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  428.188203][T28624] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  428.197608][T28624] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  428.222208][T28624] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:23:50 executing program 1 (fault-call:4 fault-nth:88):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  428.231604][T28624] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  428.292762][T28632] loop3: detected capacity change from 0 to 264192
[  428.317978][T28632] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  428.319841][T28637] FAULT_INJECTION: forcing a failure.
[  428.319841][T28637] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  428.340549][T28637] CPU: 0 PID: 28637 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  428.349315][T28637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  428.359491][T28637] Call Trace:
[  428.362777][T28637]  dump_stack+0x137/0x19d
[  428.367183][T28637]  should_fail+0x23c/0x250
[  428.371606][T28637]  __alloc_pages+0x102/0x320
[  428.376183][T28637]  alloc_pages_vma+0x391/0x660
[  428.381204][T28637]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  428.386853][T28637]  do_anonymous_page+0x16e/0x8b0
[  428.391810][T28637]  handle_mm_fault+0x96f/0x1a70
[  428.396774][T28637]  do_user_addr_fault+0x60c/0xc00
[  428.401818][T28637]  exc_page_fault+0x94/0x230
[  428.406415][T28637]  asm_exc_page_fault+0x1e/0x30
[  428.411380][T28637] RIP: 0010:clear_user+0x60/0xa0
[  428.416488][T28637] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  428.436377][T28637] RSP: 0018:ffffc900115bfde8 EFLAGS: 00010206
[  428.442524][T28637] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001600
[  428.450493][T28637] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001005000
[  428.458565][T28637] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  428.466524][T28637] R10: 0001c900115bfe47 R11: ffff88812e7d1000 R12: 0000000001010000
[  428.474485][T28637] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  428.482445][T28637]  ? clear_user+0x36/0xa0
[  428.486856][T28637]  ? clear_user+0x48/0xa0
[  428.491186][T28637]  evdev_ioctl_handler+0x11ed/0x17e0
[  428.496555][T28637]  evdev_ioctl+0x20/0x30
[  428.500851][T28637]  ? evdev_poll+0x110/0x110
[  428.505379][T28637]  __se_sys_ioctl+0xcb/0x140
[  428.510067][T28637]  __x64_sys_ioctl+0x3f/0x50
[  428.514680][T28637]  do_syscall_64+0x4a/0x90
[  428.519188][T28637]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  428.525169][T28637] RIP: 0033:0x4665d9
[  428.529057][T28637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  428.548940][T28637] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  428.557522][T28637] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  428.565497][T28637] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  428.573552][T28637] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  428.581522][T28637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
17:23:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0x29, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  428.589495][T28637] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  428.617352][T28646] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  428.623858][T28632] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  428.630761][T28646] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  428.637851][T28632] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  428.665336][T28640] loop5: detected capacity change from 0 to 16383
[  428.705539][T28640] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  428.729710][T28640] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  428.740916][T28640] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:52 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0x46, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:52 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x200000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:52 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x67e, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:52 executing program 1 (fault-call:4 fault-nth:89):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:52 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x7ffff000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  430.758920][T28672] FAULT_INJECTION: forcing a failure.
[  430.758920][T28672] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  430.772180][T28672] CPU: 0 PID: 28672 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  430.781036][T28672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  430.789522][T28677] loop5: detected capacity change from 0 to 16383
[  430.791082][T28672] Call Trace:
[  430.791091][T28672]  dump_stack+0x137/0x19d
[  430.802984][T28677] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  430.805166][T28672]  should_fail+0x23c/0x250
[  430.818706][T28672]  __alloc_pages+0x102/0x320
[  430.823369][T28672]  alloc_pages_vma+0x391/0x660
[  430.828155][T28672]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  430.833777][T28672]  do_anonymous_page+0x16e/0x8b0
[  430.835970][T28673] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  430.838810][T28672]  handle_mm_fault+0x96f/0x1a70
[  430.838837][T28672]  ? __switch_to+0x14e/0x4b0
[  430.850517][T28678] loop3: detected capacity change from 0 to 264192
[  430.853102][T28672]  do_user_addr_fault+0x60c/0xc00
[  430.864192][T28678] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  430.866021][T28673] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  430.869315][T28672]  exc_page_fault+0x94/0x230
[  430.892402][T28672]  asm_exc_page_fault+0x1e/0x30
[  430.897408][T28672] RIP: 0010:clear_user+0x60/0xa0
17:23:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x2, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  430.902354][T28672] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  430.921964][T28672] RSP: 0018:ffffc9001164fde8 EFLAGS: 00010206
[  430.928114][T28672] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001400
[  430.936271][T28672] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001006000
[  430.944451][T28672] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  430.952428][T28672] R10: 0001c9001164fe47 R11: ffff88810891f080 R12: 0000000001010000
[  430.960494][T28672] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  430.968465][T28672]  ? clear_user+0x36/0xa0
[  430.972805][T28672]  ? clear_user+0x48/0xa0
[  430.977142][T28672]  evdev_ioctl_handler+0x11ed/0x17e0
[  430.982437][T28672]  evdev_ioctl+0x20/0x30
[  430.986685][T28672]  ? evdev_poll+0x110/0x110
[  430.991295][T28672]  __se_sys_ioctl+0xcb/0x140
[  430.995887][T28672]  __x64_sys_ioctl+0x3f/0x50
[  431.000497][T28672]  do_syscall_64+0x4a/0x90
[  431.004916][T28672]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  431.010903][T28672] RIP: 0033:0x4665d9
[  431.014797][T28672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  431.034479][T28672] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  431.042986][T28672] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  431.051080][T28672] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  431.059131][T28672] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  431.067182][T28672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  431.075154][T28672] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  431.089452][T28693] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  431.100949][T28693] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:23:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x4, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  431.105731][T28678] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  431.120284][T28678] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  431.137242][T28677] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:23:53 executing program 1 (fault-call:4 fault-nth:90):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  431.148419][T28677] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  431.193721][T28707] FAULT_INJECTION: forcing a failure.
[  431.193721][T28707] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  431.207133][T28707] CPU: 1 PID: 28707 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  431.215999][T28707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  431.226822][T28707] Call Trace:
[  431.230232][T28707]  dump_stack+0x137/0x19d
[  431.234676][T28707]  should_fail+0x23c/0x250
[  431.239156][T28707]  __alloc_pages+0x102/0x320
[  431.243928][T28707]  alloc_pages_vma+0x391/0x660
[  431.248827][T28707]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  431.254680][T28707]  do_anonymous_page+0x16e/0x8b0
[  431.259835][T28707]  handle_mm_fault+0x96f/0x1a70
[  431.264696][T28707]  do_user_addr_fault+0x60c/0xc00
[  431.269839][T28707]  exc_page_fault+0x94/0x230
[  431.274440][T28707]  asm_exc_page_fault+0x1e/0x30
[  431.279422][T28707] RIP: 0010:clear_user+0x60/0xa0
17:23:53 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x202000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:53 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x700, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x5, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  431.284365][T28707] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  431.304673][T28707] RSP: 0018:ffffc900116e7de8 EFLAGS: 00010206
[  431.310737][T28707] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001200
[  431.318713][T28707] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001007000
[  431.326877][T28707] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  431.334955][T28707] R10: 0001c900116e7e47 R11: ffff888100260080 R12: 0000000001010000
[  431.342928][T28707] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  431.352805][T28707]  ? clear_user+0x36/0xa0
[  431.357631][T28707]  ? clear_user+0x48/0xa0
[  431.361955][T28707]  evdev_ioctl_handler+0x11ed/0x17e0
[  431.367261][T28707]  evdev_ioctl+0x20/0x30
[  431.371553][T28707]  ? evdev_poll+0x110/0x110
[  431.376071][T28707]  __se_sys_ioctl+0xcb/0x140
[  431.380742][T28707]  __x64_sys_ioctl+0x3f/0x50
[  431.385336][T28707]  do_syscall_64+0x4a/0x90
[  431.389761][T28707]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  431.395728][T28707] RIP: 0033:0x4665d9
[  431.399629][T28707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  431.419493][T28707] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  431.427955][T28707] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  431.436008][T28707] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  431.444064][T28707] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  431.452205][T28707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  431.460255][T28707] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  431.542326][T28724] loop5: detected capacity change from 0 to 16383
[  431.549840][T28725] loop3: detected capacity change from 0 to 264192
[  431.558701][T28725] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  431.568903][T28724] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  431.610510][T28724] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  431.621814][T28724] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  431.637569][T28725] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  431.648754][T28725] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:56 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:56 executing program 1 (fault-call:4 fault-nth:91):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x6, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:56 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x204000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:56 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x784, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:56 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc0000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  433.783029][T28751] loop3: detected capacity change from 0 to 264192
[  433.796288][T28755] loop5: detected capacity change from 0 to 16383
[  433.803132][T28751] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  433.808606][T28767] FAULT_INJECTION: forcing a failure.
[  433.808606][T28767] name fail_page_alloc, interval 1, probability 0, space 0, times 0
17:23:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x7, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  433.814596][T28755] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  433.825934][T28767] CPU: 1 PID: 28767 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  433.843760][T28767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  433.853840][T28767] Call Trace:
[  433.857114][T28767]  dump_stack+0x137/0x19d
[  433.861634][T28767]  should_fail+0x23c/0x250
[  433.866168][T28767]  __alloc_pages+0x102/0x320
[  433.870765][T28767]  alloc_pages_vma+0x391/0x660
[  433.875628][T28767]  do_anonymous_page+0x16e/0x8b0
17:23:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x8, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  433.880636][T28767]  handle_mm_fault+0x96f/0x1a70
[  433.885657][T28767]  ? __switch_to+0x14e/0x4b0
[  433.890359][T28767]  do_user_addr_fault+0x60c/0xc00
[  433.895651][T28767]  exc_page_fault+0x94/0x230
[  433.900282][T28767]  asm_exc_page_fault+0x1e/0x30
[  433.905132][T28767] RIP: 0010:clear_user+0x60/0xa0
[  433.910181][T28767] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  433.921711][T28755] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  433.929961][T28767] RSP: 0018:ffffc900117d7de8 EFLAGS: 00010206
[  433.929980][T28767] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000001000
[  433.929991][T28767] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001008000
[  433.941154][T28755] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:56 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x300000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  433.947256][T28767] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  433.947272][T28767] R10: 0001c900117d7e47 R11: ffff88812e2b5080 R12: 0000000001010000
[  433.947283][T28767] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  433.955610][T28751] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  433.963314][T28767]  ? clear_user+0x36/0xa0
[  433.963340][T28767]  ? clear_user+0x48/0xa0
[  433.977771][T28751] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  433.985832][T28767]  evdev_ioctl_handler+0x11ed/0x17e0
[  434.041238][T28767]  evdev_ioctl+0x20/0x30
[  434.045495][T28767]  ? evdev_poll+0x110/0x110
[  434.050099][T28767]  __se_sys_ioctl+0xcb/0x140
[  434.054796][T28767]  __x64_sys_ioctl+0x3f/0x50
[  434.059462][T28767]  do_syscall_64+0x4a/0x90
[  434.063878][T28767]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  434.069787][T28767] RIP: 0033:0x4665d9
17:23:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x9, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  434.073769][T28767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  434.093554][T28767] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.101984][T28767] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  434.110128][T28767] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  434.118198][T28767] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
17:23:56 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x786, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0xa, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  434.128179][T28767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  434.136155][T28767] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  434.220846][T28810] loop3: detected capacity change from 0 to 264192
[  434.230577][T28810] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  434.248160][T28809] loop5: detected capacity change from 0 to 16383
[  434.258286][T28809] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  434.272535][T28810] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  434.274565][T28809] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  434.283724][T28810] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  434.294934][T28809] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:59 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:23:59 executing program 1 (fault-call:4 fault-nth:92):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0xb, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:23:59 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x400000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:59 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x900, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:59 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc00e0000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:23:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0xc, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  436.810195][T28833] FAULT_INJECTION: forcing a failure.
[  436.810195][T28833] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  436.823761][T28833] CPU: 1 PID: 28833 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  436.832715][T28833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  436.842770][T28833] Call Trace:
[  436.846054][T28833]  dump_stack+0x137/0x19d
[  436.850411][T28833]  should_fail+0x23c/0x250
[  436.854835][T28833]  __alloc_pages+0x102/0x320
[  436.859424][T28833]  alloc_pages_vma+0x391/0x660
[  436.862349][T28845] loop5: detected capacity change from 0 to 16383
[  436.864296][T28833]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  436.864322][T28833]  do_anonymous_page+0x16e/0x8b0
[  436.875177][T28845] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  436.876360][T28833]  handle_mm_fault+0x96f/0x1a70
[  436.895169][T28833]  do_user_addr_fault+0x60c/0xc00
[  436.900200][T28833]  exc_page_fault+0x94/0x230
[  436.905204][T28833]  asm_exc_page_fault+0x1e/0x30
[  436.910131][T28833] RIP: 0010:clear_user+0x60/0xa0
[  436.915136][T28833] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  436.915998][T28846] loop3: detected capacity change from 0 to 264192
[  436.934775][T28833] RSP: 0018:ffffc90011777de8 EFLAGS: 00010206
[  436.934794][T28833] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000e00
17:23:59 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  436.934811][T28833] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 0000000001009000
[  436.934822][T28833] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  436.934832][T28833] R10: 0001c90011777e47 R11: ffff888108fc7040 R12: 0000000001010000
[  436.934843][T28833] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  436.934856][T28833]  ? clear_user+0x36/0xa0
[  436.948181][T28846] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  436.955345][T28833]  ? clear_user+0x48/0xa0
[  436.955369][T28833]  evdev_ioctl_handler+0x11ed/0x17e0
17:23:59 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x902, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  436.955387][T28833]  evdev_ioctl+0x20/0x30
[  436.955403][T28833]  ? evdev_poll+0x110/0x110
[  436.965630][T28845] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  436.971508][T28833]  __se_sys_ioctl+0xcb/0x140
[  436.979667][T28845] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  436.987598][T28833]  __x64_sys_ioctl+0x3f/0x50
[  437.054158][T28833]  do_syscall_64+0x4a/0x90
17:23:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0xd, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  437.058652][T28833]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  437.064761][T28833] RIP: 0033:0x4665d9
[  437.068661][T28833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  437.088271][T28833] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  437.096773][T28833] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  437.104948][T28833] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  437.113013][T28833] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  437.121264][T28833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  437.129230][T28833] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  437.144056][T28846] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:23:59 executing program 1 (fault-call:4 fault-nth:93):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:23:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0xe, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  437.155423][T28846] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:23:59 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x500000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  437.222019][T28889] FAULT_INJECTION: forcing a failure.
[  437.222019][T28889] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  437.232361][T28890] loop5: detected capacity change from 0 to 16383
[  437.235442][T28889] CPU: 1 PID: 28889 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  437.247855][T28890] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  437.250726][T28889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
17:23:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x10, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  437.269975][T28889] Call Trace:
[  437.273289][T28889]  dump_stack+0x137/0x19d
[  437.277707][T28889]  should_fail+0x23c/0x250
[  437.282124][T28889]  __alloc_pages+0x102/0x320
[  437.286822][T28889]  alloc_pages_vma+0x391/0x660
[  437.291633][T28889]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  437.297178][T28889]  do_anonymous_page+0x16e/0x8b0
[  437.302387][T28889]  handle_mm_fault+0x96f/0x1a70
[  437.307287][T28889]  ? __list_del_entry_valid+0x54/0xc0
[  437.313791][T28889]  ? __switch_to+0x14e/0x4b0
[  437.318440][T28889]  do_user_addr_fault+0x60c/0xc00
[  437.323467][T28889]  exc_page_fault+0x94/0x230
[  437.328055][T28889]  asm_exc_page_fault+0x1e/0x30
[  437.332955][T28889] RIP: 0010:clear_user+0x60/0xa0
[  437.337924][T28889] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  437.357557][T28889] RSP: 0018:ffffc900119e3de8 EFLAGS: 00010206
[  437.363733][T28889] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000c00
[  437.372283][T28889] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 000000000100a000
[  437.380427][T28889] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  437.388403][T28889] R10: 0001c900119e3e47 R11: ffff88810017c080 R12: 0000000001010000
[  437.396368][T28889] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  437.404338][T28889]  ? clear_user+0x36/0xa0
[  437.408672][T28889]  ? clear_user+0x48/0xa0
[  437.413000][T28889]  evdev_ioctl_handler+0x11ed/0x17e0
[  437.418325][T28889]  evdev_ioctl+0x20/0x30
[  437.422733][T28889]  ? evdev_poll+0x110/0x110
[  437.427277][T28889]  __se_sys_ioctl+0xcb/0x140
[  437.431867][T28889]  __x64_sys_ioctl+0x3f/0x50
[  437.436523][T28889]  do_syscall_64+0x4a/0x90
[  437.440951][T28889]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  437.446934][T28889] RIP: 0033:0x4665d9
[  437.450871][T28889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  437.470565][T28889] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  437.479241][T28889] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  437.483651][T28890] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  437.487343][T28889] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  437.487357][T28889] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
17:23:59 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x11, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  437.498411][T28890] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  437.506328][T28889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  437.506343][T28889] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:23:59 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:23:59 executing program 1 (fault-call:4 fault-nth:94):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  437.611110][T28914] loop3: detected capacity change from 0 to 264192
[  437.626285][T28919] FAULT_INJECTION: forcing a failure.
[  437.626285][T28919] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  437.639570][T28919] CPU: 1 PID: 28919 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  437.642912][T28914] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  437.648343][T28919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  437.667604][T28919] Call Trace:
[  437.670915][T28919]  dump_stack+0x137/0x19d
[  437.675339][T28919]  should_fail+0x23c/0x250
[  437.679773][T28919]  __alloc_pages+0x102/0x320
[  437.684483][T28919]  alloc_pages_vma+0x391/0x660
[  437.689262][T28919]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  437.695048][T28919]  do_anonymous_page+0x16e/0x8b0
[  437.700001][T28919]  handle_mm_fault+0x96f/0x1a70
[  437.704937][T28919]  do_user_addr_fault+0x60c/0xc00
[  437.710053][T28919]  exc_page_fault+0x94/0x230
[  437.714742][T28919]  asm_exc_page_fault+0x1e/0x30
[  437.719633][T28919] RIP: 0010:clear_user+0x60/0xa0
[  437.724584][T28919] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  437.744539][T28919] RSP: 0018:ffffc900119f3de8 EFLAGS: 00010206
[  437.750891][T28919] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000a00
[  437.758860][T28919] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 000000000100b000
[  437.766830][T28919] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  437.774946][T28919] R10: 0001c900119f3e47 R11: ffff88812df2e080 R12: 0000000001010000
[  437.782940][T28919] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  437.790918][T28919]  ? clear_user+0x36/0xa0
[  437.795259][T28919]  ? clear_user+0x48/0xa0
[  437.799600][T28919]  evdev_ioctl_handler+0x11ed/0x17e0
[  437.804915][T28919]  evdev_ioctl+0x20/0x30
[  437.809164][T28919]  ? evdev_poll+0x110/0x110
[  437.813676][T28919]  __se_sys_ioctl+0xcb/0x140
[  437.818325][T28919]  __x64_sys_ioctl+0x3f/0x50
[  437.822993][T28919]  do_syscall_64+0x4a/0x90
[  437.824072][T28925] loop5: detected capacity change from 0 to 16383
[  437.827489][T28919]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  437.827516][T28919] RIP: 0033:0x4665d9
[  437.844037][T28919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  437.857103][T28925] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  437.863900][T28919] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  437.863924][T28919] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  437.889431][T28919] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  437.897405][T28919] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  437.905384][T28919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  437.913447][T28919] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  437.931510][T28914] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  437.942678][T28914] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  437.967530][T28925] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  437.978793][T28925] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:00 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xe03f0300)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x12, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:02 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa02, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:02 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x600000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:02 executing program 1 (fault-call:4 fault-nth:95):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x800, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:02 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  440.049874][T28974] FAULT_INJECTION: forcing a failure.
[  440.049874][T28974] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  440.062720][T28972] loop3: detected capacity change from 0 to 264192
[  440.063341][T28974] CPU: 1 PID: 28974 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  440.078568][T28974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  440.086097][T28972] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  440.088827][T28974] Call Trace:
[  440.088836][T28974]  dump_stack+0x137/0x19d
[  440.105570][T28974]  should_fail+0x23c/0x250
[  440.110113][T28974]  __alloc_pages+0x102/0x320
[  440.114719][T28974]  alloc_pages_vma+0x391/0x660
[  440.119568][T28974]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  440.125209][T28974]  do_anonymous_page+0x16e/0x8b0
[  440.130163][T28974]  handle_mm_fault+0x96f/0x1a70
[  440.135028][T28974]  ? __switch_to+0x14e/0x4b0
[  440.139820][T28974]  do_user_addr_fault+0x60c/0xc00
[  440.144891][T28974]  exc_page_fault+0x94/0x230
[  440.149755][T28974]  asm_exc_page_fault+0x1e/0x30
[  440.154662][T28974] RIP: 0010:clear_user+0x60/0xa0
[  440.159707][T28974] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  440.179355][T28974] RSP: 0018:ffffc90011b3bde8 EFLAGS: 00010206
[  440.185432][T28974] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000800
[  440.193407][T28974] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 000000000100c000
[  440.201404][T28974] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  440.209642][T28974] R10: 0001c90011b3be47 R11: ffff88812e7d1000 R12: 0000000001010000
[  440.217627][T28974] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  440.225648][T28974]  ? clear_user+0x36/0xa0
[  440.229988][T28974]  ? clear_user+0x48/0xa0
[  440.234327][T28974]  evdev_ioctl_handler+0x11ed/0x17e0
[  440.239630][T28974]  evdev_ioctl+0x20/0x30
[  440.243926][T28974]  ? evdev_poll+0x110/0x110
[  440.248438][T28974]  __se_sys_ioctl+0xcb/0x140
[  440.253041][T28974]  __x64_sys_ioctl+0x3f/0x50
[  440.257654][T28974]  do_syscall_64+0x4a/0x90
[  440.262082][T28974]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  440.270125][T28974] RIP: 0033:0x4665d9
[  440.274027][T28974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  440.294594][T28974] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  440.303023][T28974] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  440.311049][T28974] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  440.319524][T28974] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  440.327589][T28974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  440.335756][T28974] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:24:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x2000, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  440.361714][T28979] loop5: detected capacity change from 0 to 16383
[  440.373114][T28972] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  440.384307][T28972] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  440.391525][T28979] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:02 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x604000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:02 executing program 1 (fault-call:4 fault-nth:96):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  440.420385][T28979] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  440.431508][T28979] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  440.513648][T29010] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  440.515905][T29019] loop3: detected capacity change from 0 to 264192
[  440.527887][T29020] FAULT_INJECTION: forcing a failure.
[  440.527887][T29020] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  440.541811][T29020] CPU: 1 PID: 29020 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  440.550571][T29020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  440.560683][T29020] Call Trace:
[  440.563959][T29020]  dump_stack+0x137/0x19d
[  440.568343][T29020]  should_fail+0x23c/0x250
[  440.572747][T29020]  __alloc_pages+0x102/0x320
[  440.577334][T29020]  alloc_pages_vma+0x391/0x660
[  440.582093][T29020]  do_anonymous_page+0x16e/0x8b0
[  440.587085][T29020]  handle_mm_fault+0x96f/0x1a70
[  440.592155][T29020]  ? __list_del_entry_valid+0x54/0xc0
[  440.598919][T29020]  ? __switch_to+0x14e/0x4b0
[  440.603566][T29020]  do_user_addr_fault+0x60c/0xc00
[  440.608597][T29020]  exc_page_fault+0x94/0x230
[  440.613193][T29020]  asm_exc_page_fault+0x1e/0x30
[  440.618058][T29020] RIP: 0010:clear_user+0x60/0xa0
[  440.623097][T29020] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  440.642970][T29020] RSP: 0018:ffffc90011c13de8 EFLAGS: 00010206
[  440.649464][T29020] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000600
[  440.657444][T29020] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 000000000100d000
[  440.666259][T29020] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  440.674340][T29020] R10: 0001c90011c13e47 R11: ffff88812df16000 R12: 0000000001010000
[  440.682398][T29020] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  440.690555][T29020]  ? clear_user+0x36/0xa0
[  440.694979][T29020]  ? clear_user+0x48/0xa0
[  440.699327][T29020]  evdev_ioctl_handler+0x11ed/0x17e0
[  440.704641][T29020]  evdev_ioctl+0x20/0x30
[  440.708971][T29020]  ? evdev_poll+0x110/0x110
[  440.714258][T29020]  __se_sys_ioctl+0xcb/0x140
[  440.718877][T29020]  __x64_sys_ioctl+0x3f/0x50
[  440.723490][T29020]  do_syscall_64+0x4a/0x90
[  440.728203][T29020]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  440.734120][T29020] RIP: 0033:0x4665d9
[  440.738011][T29020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  440.757629][T29020] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  440.766144][T29020] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  440.774118][T29020] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  440.782088][T29020] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  440.790164][T29020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  440.798145][T29020] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:24:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x0, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  440.814132][T29010] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  440.818625][T29019] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  440.831408][T29022] loop5: detected capacity change from 0 to 16383
[  440.877193][T29022] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  440.896540][T29032] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  440.905538][T29019] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  440.916810][T29019] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  440.953569][T29032] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  440.988285][T29022] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  440.999412][T29022] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:05 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:05 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x700000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:05 executing program 1 (fault-call:4 fault-nth:97):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x2}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:05 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb02, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:05 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf0ff7f00000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  443.053881][T29053] FAULT_INJECTION: forcing a failure.
[  443.053881][T29053] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  443.067325][T29053] CPU: 1 PID: 29053 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  443.076095][T29053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  443.086271][T29053] Call Trace:
[  443.089560][T29053]  dump_stack+0x137/0x19d
[  443.094012][T29053]  should_fail+0x23c/0x250
[  443.097608][T29066] loop5: detected capacity change from 0 to 16383
[  443.098783][T29053]  __alloc_pages+0x102/0x320
[  443.098806][T29053]  alloc_pages_vma+0x391/0x660
[  443.105936][T29065] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  443.109824][T29053]  ? page_add_new_anon_rmap+0x26d/0x2c0
[  443.109852][T29053]  do_anonymous_page+0x16e/0x8b0
[  443.117625][T29066] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  443.123773][T29053]  handle_mm_fault+0x96f/0x1a70
[  443.123803][T29053]  do_user_addr_fault+0x60c/0xc00
17:24:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x3}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  443.123820][T29053]  exc_page_fault+0x94/0x230
[  443.134023][T29060] loop3: detected capacity change from 0 to 264192
[  443.134471][T29053]  asm_exc_page_fault+0x1e/0x30
[  443.146533][T29060] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  443.148512][T29053] RIP: 0010:clear_user+0x60/0xa0
[  443.148538][T29053] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  443.156943][T29065] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  443.158472][T29053] RSP: 0018:ffffc90011c0bde8 EFLAGS: 00010206
[  443.158489][T29053] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000400
[  443.158502][T29053] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 000000000100e000
[  443.235383][T29053] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  443.243511][T29053] R10: 0001c90011c0be47 R11: ffff88810891a040 R12: 0000000001010000
[  443.251527][T29053] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  443.259535][T29053]  ? clear_user+0x36/0xa0
[  443.263914][T29053]  ? clear_user+0x48/0xa0
[  443.268355][T29053]  evdev_ioctl_handler+0x11ed/0x17e0
[  443.273701][T29053]  evdev_ioctl+0x20/0x30
[  443.277953][T29053]  ? evdev_poll+0x110/0x110
[  443.282563][T29053]  __se_sys_ioctl+0xcb/0x140
[  443.287340][T29053]  __x64_sys_ioctl+0x3f/0x50
[  443.291927][T29053]  do_syscall_64+0x4a/0x90
[  443.296382][T29053]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  443.302293][T29053] RIP: 0033:0x4665d9
[  443.306186][T29053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  443.325998][T29053] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  443.334406][T29053] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  443.342372][T29053] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  443.350449][T29053] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  443.358415][T29053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  443.366380][T29053] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  443.383168][T29066] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:05 executing program 1 (fault-call:4 fault-nth:98):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  443.394298][T29066] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  443.402742][T29081] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  443.409079][T29060] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  443.429114][T29060] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  443.437228][T29085] FAULT_INJECTION: forcing a failure.
[  443.437228][T29085] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  443.456870][T29085] CPU: 1 PID: 29085 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  443.465642][T29085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  443.475700][T29085] Call Trace:
[  443.479184][T29085]  dump_stack+0x137/0x19d
[  443.483682][T29085]  should_fail+0x23c/0x250
[  443.488106][T29085]  __alloc_pages+0x102/0x320
[  443.492741][T29085]  alloc_pages_vma+0x391/0x660
[  443.497518][T29085]  ? page_add_new_anon_rmap+0x26d/0x2c0
17:24:05 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x800000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  443.503082][T29085]  do_anonymous_page+0x16e/0x8b0
[  443.508119][T29085]  handle_mm_fault+0x96f/0x1a70
[  443.512987][T29085]  ? __switch_to+0x14e/0x4b0
[  443.517704][T29085]  do_user_addr_fault+0x60c/0xc00
[  443.522792][T29085]  exc_page_fault+0x94/0x230
[  443.527394][T29085]  asm_exc_page_fault+0x1e/0x30
[  443.532266][T29085] RIP: 0010:clear_user+0x60/0xa0
17:24:05 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  443.537207][T29085] Code: 4c 89 f0 48 01 d8 72 53 4c 39 f8 77 4e e8 88 a2 8e ff 0f 1f 00 89 d8 83 e0 07 48 c1 eb 03 48 89 d9 4c 89 f7 48 85 c9 74 10 90 <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a
[  443.557377][T29085] RSP: 0018:ffffc90011c0bde8 EFLAGS: 00010206
[  443.563456][T29085] RAX: 0000000000000000 RBX: 000000000000c000 RCX: 0000000000000200
[  443.571628][T29085] RDX: ffffc90002193000 RSI: 000000000000001f RDI: 000000000100f000
[  443.579608][T29085] RBP: 0000000000000000 R08: ffffffff8194e256 R09: 0001ffffffffffff
[  443.587647][T29085] R10: 0001c90011c0be47 R11: ffff88812e766080 R12: 0000000001010000
[  443.595697][T29085] R13: 0000000000000000 R14: 0000000000fb0000 R15: 00007ffffffff000
[  443.603667][T29085]  ? clear_user+0x36/0xa0
[  443.608016][T29085]  ? clear_user+0x48/0xa0
[  443.612343][T29085]  evdev_ioctl_handler+0x11ed/0x17e0
[  443.617665][T29085]  evdev_ioctl+0x20/0x30
[  443.621896][T29085]  ? evdev_poll+0x110/0x110
[  443.626607][T29085]  __se_sys_ioctl+0xcb/0x140
[  443.631196][T29085]  __x64_sys_ioctl+0x3f/0x50
[  443.635787][T29085]  do_syscall_64+0x4a/0x90
[  443.640238][T29085]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  443.646304][T29085] RIP: 0033:0x4665d9
[  443.650328][T29085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  443.670201][T29085] RSP: 002b:00007f938ed7b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  443.678839][T29085] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  443.686809][T29085] RDX: 00000000200002c0 RSI: 0000000080104592 RDI: 0000000000000003
[  443.690128][T29081] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x5}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  443.694783][T29085] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  443.694798][T29085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  443.694809][T29085] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
17:24:06 executing program 1 (fault-call:4 fault-nth:99):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  443.755145][T29098] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  443.764128][T29098] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  443.794906][T29108] loop5: detected capacity change from 0 to 16383
[  443.795935][T29109] FAULT_INJECTION: forcing a failure.
[  443.795935][T29109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  443.809329][T29108] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  443.814520][T29109] CPU: 1 PID: 29109 Comm: syz-executor.1 Not tainted 5.13.0-rc2-syzkaller #0
[  443.832338][T29109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  443.842646][T29109] Call Trace:
[  443.845930][T29109]  dump_stack+0x137/0x19d
[  443.850305][T29109]  should_fail+0x23c/0x250
[  443.854734][T29109]  should_fail_usercopy+0x16/0x20
[  443.859775][T29109]  _copy_to_user+0x1c/0x90
[  443.864203][T29109]  simple_read_from_buffer+0xab/0x120
[  443.869581][T29109]  proc_fail_nth_read+0xf6/0x140
[  443.874615][T29109]  ? rw_verify_area+0x136/0x250
[  443.879465][T29109]  ? proc_fault_inject_write+0x200/0x200
[  443.885570][T29109]  vfs_read+0x154/0x5d0
[  443.890158][T29109]  ? evdev_ioctl_handler+0x1751/0x17e0
[  443.895637][T29109]  ? __fget_light+0x21b/0x260
[  443.900411][T29109]  ? __cond_resched+0x11/0x40
[  443.905124][T29109]  ksys_read+0xce/0x180
[  443.909314][T29109]  __x64_sys_read+0x3e/0x50
[  443.913818][T29109]  do_syscall_64+0x4a/0x90
[  443.918249][T29109]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  443.924193][T29109] RIP: 0033:0x41935c
[  443.928075][T29109] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[  443.947933][T29109] RSP: 002b:00007f938ed7b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  443.956351][T29109] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000041935c
[  443.964426][T29109] RDX: 000000000000000f RSI: 00007f938ed7b1e0 RDI: 0000000000000005
[  443.972589][T29109] RBP: 00007f938ed7b1d0 R08: 0000000000000000 R09: 0000000000000000
[  443.980592][T29109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  443.988598][T29109] R13: 00007ffdaf298d0f R14: 00007f938ed7b300 R15: 0000000000022000
[  443.996625][T29108] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  444.008084][T29108] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  444.027071][T29112] loop3: detected capacity change from 0 to 264192
[  444.063317][T29112] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  444.148154][T29112] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  444.159410][T29112] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:08 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:08 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc02, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:08 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:08 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x900000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:08 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:08 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x2, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  446.110866][T29145] loop3: detected capacity change from 0 to 264192
[  446.111006][T29146] loop5: detected capacity change from 0 to 16383
[  446.128158][T29146] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  446.131837][T29145] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:08 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x7}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  446.169797][T29146] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  446.169847][T29145] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  446.169869][T29145] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:08 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x4b47, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  446.181068][T29146] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:08 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:08 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x4b49, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:08 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  446.256415][T29174] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  446.287911][T29174] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  446.327105][T29187] loop5: detected capacity change from 0 to 16383
[  446.336362][T29187] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  446.353004][T29187] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  446.364124][T29187] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  446.395902][T29199] loop3: detected capacity change from 0 to 264192
[  446.411845][T29199] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  446.472712][T29199] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  446.484216][T29199] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:11 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x8}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:11 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x541b, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:11 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xe00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:11 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:11 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:11 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5421, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  449.135522][T29222] loop5: detected capacity change from 0 to 16383
[  449.150413][T29222] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  449.159481][T29231] loop3: detected capacity change from 0 to 264192
[  449.162242][T29233] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  449.168647][T29231] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  449.207607][T29231] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  449.210371][T29222] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  449.218794][T29231] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x9}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  449.229922][T29222] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:11 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5450, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:11 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:11 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:11 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0xa}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  449.289000][T29257] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  449.312630][T29257] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  449.368686][T29269] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  449.403119][T29276] loop3: detected capacity change from 0 to 264192
[  449.403189][T29277] loop5: detected capacity change from 0 to 16383
[  449.428374][T29276] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  449.439904][T29277] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  449.470440][T29277] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  449.481612][T29277] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  449.497600][T29276] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  449.508809][T29276] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:14 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:14 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5451, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0xb}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1004, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:14 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:14 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0xc}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  452.162177][T29313] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  452.164073][T29314] loop5: detected capacity change from 0 to 16383
[  452.176325][T29311] loop3: detected capacity change from 0 to 264192
[  452.184670][T29314] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  452.188314][T29313] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  452.194737][T29311] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:14 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  452.238187][T29311] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  452.249319][T29311] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  452.264232][T29314] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1020, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:14 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5460, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  452.275433][T29314] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  452.279985][T29334] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:14 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0xd}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:14 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40044581, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  452.392042][T29351] loop5: detected capacity change from 0 to 16383
[  452.404406][T29351] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  452.434041][T29356] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  452.462162][T29351] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  452.473276][T29351] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  452.488950][T29356] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:17 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:17 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40044590, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:17 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xe00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0xe}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:17 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1100, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:17 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc000000000000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:17 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40044591, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  455.188468][T29392] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  455.198311][T29390] loop3: detected capacity change from 0 to 264192
[  455.205729][T29395] loop5: detected capacity change from 0 to 16383
[  455.212944][T29390] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  455.223404][T29395] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:17 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x400445a0, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:17 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x10}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  455.241880][T29392] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  455.278043][T29390] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  455.289194][T29390] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  455.323552][T29421] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:17 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40049409, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:17 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xe02000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  455.343039][T29395] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  455.359039][T29395] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  455.369464][T29421] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:17 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1200, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  455.481286][T29440] loop3: detected capacity change from 0 to 264192
[  455.489553][T29440] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  455.520817][T29440] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  455.532046][T29440] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  455.549167][T29448] loop5: detected capacity change from 0 to 16383
[  455.566410][T29448] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  455.623329][T29448] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  455.634806][T29448] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:20 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x11}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:20 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40084503, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:20 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:20 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1600, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:20 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xc00e000000000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  458.205614][T29472] loop5: detected capacity change from 0 to 16383
[  458.213625][T29472] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  458.225219][T29483] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  458.238092][T29472] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x12}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:20 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40084504, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  458.240496][T29483] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  458.249231][T29472] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  458.278744][T29493] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  458.284677][T29482] loop3: detected capacity change from 0 to 264192
[  458.295858][T29482] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:20 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1800, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:20 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  458.317764][T29493] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  458.355057][T29482] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:24:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4200}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:20 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40086602, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  458.366302][T29482] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  458.405085][T29516] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:20 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffffffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:20 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40087602, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  458.435169][T29524] loop5: detected capacity change from 0 to 16383
[  458.457708][T29516] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x5b00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  458.503759][T29524] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:20 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40104593, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  458.556400][T29535] loop3: detected capacity change from 0 to 264192
[  458.583134][T29524] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:20 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x3}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  458.594372][T29524] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  458.616012][T29535] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  458.676048][T29535] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  458.687181][T29535] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:21 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0xe03f030000000000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:21 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x401c5820, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:21 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:21 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1900, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  459.649969][T29583] loop5: detected capacity change from 0 to 16383
[  459.666156][T29583] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  459.692130][T29583] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  459.703714][T29583] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:23 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:23 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x4020940d, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x5}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:23 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1b00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:23 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x2c0840, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0xfff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3}, 0x1c)
connect$netlink(r1, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfd, 0x10}, 0xc)
bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbff, 0x400}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000b4bffc)=0x5, 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180100000001010400000000141a000002000000240001801400018008000100ac1e000108000200ac1414aa0c00028005000000240002801400016e08000100ac14140008000200ac1e00010c000280050001000000000060000d80080002000a01010224000380060002004e210000060002004e230000060002004e280000060001004e23000008000200ac14140c140005000000000000000000000000000000000114000380060001004e200000060002004e2200005c000d800800016e7f00ac1e00010c00038006000200000000001c002d1099c3dd5718100380060001004e240000060002004e200000060002004e22000014000380060001004e200000060002004e22000014000380060002004e240000060001004e6100000000"], 0x118}, 0x1, 0x0, 0x0, 0x4}, 0x240c8051)
ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000080)='caif0\x00')
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x1, 0x2, 0x201, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x6c71}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000000)

17:24:23 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1000000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:23 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x40284504, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:23 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)

[  461.375049][T29611] loop5: detected capacity change from 0 to 16383
[  461.382242][T29621] __nla_validate_parse: 6 callbacks suppressed
[  461.382255][T29621] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  461.389698][T29611] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  461.413619][T29620] loop3: detected capacity change from 0 to 264192
17:24:23 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80044501, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  461.441128][T29620] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  461.458103][T29621] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x6}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  461.488673][T29641] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  461.497009][T29611] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  461.508113][T29611] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  461.527638][T29620] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:24:23 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1fff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:23 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80044584, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  461.538942][T29620] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  461.568207][T29657] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:23 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1004000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  461.614180][T29657] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:23 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80084502, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:23 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x8}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  461.666624][T29670] loop5: detected capacity change from 0 to 16383
[  461.675224][T29670] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  461.706771][T29682] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  461.723275][T29670] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  461.734361][T29670] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  461.754505][T29687] loop3: detected capacity change from 0 to 264192
[  461.761433][T29682] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:24 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80084503, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  461.776627][T29687] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  461.827217][T29687] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  461.838506][T29687] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  462.223944][T29710] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
17:24:24 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_LABELS={0x10, 0x16, 0x1, 0x0, [0x8, 0x0, 0x3ff]}]}, 0x74}}, 0x0)
getsockopt$netlink(r1, 0x10e, 0x5, &(0x7f0000000080)=""/182, &(0x7f0000000000)=0xb6)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:24 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x9}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:24 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80084504, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  462.721277][T29714] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  462.736085][T29714] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:26 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:26 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:26 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80086601, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:26 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1100000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:26 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r2, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="7c0000000001010400000000141a000002000000240001801400018003000100e000000108000200e00000010c0002800500010000000000240002801400018008000100ac14140008000200ac1e00010c0002800500010000000000080007400000000018000d8008000100ac1e00010c0003800400020000000000"], 0x7c}}, 0x0)
setsockopt$sock_int(r3, 0x1, 0x28, &(0x7f00000000c0), 0xfffffffffffffd7d)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000000)={<r4=>r2, 0x8, 0x3, 0x2})
connect$netlink(r4, &(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x2}, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'geneve1\x00'})
preadv(r2, &(0x7f0000002680)=[{&(0x7f0000000180)=""/127, 0x7f}, {&(0x7f0000000200)=""/194, 0xc2}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000000100)=""/58, 0x3a}, {&(0x7f00000013c0)=""/252, 0xfc}, {&(0x7f0000002500)=""/185, 0xb9}, {&(0x7f00000025c0)=""/42, 0x2a}, {&(0x7f0000002600)=""/63, 0x3f}, {&(0x7f0000002640)=""/62, 0x3e}], 0xa, 0x6, 0x4)

17:24:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0xa}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:26 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80087601, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  464.470386][T29741] loop5: detected capacity change from 0 to 16383
[  464.476741][T29745] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  464.478507][T29741] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  464.488379][T29739] loop3: detected capacity change from 0 to 264192
[  464.503564][T29739] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  464.527037][T29742] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  464.544739][T29741] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  464.546007][T29739] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:24:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0xb}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:26 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1200000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  464.555857][T29741] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  464.567017][T29739] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:26 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x801c581f, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:26 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2010, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:26 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x10}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:26 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80284504, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  464.714209][T29779] loop3: detected capacity change from 0 to 264192
[  464.745689][T29779] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  464.763570][T29797] loop5: detected capacity change from 0 to 16383
[  464.781512][T29779] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  464.792810][T29779] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  464.808289][T29797] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  464.843022][T29797] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  464.854456][T29797] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:29 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)

17:24:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x11}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:29 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0xc0045878, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:29 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1600000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:29 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2200, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:29 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x82100, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB="70020000000405002bbd7000fcdbdf25070000015a010be00b51d90d7140600a8e0c0e1e1ed04e48389e059c4057cbb97e629404538683e840d344c0efb95dab0dcd1efc41128feee45a37ccafe1ce1b8bd1c0a3d6b161e5cf43dde2691da204bf4fb74644373a486693f05475d074ac2c79b20ded92816ccc068c20459d8916bd34f305eb0c36fde881f445dcfe44b28092006eeb6ed40f609cfecb94ab9ebbc57f42dcc45b6ab8878d8fb4254b22accf61ac1242dea14403ba57ed35d3f43824d47b39c9d239ab339cd5accf55f31cc87d80a210d6049073228fad5611967202a3ba4ff7ac765e127b5dfca7754e7fa07bdf426eb5b3ffe967a6077548ef1588badefdb41514d708b4099d777f83d1090f53885a09096cc084e82c273e0dd19a6fbe1d9a8d483e78dc984e0cff9bc0356dc25bed52c38fa9083f29dda9a423f3bdb370b0af52f40060081118b4f20c5e20ad73673478a97bb0ca035a052ccde63bad866b1918657a219c50ffad0000ae518d27f86a0e768df255b01bee30d5ba2a89af9ab91bc193848317dc83168c0249aa85c4844382539251cce755e77d83c8eda2293a57ea8a4b04752174061c2cc6845039519b885afbcca97bc2b4b50a22d61ec7efff65d9063c3548e332cc9f86bcd26f50b7d1ce7d29a8b9a1f4f45faa74d9e3675a834c2535bdb547c52903b3b9acf6aecbae6ec135f537f16055d63e9ea9d094ed168c9bd0024a246180980d32d1aeef07d5df6e0140b059b052f38840378f98afdafcc45326d237e0b458135a9af9ab99857c1ba1643f10dc5c745be06719e869f6f073763964a9b024e8161765be934630c6e12ea564228a526b557f68f88b581423d1dd3f6971e000"], 0x270}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000000)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x29, 0x92, 0x3f, 0x5, 0xb, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10, 0x10, 0x8, 0xfffffff8}})
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  467.492671][T29825] __nla_validate_parse: 8 callbacks suppressed
[  467.492684][T29825] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  467.499668][T29827] loop5: detected capacity change from 0 to 16383
[  467.511221][T29825] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  467.515196][T29828] loop3: detected capacity change from 0 to 264192
[  467.533213][T29828] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x19}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:29 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0xc0045878, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  467.535948][T29827] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  467.586073][T29848] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  467.595789][T29828] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  467.600165][T29827] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  467.606871][T29828] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:29 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2500, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:29 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0xc0189436, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  467.618131][T29827] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  467.645083][T29848] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
17:24:29 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:29 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0xc020660b, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  467.739625][T29869] loop5: detected capacity change from 0 to 16383
[  467.748968][T29872] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  467.766584][T29872] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  467.771713][T29869] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  467.839214][T29869] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  467.850620][T29869] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x2}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:32 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

17:24:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:32 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2e00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:32 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x80, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0xc, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x81}]}}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffffffff}, @CTA_NAT_DST={0x24, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @private0}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}]}]}]}, 0x80}}, 0x8004)
bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfe, 0x2000000}, 0xc)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc)=0x3, 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x4008f50a, &(0x7f0000000080)={0x80, 0x1ff})
tkill(0x0, 0x3c)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000002c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xcc, 0x2a, 0x200, 0x70bd26, 0x25dfdbff, {0x1c}, [@generic="28c14eec556f06eb3b4e840f2f3b0736de8a284af269aaf141adcb38a2a47d02651672c5808264820b9e571f4c5722f206c4d02ba6f6383995d8c641d8", @typed={0x8, 0x6e, 0x0, 0x0, @pid}, @generic="5965c9ebd4e00b7a5f24d6a9913bcc782ec26a80f70813137e15ea52b8efbddd8da1e1080687965fb8e0627767c98342a0275b7a6fff83e2090fa34296ccaa0de0f03d4f57e899ff5a45", @generic="c34b34a5f05608a538b5d41a892f4de845882cb9", @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x8, 0x2e, 0x0, 0x0, @u32=0x3}, @typed={0x8, 0x63, 0x0, 0x0, @u32}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4084}, 0x60aab1079ea14e55)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE(r0, 0x50009401, &(0x7f0000000340)={{r3}, "a62c551dbcbfc62b3c3dc784d852811701fc0e26421b13b416a16d990bfd5a35983fce8aa6b7884f3794578ecbad804246c98279247d29be7dd94e1e8a913bd600142fc0aa40d6fd86cff44449191eb74527b551a5c04a638d236ec643d47f3c6a8e972453730e0d5a6e3383037ebc9f54cbe1d0dc368b54dc6712c5a925681695f8ee97e112f98e5ffea72a1711ae0a2af6eb04326d90dae18182a0a88c066c976903f771b529154ee61acf6ed345c041a940acbe2429dcc57bc2084bace402f4d8415d30ffb77e3e98882c9b1eef40c0ff453a3322753e40e03ab59997684c9c162f74b17f69a4f36c1774ef8be9b8b2345937a6a4580a96680f9c8d945b97bbcaea95f17c6195cb0dad4036a9a3bf0ec98c3731dd981751eb5a75642f2de03aba385d89a419d1aac5c4ee74b8949ec70a04e11d80fa5f1983b7aebfc31e6f7e306df9055d1aed746195e0ab16d4095b89ff8f534faf8e49c474d4bc849295a9bad7455439abba24df70486da79313f951ed6cb90162527b5ab1b4d6f3ce63d2b4bcaa8f8b32e278e00a0651349431ae0702f61c47651b324fd50f4da633f9acc615fd1dc79c564b5ba964f524895cf2f2daa226eda21e2b534bdccfe4a90177cf2d1e1e841070ae8c73ea7b654a1e945f8f71f96d7e4a5a9b4ba7604e5c53f1e7ca56b59d0442433ce8753b8ffe22bdf101f8b0c7b14b0aaaaed90cd0fc75c8a3a885db9ba412393ad6304376906071d5f79ba74f8a918527f774d38d87784b15e4915867063dd64a6efcf38a2bf0fd369e21d3d5380da367654f4e240627f0c04b412262faaa7a9fa1ea9af0801ba18325a92de5f1e054d0b7c92cb9177b35b0a6bc4e197beccc10484c263d9c9392b8e0196168edc25c92797b45c8dc2b53c8db9423415099e7d3e87d615736152c552ee128b94aafbcc6ff94988d0a9445dec7ac36f345ebeb27941e286c5e79206117babe682a2a7ab922ed397561f3eb89172d1534fbfd8d5ed74e5b8c84fdcc599f0954a9d8ecd7c0521d10e47bdf1782f67184f3fbde4901c662b80e588749ddecfcc44577e5c4c5dc900142fc958cc1e973add9ddff31257a1dac52913d1e085066a904776a8efc4321dd28798539b332289b5ecdc9290d549292c3ce4778905017b3cea5471e10ff08945cd7c8062caa50a13c792b79badc55da38ddb95b49f8f2e67b6c91128a3b2e7ef5873be68b1816268f7abcee0211ee73d0792544c1e8d899e731ccd82786ac7c541dd74eca156abd7a3997872080ed34d966a43658aaf8141da16a1d9e81a8417fc6b4459a4f333e42a7bf1051a6abab6d97661d456e1bfce6828eaf60fb50a3ba020833f7a76cf369234f09eb028f95cc885b44d9f5d02e778777573f12ae4229ef56b289042f95878b51cde2c7a351a4152ae7197913b9e90e2e2d1e111409ec07054d5eda0ac4619cc2416e2ad2b58a9fef8866630f614ff708537d0249015553080d4b266eebba7425f602e7be8627460de4c8252b9519a9286575b5b4e1ef17bf2f42e705b4b710e88306853b97927e94ba08245a17528784d52893e826d7ada55c04cfd38d8a8ea6cce9ba7fa50f56f910dd27bf65b12000e4e576e57bfa48c43b2953403fa025081646247937a8441a0dedece93ff588ddffed70ce123b015764829acc5b0fc81b09be891c98c19a67376a447c192f23fb8fc71bd264c2e9cc17c302bd3577d24f9ef8ac218e404e95c0131108d5e02b7fe18366475872f8dc23206d19127f116f4a3fbc7405783e1babe06a2ce8df374717cd7660315b385b08aec6af06fed4fa55c23d39816865286765189972ee8b167c635b6447167d8a789f9479445c4d85662acc5dd585532062ad557b17c4a74ce6481ff7a202075e90db3aa91e91f7f2292bd86dc33976609d1c3fab4b2c9dd5ae6097867d94280b56a37cd234f552b9a94f45403ab715cbadac6b79d704f51ca20f0a97a71e958fac4305c21e337a490e387709a94942c0558b41060fe4e74319164eb8d50e704b47b83d8e25b8210297db434b06f0f45da15d748047c7a0daa545ed081120fd80f350816a0c94ec11fea1b68ea2dde82d8eff9b9ca46643ab7624a42975ab179c60d67dcf830f78b39f61719b21be172e34ce188136b3e92e0dcce7fef4cb2c83b5fa14a96f8f9f4899be7822cec8c156a177c9c295888c845a5012e1f4837098200ed10c02963e95017ef3f131d071c2646e70c3f0cbd3a4c479d80f86c4dc05a966dcea02a315742eaeec709cb82cee7809eef3932dbf25113b3fe25aca3fc3bf7826030de7efde43d9324c111c83b171b9b3dd222bfda537ab9947968dc02217d41a56334b2aeb1e89ce91bfee2c7a58d16f9bdcc85bdfbfc3ed58f8c00972033d91f6be1fcd6b499e51e64a54a32b546c1255e0ad3df62b2bc46922b49550627030010bd56d6cc360c4921768190e5e1b10e61b2c94d0f674863189eba22457e13fdb3cc96f5af19a9edcd1bac624894cbfbcc50bec78a10f3084d623167bb1ce9a7491ffcff3ed97e880c08f3364eef9772ed9928b2e0fb490dde4b795d91aa334fe3a68d72a7c0772a021431930ac3117a7ec2e151f1968c64b6329ac95e2d1878242023a1ee381eddd87c5df88e61493c5ca3aeb2c42a50f1dccd414359c3eb8f4f1682814e74f74c14ac0f3a628d81199f298fe6b429e3d79638ea7fc510632f73a6fb064cf04096ecde9ad22cf6c4f321ada9711343e817194c64cbc55927b8d2cd4bb850b9731b0926e21a78e42e8dc225cf47ccbe125ce7b7360f9ced03e464a3267e746716bfe21377f43fdcde9080600f2107ccef86bb1adf7c65163dd2f1a9676a2096e7d2f7bccacf8b098e84ec0240d8870405374ea42060eddc7dae575e60e8454e45b3774cb81b7d9254fe23b32d97538da9ffaa0bd1027b46f6483c2c5a489cfc54333bbcde524d8b53fd8657d134e4f2131e84c38df790629019bb665e2b5818a04e80a7a58e163fb53be352b3048eacb7fe2a8b4499582fabd0254698284ebbac7dde68e2bb5ac66014e7d7dec8365fa306945ba5813b5fae4142f302effea358f6e4ad5510b6ac1c923c30e1375dea7138f32a9ee5789ac5752d52f4fc6c020ae1d29c1b4c4c644850fbbebf9cdc04a798b7bd131e11fb545f6c4113b3856fe2d36ebff24d1b382ad617248d79e92dfb8018be15a961718231d5431ec11994a60b85add274f97c0febaf775753566f7c776f0853eaf35418ea76e8d8f5726c1279dc98e6d5a7af01cbb93b3dc39af184e7deb0a1ce3280a265bb8a99f9dd5fd6db762bacc6e42c55680b057969afe56f7cc1e5df23c0517917ca2d4d805e9edfd02a2135d69c5c6e6c6a7a3dd84c5b10fda0b20f609b0fe6fe4bd041f1edfd34c3f71dc18378ffa299695df9892397b97ac947b674558e1653bb754a8688bd79b51ac5eeb0545cca1d142454f4768b080f398f66a33dcf1430b25fd2cf7f6cb849a551231d56b1c71228cc05c926bcf3e7af23ef651037f397677e300e11c350cc34b6e775ab9304f378ec27d7dd6937891c592fb75d8e579e7d023ada7a39c4d85ea39042a03674a3ef8eb43204f1bbbf47ea69a7ce2134e2b8eb3fb80cc97a75ae4112ccdf21e1db004630a5b384c90a31129873c2ab93767edfa9a23aa1a166fb56b4e19b012122d5caab91b6cce691f6459801dd220f4701626fa9f097c867398cb55a2d5ee6651a1b05c48463c61e844a8213a31a0ab5cacb528316920e983a68dd8cf2effe0ab16967958f97fcdecfd8104cda6f37eeb5c396968587caf52797a9f3ffb98b9cbb9caa3f789bcbfe78a8cd7f22e4768583725fad0d26c988b6ef0d7ce2e30af7937564616c376ae2d4f9ea7b4d0291fc68c0e44474c32ad24091df3a3b704cdb6f4646765db4d9e517ea4822d549e447f67bcc267b36602c266169e6637a1093cf5e4988b4eb62b802fd9908ed65ab91f6e48b20441fe38e5b5336b60c1672209178880bbcb4522232b16f24b833714e2c23f9b605966837ca235fb3bbed71ba9afc5992d02621ca25110016631d42f665e49bc5366cc86c3fd8ba918ded0daece68c5b6096d0f276f8d77a8ae36396d5de3107830a6ed92b76b1039b2a4e5b3e0f89eed749b79ed48ec27000da555b9854b6344f5567362fa7c9ef4692fd732e42f2d467be4f48ceb06bb6a5578c145ca091d08ce587bf62fae7f69cb8150d0ffc14a9bf82e147a4ac65fa88cc9e156d7e567426ea0fb61f0a67d537aff9bfb4a624a07dc3e4de42a070624c841d40840b9ccdf23c769f4baf6aa9c8f9f67087c5b7042a17345a9bb8d04a7b577bac2e3a22db8f57d351809361affcaa477d46dfcada1dd37f792a24ac846edffade9aed17699df0d7096e92a370ac7cd36fa3a43fbd72f4d1f7480f9eabd32037bfebcd5c6c3cc950e807db563a05cd7c122752a2690b6e22c1056a97088b2b2cfc699fe10c28f73e2ad68725a56ca801149a39e88c40d09b11ea54feed2d5561b54939a9ad98f26026533fdcdb2112ec82b7430ed1a01ebf869a8927e7c167876d8a543d91dde344c3e199050d8b94beddb50cfcda17c8466f030b1c22273d6471bac4244612e06c65ed3184352987ac492c03f8af6ea5b7fcb3a00e357c2a2de41bee0f8df8f9733658bc3faf5de43ee8f94fae9457affc5e29d7865cd80f624fa7adbf88d696b0bfc88c909e78ab07f4e48580399f050501a01f3b157f25c90e09542412264f81a48247174f3c72adb0d2fe557d44ea8f28881315d0c54bc053d76066a770d9f7935d5fad04e2742a74b5d066e8baf2f5d118e16ce4105f879b817004a6ab0aa7077738d5f8c9f34d3613f1209dd86e1a6256ec7a7028a4bce3d7d9d549e6a65317b4204f39ab04700b650ed2d7affb0e02786341420df64252e1000062376da5828325323fc59241735416b09d28aed5babbb91490f1ef2a93bbe61480e485a271e6b50eb74d7598a28143b2fb8fca7e40f3afa2850f7ee3459ee2384805d5dbe6a37d9055c8799e5c270ec2774c484241e7c472e507e9f99a888b203a79de6e5f5911ce2315ed1d714bbc567f0bb7de546b2e86186a17c074733bfaa723aebb240b08f572c478e57eb42ef5a1d60b2ec344f2aa63d459b332bb6fcc48babb8adad8f2bcdecabcbc48188f6491bea434924c2ea9295c5d2159aed7acf53f8e4375647990698e58dccd7a4c4a217a2b83d12b23bc43d8c3d2e8242a5abd8db07789f4fa5d26ecfc1360871797483db79e9c2653cb225ae3c45cd9c27b0ea000e416dece9e461089096aa5846a0bd1592eaaec1b2ebe6af28eab133523d89567d9ac42e05e8039f204c4cda47354507f968cc6e4a23b0daf2be1db2af04beef0f1d280cf8bc398fb019a89adb3d966c45b756fca6452bc50e728b064a0a05a910b24daecd1fe79c5c6aea785653702c04d716b7534f560795fd73570026960771ccb86f063b0a01760ec786bea684cdaab6fc51a3d719df25d016dc3bbed9b4941867f84a207471242ad826a0323f7b619b3b25e4f95ed2c0b63f5d8173a286f64fd1fddcd22d4635205de2f104bfa448fe4959f8e0f8f5866e6229e5e7171fbcf05194373f8b68574a5e77aa79ea81dd9009c09cb2372ad4febc0eebe0822344bfcfbd457ae978457792c3faa350195d2fcf74bb2aea697258adaa92a15157861a5e2c113f7b2b829a19c33d2fb46afc93099bc518725f6d6db9ea3ee59fba4974bad161e4e407ebb90f0ae01a046"})

17:24:32 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1800000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  470.516672][T29900] loop3: detected capacity change from 0 to 264192
[  470.525091][T29900] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  470.530805][T29903] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  470.555727][T29911] loop5: detected capacity change from 0 to 16383
17:24:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x10, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x3}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  470.562592][T29918] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  470.574913][T29911] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  470.588200][T29900] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  470.599473][T29900] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:32 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1900000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:32 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x2000, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  470.624059][T29911] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  470.627205][T29933] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  470.635361][T29911] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:32 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  470.688502][T29933] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  470.720497][T29941] loop3: detected capacity change from 0 to 264192
[  470.725652][T29948] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:33 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3200, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:33 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x4000, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  470.735349][T29944] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  470.745556][T29941] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  470.793219][T29948] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  470.807406][T29941] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  470.818591][T29941] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  470.878022][T29963] loop5: detected capacity change from 0 to 16383
[  470.894281][T29963] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  470.943734][T29963] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  470.954852][T29963] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  471.365612][T29982] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
17:24:35 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

17:24:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x5}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:35 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:35 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1b00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:35 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3702, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:35 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x81, @media='udp\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x44810)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:35 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x10, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  473.537976][T29989] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  473.552878][T29993] loop5: detected capacity change from 0 to 16383
[  473.560776][T29993] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  473.566619][T29989] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  473.578900][T29996] loop3: detected capacity change from 0 to 264192
17:24:35 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x6}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  473.589004][T29995] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=29995 comm=syz-executor.0
[  473.606120][T29996] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  473.625678][T29993] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:35 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x2000, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  473.636901][T29993] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  473.659890][T29996] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  473.664895][T30025] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:35 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2000000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:35 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3f00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:35 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x4000, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  473.671006][T29996] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  473.680609][T30025] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  473.753327][T30032] loop3: detected capacity change from 0 to 264192
[  473.766121][T30032] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  473.782844][T30032] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  473.794123][T30032] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  473.844606][T30047] loop5: detected capacity change from 0 to 16383
[  473.860514][T30047] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  473.889919][T30047] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  473.901377][T30047] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  474.394118][T30061] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=30061 comm=syz-executor.0
17:24:38 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0)

17:24:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x7}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:38 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0xf}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:38 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2010000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:38 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:38 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022d1bf17224df0ee8d00470105000000000267979c0f880c4fc8e10000051c04adb017ca5bdec1e98ae4ab", 0xaf0e4e871f6c740c)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
r2 = openat(r0, &(0x7f0000000000)='./file0\x00', 0x1c600, 0x30)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x5, @local, 0x9}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001500)=[{{&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000140)=""/233, 0xe9}, {&(0x7f0000000240)=""/13, 0xd}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/233, 0xe9}], 0x4, &(0x7f0000000400)=""/217, 0xd9}, 0x10003f}, {{&(0x7f0000000500)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000940)=""/180, 0xa6}, {&(0x7f0000000640)=""/243, 0xf3}, {&(0x7f0000000740)=""/46, 0x2e}], 0x3}, 0x5}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/204, 0xcc}, {&(0x7f00000008c0)=""/88, 0x58}, {&(0x7f0000001680)=""/181, 0xb5}, {&(0x7f0000000a00)=""/144, 0x90}, {&(0x7f0000000ac0)=""/149, 0x95}], 0x5, &(0x7f0000000c00)=""/16, 0x10}, 0x80000000}, {{&(0x7f0000000c40)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000cc0)=""/140, 0x8c}, {&(0x7f0000000d80)=""/184, 0xb8}, {&(0x7f0000000e40)=""/155, 0x9b}], 0x3, &(0x7f0000000f40)=""/195, 0xc3}, 0x100}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001040)=""/160, 0xa0}], 0x1, &(0x7f0000001140)=""/41, 0x29}, 0x800}, {{&(0x7f0000001180)=@caif=@rfm, 0x63, &(0x7f00000003c0)=[{&(0x7f0000001200)=""/3, 0x3}, {&(0x7f0000001240)=""/101, 0x65}, {&(0x7f00000012c0)=""/205, 0xcd}], 0x3, &(0x7f0000001400)=""/143, 0x8f}, 0xfc42}], 0x4000000000000b4, 0x2002, 0x0)

17:24:38 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  476.582616][T30070] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  476.582725][T30073] loop5: detected capacity change from 0 to 16383
[  476.592910][T30074] loop3: detected capacity change from 0 to 264192
[  476.606943][T30070] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  476.616355][T30074] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x8}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  476.624390][T30073] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  476.652871][T30074] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  476.663974][T30074] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:38 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2200000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:38 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x9}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:38 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6, 0x10}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  476.693051][T30100] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  476.694330][T30073] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  476.706247][T30100] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  476.712634][T30073] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:39 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xa}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  476.745346][T30106] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  476.765337][T30106] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:41 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2500000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:41 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, 0x0, 0x0, 0x0)

17:24:41 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6, 0x2000}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:41 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4402, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xb}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:41 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
r3 = syz_open_dev$loop(&(0x7f0000000040), 0x63, 0xa00)
close_range(0xffffffffffffffff, r0, 0x0)
write(r3, &(0x7f0000000140)="2600000000004701050000000002e106000000000000150c296feba91e00000000000000006d64c73c2571434865c09b6101000b0e72f6b0c6a25123c7084900"/75, 0x4b)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000340)=@nfc_llcp={0x27, 0x0, 0x0, 0x7, 0xa0, 0x20, "ad38cc8bd33f38062e707f8da55678562cce86b9cf3c23ee8dbe60d8d1cc58a0ab22121350e992e9910169e140e1c0489e7af95fd8708c2c88b6b9dcd45f3d", 0x28}, 0x80)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
stat(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
sendmsg$nl_xfrm(r4, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000b80)=ANY=[@ANYBLOB="88010000f20021072bbd7000e7e03e74a9ed0f35c0fedbdf2500000000000000000000ffffe0000001ac1e0001000000004663d669c0f58d8d00000000000000", @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="7d366e000100000001000e00ffffffff000000000000000000000000e80011000c0015005b0735001a66000014000d00fc00000000000000000400fdff4e224e200000e00000010000000000000000000000003f266fd814f1d2e24d3805ee9b80dfe6caef733dbf557d76d3e4d1b34d1bc271b0f81f0d633b18bdd37759dd3d4b27e92973b40123fd9b916b9b705e6a9891f9021fe97c9050bc45e742cd25a042b750eda31c217553a125b1d9b5986d274b97d74ef1d73366097bd37e6503ec6cc2f7c900fb7cec1c9325fff4bc5a4ab2e18beed4f1212f8c0f19c2b4097522fc70f44713b14078b77d8a9d839d817cd5ea04b7689489ae288608510c94f9fd04c781e6eed27948efc11b21c7f088d6820d1ce31cf2b07eaba12391d84c84fb2fb212719e8133ffa7ade045377ecf8b92593a7e132370f1437398bd176d485ce232e8271fd73a47c07f925c2b87d4af0863ad5a06538e04556b31aa000000000000000000f7b34470210896e1fa5a8c443e40b2d09426efb47f348f2fa8cb612f3e01c25d4170aadacf1f49c7c0ef31fb6985e4db73153baf40ec6aa589741abb14189dd3e75ff0a15fd88d82218aec0def096b1ae4dd85a236ff1fa127d3fa17daba677cbbe40b4daee9aeda649ba3ea8f9d2ff550c1abafb87c0271a29a350ed2f9d84de18b4db3a40a6f636f47da4d30116743bb4faecac359e6b3bb14d00aa530a88c925b6c230dd9a62ccdab166a63d1871d478d862258de8f287a1f2df5ec22220c2c28c2e000bce0bcbf46b541bdd65feb7fd75892ae04a39bbed6894d16491cbac1f0d69c818f981c5873e33ea9da0f16efb050c464240ab7087be4cf37c200195f7d50fdbaa75bc91ea7eea0ad8d61e29b69d0e59e811549258a49c92e7413281feb80a510e8c6e142548be593cc273c8f2a1402c1f0fd0d01bf1924681700123c1bc5881703a591c9"], 0x188}, 0x1, 0x0, 0x0, 0x800}, 0x4008084)
r6 = accept4$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000004c0)=0x14, 0x800)
writev(r6, &(0x7f0000000800)=[{&(0x7f0000000500)="2e39db3e7ebb65d1454042bebffd0a9dbdb9aa8def11f7981e38e6733a9d5653817a231a5af386a8a5d339214e4b89dcc339ac8e6964f55bc6ca99fb61e418beef037b8e6d3d25bd7c0e381184a961a16a3efdf42db27dff1fb6101abf7a9538689cd2fd3a3c11b7833d97a5588a14350c3fb3a03065a3615ec844c7784e6ad72291ad152011680549b31e10a711ec38dda1408d1207fdbe7f51067ab924fcc3ec4a7b1e6798dd230b810a26975564a043b4312655df99f6bd2a9b", 0xbb}, {&(0x7f0000001500)="21296d5290278d108737988be1b4d5be90f4a3ec36eaa93bb432bb0dfb6747564bce2e022bfc3accfa003d11abcfe29806741cf51c885651f7c340db537f34769c0b45a0acd0d474fed102304cf063ccce6e69b59f94e5bdf785ff2f7b8ef45934d5d3222354639a64c29d037f568ba32fe4a0716081762ebb11e4335e04b98496a947a1b5cab281fddf75ab0b6111756ed3593483f19bad4190cc99b9f7908ac1637ffdc0c998752fbe0e47162b63a45484dc0054c2cb951b105359b46ac7b5cd8ec1b7e8ceed2d2ff851faedd7f6202b06244d69b14babba6e55cff79b7cbd86d66e5a6e712119a12df8a206220a46e6d90556ba169c82f860fd0ae6f05f3b4b616cd0fe38a6870e4b9c2b798ad214cb1af2cd2d8c14433a4803ae702e5086349795435fd14c882cb2ca6dfd691f671a1b73af27b20bf07ad2d20f8644526a24e94258d214b79bd4e0eabf743438afa0d2363e394449edbe9e84eabf27df18e748d661e6dba6ea7ba087f3875cbf3db6f8f80efd8aaa8e8a915d2e0274b583dd20a59d6ab0202dabed1057b0349451535c7990112e3819d52a06f22dd8304b319c0c357302ac017f86d10e5779f49a287e1d2a8bafda900e4df7f5ba50c9b9f7d6fe001aafb5523dc0e48d7b03b6519190c86d465233e289f5c2eaf64fbb0edf1b0aa0dcd6ef7168377c8de07c45de5ef1146c4e9b249f18c0e308bdc69d9f7f4f75d753f553ad397b9e94af3e7a747158a120702e9e4ae96d13e0f3f2d83debeeaca0e24d9e7c4984fb21be183f3cbe1238d5d171d84a47ac04d0e8b78d1b2a0666efce8f4be9138553dc351e99b60b689e747e28f45191910a8609e2b25ad90e25c666c655d024562a659f94e56f0c8b340c4b8f175a1d36ad825bceb20b0be5fa230b3757a58fc8a309fde50dbcf8fa15c125c00117f0ecc964d6e4aa305d98fd2660e5a236ebd85a53e290a4ffba9b52abc958c0a4877eb54d9c4bd22970fca1407fee4a3f52ac50764b45f4f89e98475e8191dd716422f4429234874cfad8327d37f8d330c1fea1ce4c08c52ae1394f8e917884300134d1368471070641deefd536e711535e2707fa34216bf1235c4fca9a1e8a6fbe8dd453ff77f3470332108aee5d5ccd423a6801b8e9120444103c15512ef858eb9e53f3bc3bd5c6132d6ca647f28b7a783f4e0af3f2fd74f5305c21056b12434a108f39cc9559e41877389cad25af039c2dbd8410dcf67e75cbdc52537a0a8f1828049b94ef1a1a06a1ce94dd9818430ce7a4abeb7b35cd267e9522d61727d27761d82a4d504f31a53b53e7d6dd5bd5f8dbac3e990f944b0394d7366ba9d360d56fc31a7ac1a98b4790fd388770423b440e723da95c898921690a9fcb297dd5d1b0da53eb01c9d2184335b10ea2be895e747aa4762686daa9746843ab7012a95bc8f0cea67c54f7c7ee6ec2913e7a03b6d34328af790c2f855f087a8510771fa1551cc24afddb62c8225c6a794f71c82fa21b4f56b5c884d8cb9f56dc2240e5c304255e5174f8f11f4eb018ec409f6190672b346f021a34b8289abb426b92a33b5c480cd090927dc36a08b01658184cbee8a53f774709ca3db997a8cb4c6f9970b00eb076e81ae26c226bbea0f1f753131449c3b4d42cd92c3f779f06b6e360ef10b88c62799660d38d6e63b122003b58ca3e0e48e6075a9a43afd10fca2fec670261b5204c6a6d5a285b3dfdc07af7b700d562ae5f31b5177c9d48c89eca6072f291ce0c5b67946e1c8d16d623ce0d9e75bad739f8bdc2cd2e045a7110baaf7628d950892157e473a69ac8294ea7fe81b61bd35f4a7b0e921999381b51e301826c20e07482a27d2b279f8769cf50cacbf2cb68083ff679fa0f80defc57c1d5ea24e4ae84de02c25d0a49d74faf5202e464d27167169ed92a6fdd42917071a195619eb0a676085c12a7fdd0a353bef0cb42567c2e3b82b6d91334a2cfa1c7d6da933ba5b76a8f0cfc4d4386062719b1d3d9b1c79a89ec5ef3a937bded994ae3f1670706ff8a9b3f0699e6be9291315ba03e1bab7f60ed8b9030ae73cec3664a4be8040ba3a1cb1fd2d2e05df7bfcdcb1a2487719217cae039367baeb807509320bb9b6951c8793856e5107be1e1e2d747179d7d4942288e13043e632dfef5466f769f0727892963fd2016da38cde6b28a226672601d6d5b784bdc0572fcaf7d6d45d0969508d6c29f8f5221a85d8c2710f5aac93cfd0bc4e636c66bb1e6a5227ba545b66ad2110fbd30c08f81bae1204964c85bd50ab9ab37c54ef5476158aecad53278edbb0d66c899326e810b742874d98a4e29b2a68ebb1b2182e11b736045e704a179099e4ad8367eaef24069f779f5e3925b7fef67d89ba320a8460ddcb5f837033c927b0cada4c124fe8cfadb4b1d9c760819be5368a055292a24356cb7e84bec3c12ddb1f698e1c5cce7102533f1287b53ac6c09d96a7baba966583e7c29d5fd5aacfa3702a5f51ca0b05b64a7697f4f3e7ea1a677ce851632c442d1e800a4fff7e0a3fc1c8168f0862e394e10ad84e7ee2fe4c3a7adf226a467b94eb5ecd887bfcb8ac784d489dac6edf4677d43a77ef5c6beed3e3cd81bbf73beff19a2c3b725a4927ae1734c9c8e80f34397357d7fae2794de3ec18b32a03c6a574823b5517d2cef2d51d18e7744ef60da64e6a992c368c9a07f61d14dbf640df69594b9ffd0cc2fd1b55aa28b5231e53e5211500de07083995959157a06b315531b5da467705d424c722272f3cffb48f240886a9e19db6ca67b8ae653946f2e903de9cd42ed1175d1fb6570f87ce91500af0e647928bec8b7c42b3bb06694beeab86e96dfe6e2b968561cf082d3c2172c172ef17086470bede03a62e2b5eb934dcbae707edad9bda83f5e8c17a86320e20f04ab235fe46c342dcaf537b4ec79853615b92788ba4eb696870ae9e67233d4733c5e6a9e89abc3fe008342e21680142319adf9476ffe14d34fb8b9fda14b0616b71f0df94e33a67e20d77a9b84c662ba363da508d88b92fe549cc3ff87eef579af96166eea8768792ed70173f46ccd1f357c3e9a992b692fd28379aa4c8c1dec3f5ef6fddb9115077bc55472f85361e498c7badff27f40ca1ae99635e7d35fb8e4b979722a097912c018ba5528a913c77301575a2741343fadf8685e0998a269c737f7f4939f30ec1de85113ef495ae8b3afde83c709a1ed43da2df0cf8c38e09c01f15ed64a9204fa3d99c9e09fcd254f312d020253b891a25e616fafc7de6a68257897982c25499587b73cddcfd8cb5af0e7353d9563cd0e8fc11fc411ac765e910cd4f5c327201233b34f3eb0affd483ab81699c1ae68f31c23f23d7a287da269eb77e91576e35965ea7e3f733306bab616ed9d4b4f28e6105da9d5d2d7103e1d2cd4ec9c323ff07b412ab9d5a4e1513755e1f9b20c3c02099def675be911c7b4710458876aa508ed43ed694ba6c0aff6839b8f557289541854d4663beb97611776e273d0bd02554d8ad29f3f1c826d3536a561575b4ba1375ca9b5020efa7005c4c023c7c19610fab7cd6c002d3722c607c32465548b8fa83b83f92e9b6c39c1904e066162fb02bde0e10523a8958403714fa123bcb577ed0c9412d2e0568fee4b086fa8cf4278f6f3d19d4004c837aa138a0d6a288bba8d04a051de7ee62fd419a6fef45a8e08bff656ddaec91b0c3e77ee8e5d1a4411940676676bc8deefb9c0002186a2e8cbd5d20f868b46d7ee2043c4359255d470700d4e9f228238b1de16fb5ad1781a1d1ec549225a09ecc966a6e623a233ba49d961b35e8d49e040bcd6df8dbcb00cbf44ebb4707b7e02bec0fce1026d5ab95ec2ebe4386f625ddfbdf0d1ce36d49361cfb3d89bc8f621d4071f4e6d06cf129e184c12c194b8cc1884a4212dc9d08a22a2ab511683224376aea05eec8cf793198aa503598aec6c9518c4e3553a6cd051e31a33d75b123333f3a082ce472b7de599f3c8b564db8c4ffd769c581a357dcd3242353d259a5357e6487249a3e77c3ae055fc693fa9cbff2e9fa7293d5645740ca1f3e9acc732960e57e0afa0e29d6936afc5e2158f661cfe9c4e3821621581aa5de716349017101cbbc354da1745462c4581d665f5affd66b8dbf15bdbea5c27adeb1d77eddd2999145391bd9e87aadf3d895acfd1687dd53b9baa4bc345edfd29a0640e8b921bf9d36fa03c24a328e337292f98f9206baa38e5f67950b31e48412a586c751d13f6ab8e1d1e5ebba3be7889aa72d9353f00db0beba045c08ddf4305e865760a036d669dd33a06d393c09212acff94e9f7e8b3f9e55632ff815c770e4fff4a9c6319b35339c8c3c1e8a5b8806fc2f2744aa9d514538b4980ca6f6b9207d1e749c285a3d8f3b365d7b52adcf8374b1f0b591ba76c390a3af877f2adc1fd9677cc9207f2c40c7ec9e6eeb08f9b22841800f3265c5e41129be45b4917b4e88aab13698e4d3e71f5d6da028e3e6fbaf68a1f055b242a6b231c8f3b3afde2c1da2d2d5910f1c5461ae7957860c7ffca9c5e1db242401247eb4ca747a0351b3824ebdea6f5c4caf9c490d4d9f473900b2cec7a4bdcf9f5f54324ef79faf3bdb57670e741ae6f6e784b4dc1242c96e04cdba427fb29f2055f95387cd968089be3b45ea39be6e7feae1e5a8f9aee93a2933146b6c7d94df35a8346c6187f75028e2a0253aaf3c9b666400f91c16c41af7db25c2a5954ea828a0e5b25909c7d534966e4c67b6af8431a229de89917822c27c09effcd66a6d1a2c43d887a607bf27b598f96baf97993f9309e53821df6074be9030ce556eb48fe794e1aca09e467f634b84cf494a82aa56c90807e4e11cc19c417fb11e02aa558a773a40c45c37c95554ae2064ecd6ece53a05770903666226ba62d5cf9b81a039c605ba11954b1ab91cff42b0a23efb32989b5ddf6661831c88a08dc4343fceb5cd9117e36dc89c59b44fc96069f4dcf0d886b1cbf7cc923aa256d4ef98a61c95335aae8d218b4583ab9cec10f7d83c3fe1de35c16f2636bb51cdc78d78291497163488cc38ef8b01ec361af9a49ee307e276fa94fa8a49a874b6efde3d9bf2fb7f42eda0297991cf3cf702104e208a0e9c9fee3092528c5239b23c75675e4e35fe32bc8dd1c6a929dcaa16d33047a0ba898d0490c7327f20f43877e6df25fe92c2f1fb0f92b46069686662598aa2410c23a36c08289542ae8a803f6c9a8fbb6efed5af0e9e0199e000dd981b5b81e59be7e28cee83efbc8b560a3feaeba0678084b174a1e5134fc993738354ebdc498cd834e0c31b57635c492c31b886864024e0ee4fef5ab4ea2dcdbf4972981b5f2c136dca0bda6968050bb4a57bb310a71ec9cc3a519a13ea451d87f7e3fbfd07bb0e9ad0aafd1e351b7576b100122c56f0fa6648392312b885693c3d13ca17b56d9453c3d00549a259d990e3da88f3e31546ea16a9c0d5d1a0a6f8c1d6c51520b7d79195b71e3e475c11aca9a130a429ed966a267eca408dd24c6370aaf5523023dee7d195c7fb09bd853917bbb275efd526eb04fbe0e0152f462ed7b4723599ff9bdf18cf2a9a9f863c0e0bb101b35326be7cbd23ed5d3ba0eaf236dee0cc31e54d78671721607d93c00da4028865ae39646f8894adab955574b1a9d7842b337165ccd3540259d1e00a61c8f2097bc3de7e74d57f098abaaee108658c4b20ed192cf8c3210c1c412bad8edd5c1cfd95c6566422264393bebca32c2982529005d11430d53dc80c4aa4a7f3478365ac26ddb0c8bc75f607d7421ab827533f1d5eef8c4", 0x1000}, {&(0x7f00000005c0)}, {&(0x7f0000000600)="135f6f0615398cd730ebc473198a19356a993015dcf65e4bb9c08a60e66630083f78bd86a8cd1aa5412761eb74253b1e2e8fdcd91797cd40bbbcc2b95a500fbdf9003e0e8c419f9565867b41a8542fce5f3a032cc4a957dd25c118fff862a9899d635fd055075311942797f3238cc69dc7d3e2e49e18bc1efc6acbd4f7669bf65532777ae2d2ef23017f9f638edca8a5a3de6e0d44a292037b679004fc72ccc898dfc98790d72bdf67360dc761872c33a467ccb53a45a77e781da8cfe144c39453f1065000c069fdbeedc076132960c51f9359a28de02898db8e342b605f01f04c6d3071532ca209a8298d2ba5107c5ee183b4", 0xf3}, {&(0x7f0000000700)="f38ff02a18bc7cd5964107e5c70add98f324fdddc37906384d3fcf08f69987ca2b4e0e0c8c8119b00a6af1b4f1eb47e7684ae87d66a402250b81e0bef6fd457948cb8fef3111bc5777f27699a0ddfcdc06dce7203f54eb85d86651bcd27bb0079779dba2c37b95427acc686d78acbb03daac4cc62cb50d567db4f82a80cc22a712d08aad8208d6080187b8916df5efe0b695849ed2b8790043c0bd8c3c26cf06d52d127e99fbe33e7881f8355a2935a39fe5722bb74e13fec4c12a865a11abea77259d58c2ff710a7f8ff48422dcd16f78136544f0e6a5b5ffd143765ef55cc3debed5455e328c1b029cc6fad38129e8c3bfdfd3177f0619b559", 0xfa}], 0x5)
getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000), &(0x7f0000000080)=0x4)
socket$inet6(0xa, 0xa, 0x4)

17:24:41 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6, 0x4000}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  479.613242][T30146] validate_nla: 2 callbacks suppressed
[  479.613256][T30146] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  479.627752][T30145] loop5: detected capacity change from 0 to 16383
[  479.637236][T30147] loop3: detected capacity change from 0 to 264192
[  479.645938][T30147] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:41 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@unspec, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  479.655604][T30145] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  479.666206][T30146] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  479.701638][T30145] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:41 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:41 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xc}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  479.712795][T30145] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  479.729636][T30147] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  479.735405][T30179] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  479.740760][T30147] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:42 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb, 0x10}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:42 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x2e00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:42 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xd}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  479.778055][T30179] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  479.838234][T30195] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  479.864133][T30195] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  479.876839][T30201] loop3: detected capacity change from 0 to 264192
[  479.898337][T30201] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  479.939208][T30201] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  479.950662][T30201] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:44 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb, 0x2000}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:44 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, 0x0, 0x0, 0x0)

17:24:44 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4502, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xe}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:44 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3200000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:44 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r2, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000080)='\xbc', 0x0, r0)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCGREP(r3, 0x80084503, &(0x7f0000000000)=""/23)

[  482.644630][T30228] loop5: detected capacity change from 0 to 16383
[  482.647114][T30231] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  482.654577][T30228] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  482.661138][T30232] loop3: detected capacity change from 0 to 264192
[  482.685677][T30231] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:44 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb, 0x4000}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:44 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x10}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  482.687025][T30232] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  482.714958][T30228] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  482.726254][T30228] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:45 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:45 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4800, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  482.766190][T30256] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  482.799698][T30256] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:45 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x11}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:45 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x10, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  482.820159][T30232] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  482.831614][T30232] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  482.848062][T30271] loop5: detected capacity change from 0 to 16383
17:24:45 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3f00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  482.870944][T30271] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  482.890711][T30271] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  482.901907][T30271] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  482.941183][T30292] loop3: detected capacity change from 0 to 264192
[  482.950265][T30292] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  482.975066][T30292] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  482.986700][T30292] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:47 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000380)="66530700ae897094e71b0fa1f107000000364603812c66538d750f6ee1d001f43f0500bb9fb045f2d1eaa302ab6c2fef2308003ea1315b9532f3af2f5e153eb78020fa00eb298802d8f6c1f3b18d6d352507f7018b311fef2c560001000000000000fb8005128e7e4d939955f8ac396203784000400f573fbf000000000000000761f35e919f130dec95128ce7ec033dc0a380543bfc99320be1c1bb99bb063fb60935696569eada31b0040015f0332701d9d14a3f9209d666578cc0266bce78c1acd2321d2d26ccd3fcebd460eaaf305a0ee2af0f82a729d5e00d421b0000000000000000949f4f9f000000730428fde6136b8e97c32a55284351fe873f70957000dac653b3b313e587cdb091f26228ce524ee8c2db27bb8e3575774af29dac5aa705000000bfefdda048d3c83d636d1e3583f6b507f092befd0c4307580e838a3803dafd1c57cc5114f6", 0x14b}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, 0x0, 0x0, 0x0)

17:24:47 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:47 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4000000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:47 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x300000a, 0x10010, r1, 0x56caf000)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:47 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x2000, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x12}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:47 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x25}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:47 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x4000, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  485.675008][T30320] loop3: detected capacity change from 0 to 264192
[  485.675101][T30317] validate_nla: 2 callbacks suppressed
[  485.675151][T30317] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  485.681669][T30315] loop5: detected capacity change from 0 to 16383
[  485.693073][T30317] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  485.699001][T30320] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  485.734681][T30315] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  485.753885][T30320] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  485.765258][T30320] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:48 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  485.773286][T30340] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  485.789926][T30341] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  485.795243][T30315] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  485.799962][T30341] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  485.809403][T30315] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:48 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4202000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:48 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x3a}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:48 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x10, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  485.921127][T30356] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  485.966397][T30357] loop3: detected capacity change from 0 to 264192
[  485.974922][T30356] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  485.992715][T30357] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  486.025544][T30357] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  486.036656][T30357] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  486.508739][T30378] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
17:24:50 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x48}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:50 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:50 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x2000, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:50 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4402000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:50 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@unspec, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000001, 0x12, r2, 0x65d57000)
bind(r0, &(0x7f0000000080)=@un=@abs={0x1, 0x0, 0x4e20}, 0x80)

17:24:50 executing program 4:
r0 = socket$inet6(0xa, 0x0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r2, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000080)='\xbc', 0x0, r0)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCGREP(r3, 0x80084503, &(0x7f0000000000)=""/23)

[  488.694288][T30397] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  488.697436][T30389] loop3: detected capacity change from 0 to 264192
[  488.703903][T30388] loop5: detected capacity change from 0 to 16383
[  488.719307][T30388] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  488.729544][T30389] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x4c}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  488.741956][T30397] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:51 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  488.788854][T30389] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  488.800065][T30389] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  488.815330][T30388] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  488.826459][T30388] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x60}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:51 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x68}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:51 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6002, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:51 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4502000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:51 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x10, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:51 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x6c}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:51 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x2000, 0x0, 0x0, {}, 0x0, 0x0}})

[  489.034951][T30442] loop5: detected capacity change from 0 to 16383
[  489.051270][T30442] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  489.062758][T30453] loop3: detected capacity change from 0 to 264192
[  489.074650][T30453] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  489.102677][T30442] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  489.114387][T30442] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  489.147098][T30453] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  489.158561][T30453] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:52 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x4000, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x74}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:52 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6800, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:52 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4602000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:52 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3200000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:52 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
ioctl$sock_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000080))
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  490.057239][T30491] loop3: detected capacity change from 0 to 264192
[  490.059152][T30492] loop5: detected capacity change from 0 to 16383
[  490.074759][T30492] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  490.078006][T30491] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  490.084913][T30496] loop4: detected capacity change from 0 to 264192
17:24:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x7a}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  490.102386][T30496] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  490.115211][T30492] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  490.126448][T30492] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:52 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x116}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  490.158494][T30496] EXT4-fs error (device loop4): ext4_orphan_get:1413: comm syz-executor.4: bad orphan inode 1862270993
[  490.169631][T30496] EXT4-fs (loop4): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:52 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6c00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:52 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4702000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  490.212759][T30491] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  490.224002][T30491] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:52 executing program 4:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x81, @media='udp\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x44810)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x300}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:52 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x10, 0x0, {}, 0x0, 0x0}})

[  490.306882][T30535] loop5: detected capacity change from 0 to 16383
[  490.346126][T30535] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x500}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  490.386612][T30548] loop3: detected capacity change from 0 to 264192
[  490.416080][T30548] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:52 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x600}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:52 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x2000, 0x0, {}, 0x0, 0x0}})

[  490.426020][T30553] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=30553 comm=syz-executor.4
[  490.440544][T30535] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  490.451691][T30535] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  490.517703][T30548] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  490.528816][T30548] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  490.895132][T30594] validate_nla: 22 callbacks suppressed
[  490.895159][T30594] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  490.910120][T30591] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
17:24:53 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
r2 = pidfd_getfd(r0, r1, 0x0)
openat$cgroup_type(r0, &(0x7f00000000c0), 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000000)={0x0, 'macvlan1\x00', {0x1}, 0x4})
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000080)=0x800, 0x4)

17:24:53 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x608}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:53 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x4000, 0x0, {}, 0x0, 0x0}})

17:24:53 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7400, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:53 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4800000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  491.246107][T30601] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  491.256915][T30602] loop3: detected capacity change from 0 to 264192
[  491.258775][T30603] loop5: detected capacity change from 0 to 16383
[  491.284967][T30603] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:53 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  491.287880][T30602] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  491.295224][T30601] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  491.325079][T30603] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  491.336371][T30603] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  491.411030][T30602] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  491.422141][T30602] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:54 executing program 4:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x82100, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB="70020000000405002bbd7000fcdbdf25070000015a010be00b51d90d7140600a8e0c0e1e1ed04e48389e059c4057cbb97e629404538683e840d344c0efb95dab0dcd1efc41128feee45a37ccafe1ce1b8bd1c0a3d6b161e5cf43dde2691da204bf4fb74644373a486693f05475d074ac2c79b20ded92816ccc068c20459d8916bd34f305eb0c36fde881f445dcfe44b28092006eeb6ed40f609cfecb94ab9ebbc57f42dcc45b6ab8878d8fb4254b22accf61ac1242dea14403ba57ed35d3f43824d47b39c9d239ab339cd5accf55f31cc87d80a210d6049073228fad5611967202a3ba4ff7ac765e127b5dfca7754e7fa07bdf426eb5b3ffe967a6077548ef1588badefdb41514d708b4099d777f83d1090f53885a09096cc084e82c273e0dd19a6fbe1d9a8d483e78dc984e0cff9bc0356dc25bed52c38fa9083f29dda9a423f3bdb370b0af52f40060081118b4f20c5e20ad73673478a97bb0ca035a052ccde63bad866b1918657a219c50ffad0000ae518d27f86a0e768df255b01bee30d5ba2a89af9ab91bc193848317dc83168c0249aa85c4844382539251cce755e77d83c8eda2293a57ea8a4b04752174061c2cc6845039519b885afbcca97bc2b4b50a22d61ec7efff65d9063c3548e332cc9f86bcd26f50b7d1ce7d29a8b9a1f4f45faa74d9e3675a834c2535bdb547c52903b3b9acf6aecbae6ec135f537f16055d63e9ea9d094ed168c9bd0024a246180980d32d1aeef07d5df6e0140b059b052f38840378f98afdafcc45326d237e0b458135a9af9ab99857c1ba1643f10dc5c745be06719e869f6f073763964a9b024e8161765be934630c6e12ea564228a526b557f68f88b581423d1dd3f6971e000"], 0x270}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000000)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r1, 0x89f5, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'ip6_vti0\x00', 0x0, 0x29, 0x92, 0x3f, 0x5, 0xb, @loopback, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x10, 0x10, 0x8, 0xfffffff8}})
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:54 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x700}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:54 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7a00, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:54 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x10, {}, 0x0, 0x0}})

17:24:54 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  491.897948][T30641] loop5: detected capacity change from 0 to 16383
[  491.906588][T30641] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  491.933333][T30651] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:24:54 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x2000, {}, 0x0, 0x0}})

[  491.949557][T30654] loop3: detected capacity change from 0 to 264192
[  491.956459][T30651] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  491.980618][T30654] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  491.990323][T30641] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  492.001456][T30641] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  492.063995][T30654] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  492.075170][T30654] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:55 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
r2 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x109002, 0xa8, 0x6}, 0x18)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e23, 0x2, @mcast2, 0x1ff}, 0x1c)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
preadv(r0, &(0x7f0000001600)=[{&(0x7f0000000100)=""/157, 0x9d}, {&(0x7f00000001c0)=""/134, 0x86}, {&(0x7f0000000280)=""/196, 0xc4}, {&(0x7f0000000380)=""/96, 0x60}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001500)=""/208, 0xd0}, {&(0x7f0000001400)=""/109, 0x6d}, {&(0x7f0000001480)=""/21, 0x15}], 0x8, 0x4, 0x0)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x806}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:55 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x4000, {}, 0x0, 0x0}})

17:24:55 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7e06, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:55 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6000000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x900}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  493.080172][T30691] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  493.086647][T30693] loop3: detected capacity change from 0 to 264192
[  493.094611][T30691] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  493.094916][T30690] loop5: detected capacity change from 0 to 16383
[  493.141534][T30693] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  493.160462][T30706] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  493.174607][T30690] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  493.191958][T30706] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  493.215650][T30690] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  493.226779][T30690] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  493.244080][T30693] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  493.255287][T30693] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:55 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:55 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:55 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xa00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:55 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6002000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:55 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8407, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:55 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  493.400886][T30735] loop5: detected capacity change from 0 to 16383
[  493.408811][T30734] loop3: detected capacity change from 0 to 264192
[  493.415352][T30735] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  493.444749][T30734] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  493.462387][T30735] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  493.474145][T30735] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  493.492196][T30734] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  493.503361][T30734] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:56 executing program 0:
ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, &(0x7f0000000000)={0x7fff, 0x9, 0xffff, 0x6bcf})
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0)
sendto(0xffffffffffffffff, &(0x7f0000000080)="a08cbcd583ad9173c5f8b3550341d1bd341f069a7447fcb3343fe8bc3ae9e2a8bdbbcaf1088368f2e971baa67fdd5a0011147bbbdfe95cc40e3d59af4662685f67da91b7bc9b390ad7de3c6228c904c267dd7a57f06a73e1e714ad9edb8b1de12f9a6a2f0c44094daf6c3310212d2f645d3544854e02da3ee699aeaa775caeb333a37a8dd9e14ba91833b0e46e16ee98a1f13eee06619a2ddf07a0742ef29c38eb799c50967f13807d3ecb548efea0e118db98c82fd2ef6b34816129b267ee5cf3197913779e5092d9b1246fd5e55e4b4dc2f47cd82d8c35d6fb2d", 0xdb, 0x4000001, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xb00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:56 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x10}, 0x0, 0x0}})

17:24:56 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:56 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8607, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:56 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6800000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xc00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:56 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:56 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x2000}, 0x0, 0x0}})

17:24:56 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  494.016511][T30778] loop5: detected capacity change from 0 to 16383
[  494.023613][T30781] loop3: detected capacity change from 0 to 264192
[  494.032732][T30781] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  494.053241][T30778] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:56 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xd00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  494.096387][T30781] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  494.107501][T30781] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  494.128949][T30778] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:24:56 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  494.140142][T30778] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0xe00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:57 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x6c00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:57 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x4000}, 0x0, 0x0}})

17:24:57 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:57 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xba01, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:57 executing program 0:
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000a2c0)=0x7, 0x7f)
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x21, 0x800, 0x2)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001680), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001f00000008000100000000000800030001"], 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000008a00)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000008b40)={&(0x7f00000089c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000008b00)={&(0x7f0000008a40)={0x8c, r3, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0xfffffff8, 0x33}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @NL80211_ATTR_IFTYPE={0x8}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fe5af77997ce00d4165baa65b47012115cc0c16e83ccfdd9"}], @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000040}, 0x800)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000008800)=[{{0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000080)=""/4096, 0x1000}, {&(0x7f0000001080)=""/227, 0xe3}, {&(0x7f0000001180)=""/108, 0x6c}, {&(0x7f0000001200)=""/110, 0x6e}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000001280)=""/227, 0xe3}, {&(0x7f0000000000)=""/3, 0x3}, {&(0x7f0000001380)=""/214, 0xd6}], 0x8, &(0x7f0000002580)=""/199, 0xc7}, 0x81}, {{&(0x7f0000002680)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, 0x80, &(0x7f0000003700)=[{&(0x7f0000002700)=""/4096, 0x1000}, {&(0x7f0000001480)=""/51, 0x33}], 0x2, &(0x7f0000003740)=""/64, 0x40}, 0x3}, {{0x0, 0x0, &(0x7f0000004900)=[{&(0x7f0000003780)=""/245, 0xf5}, {&(0x7f0000003880)=""/85, 0x55}, {&(0x7f0000003900)=""/4096, 0x1000}], 0x3, &(0x7f0000004940)=""/145, 0x91}}, {{&(0x7f0000004a00)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000005e40)=[{&(0x7f0000004a80)=""/208, 0xd0}, {&(0x7f0000004b80)=""/252, 0xfc}, {&(0x7f0000004c80)=""/87, 0x57}, {&(0x7f0000004d00)=""/4096, 0x1000}, {&(0x7f0000005d00)=""/90, 0x5a}, {&(0x7f0000005d80)=""/30, 0x1e}, {&(0x7f0000005dc0)=""/81, 0x51}], 0x7, &(0x7f0000005ec0)=""/79, 0x4f}, 0x1f}, {{&(0x7f0000005f40)=@sco, 0x80, &(0x7f0000006080)=[{&(0x7f0000005fc0)=""/163, 0xa3}], 0x1, &(0x7f00000060c0)=""/89, 0x59}}, {{&(0x7f0000006140)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f0000008500)=[{&(0x7f00000061c0)=""/4096, 0x1000}, {&(0x7f00000071c0)=""/78, 0x4e}, {&(0x7f0000007240)=""/249, 0xf9}, {&(0x7f0000007340)=""/4096, 0x1000}, {&(0x7f0000008340)=""/94, 0x5e}, {&(0x7f00000083c0)=""/53, 0x35}, {&(0x7f0000008400)=""/189, 0xbd}, {&(0x7f00000084c0)=""/51, 0x33}], 0x8, &(0x7f0000008580)=""/158, 0x9e}}, {{0x0, 0x0, &(0x7f00000087c0)=[{&(0x7f0000008640)=""/210, 0xd2}, {&(0x7f0000008740)=""/83, 0x53}], 0x2}, 0xfffffffb}], 0x7, 0x2, 0x0)

17:24:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x1100}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:57 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:57 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  495.021333][T30837] loop5: detected capacity change from 0 to 16383
[  495.036805][T30837] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  495.046216][T30845] loop3: detected capacity change from 0 to 264192
17:24:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x1200}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:57 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:57 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, 0x0, 0x0}})

[  495.081030][T30845] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  495.142778][T30837] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  495.153886][T30837] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  495.168570][T30845] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:24:57 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000b4bffc)=0xfffffffb, 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

[  495.180155][T30845] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:57 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7400000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:57 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x1601}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:57 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x2000}, 0x0, 0x0}})

17:24:57 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xbb01, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x2000}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:57 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x4000}, 0x0, 0x0}})

17:24:57 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  495.299709][T30913] loop5: detected capacity change from 0 to 16383
[  495.312576][T30914] loop3: detected capacity change from 0 to 264192
[  495.338160][T30913] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:57 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x2500}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:57 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:57 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  495.359505][T30914] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  495.427772][T30913] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  495.438877][T30913] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  495.464097][T30914] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  495.475184][T30914] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  495.963863][T30891] ==================================================================
[  495.971982][T30891] BUG: KCSAN: data-race in netlink_bind / netlink_insert
[  495.983707][T30891] 
[  495.986047][T30891] write to 0xffff888106c85328 of 1 bytes by task 30962 on cpu 1:
[  495.993759][T30891]  netlink_insert+0x5cc/0x7f0
[  495.998549][T30891]  netlink_autobind+0xa9/0x150
[  496.003303][T30891]  netlink_sendmsg+0x47c/0x7c0
[  496.008339][T30891]  sock_write_iter+0x1a4/0x200
[  496.013199][T30891]  vfs_write+0x69d/0x770
[  496.017432][T30891]  ksys_write+0xce/0x180
[  496.021957][T30891]  __x64_sys_write+0x3e/0x50
[  496.026540][T30891]  do_syscall_64+0x4a/0x90
[  496.031127][T30891]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  496.037031][T30891] 
[  496.039367][T30891] read to 0xffff888106c85328 of 1 bytes by task 30891 on cpu 0:
[  496.046988][T30891]  netlink_bind+0x365/0xbb0
[  496.051484][T30891]  __sys_bind+0x200/0x290
[  496.055821][T30891]  __x64_sys_bind+0x3d/0x50
[  496.060319][T30891]  do_syscall_64+0x4a/0x90
[  496.064733][T30891]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  496.070625][T30891] 
[  496.072934][T30891] Reported by Kernel Concurrency Sanitizer on:
[  496.079155][T30891] CPU: 0 PID: 30891 Comm: syz-executor.0 Not tainted 5.13.0-rc2-syzkaller #0
[  496.087909][T30891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  496.098052][T30891] ==================================================================
17:24:58 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x10}, 0x0, 0x0}})

17:24:58 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0xb, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:24:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:58 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc103, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:58 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x3a00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:58 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7a00000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:24:58 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x2000}, 0x0, 0x0}})

17:24:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  496.507026][T30973] validate_nla: 20 callbacks suppressed
[  496.507038][T30973] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  496.529158][T30976] loop3: detected capacity change from 0 to 264192
[  496.542146][T30976] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  496.546533][T30969] loop5: detected capacity change from 0 to 16383
[  496.567059][T30990] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  496.567692][T30969] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:24:58 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:58 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x4800}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:24:58 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x4000}, 0x0, 0x0}})

[  496.603961][T30976] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  496.604069][T30969] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  496.615133][T30976] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  496.626340][T30969] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:24:58 executing program 4:
r0 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:24:58 executing program 4:
r0 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  496.688238][T31006] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  496.713306][T31006] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:25:00 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000340)={0x0, 0x1, 0x6, @random="6a72d063ab4c"}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
sendmsg(r1, &(0x7f0000000d80)={&(0x7f00000003c0)=@nfc={0x27, 0x1, 0x2, 0x4}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000440)="6338a33c100b3c19dc80174dcea9041f8672c12a3cb43aef237951b230af34a100d0370e9b54", 0x26}, {&(0x7f0000000480)="242b8348e985bdda392476fc02fcf3e42058c040f9222a7e8013d99ee8b7fd0350f69c9e67da9cde83bae6b5565c694c772eb173e3c625fd8cdc698bad7fe0530d3b0922eaf2c4b66cb6819339a4b87cb0382a6d748232b94a06a82e8078af35a8f464ee81d47ba8bb8aa24a936dbab998e511eca2083ba7deaa7d20595d3e5d53a19f4899c019f59e23e437d463f311c98ced4c6a8f199fafa6c95da9d73d2475c6dd0813a6335867774fe18d0709bf612842596aad412af41ef21c9368f32e0531d6f435834e70c8f9000ecce687be70a51050914903927abb00cbc2dff23d", 0xe0}, {&(0x7f0000000580)="2d7675ac3f28699292a42797fd2af860f38cabf9f988aa8da4edec6d321857a04bced050b0f15b0405b758eac0ccd33736eabaf97c81f157706de38aab2c317431c6e00bc061", 0x46}, {&(0x7f0000000600)="3210ac1c3d0e2631ef1ed424393ef1baa0cfddec5ba72df6492060dbefd5383ba1cc9636d3bcd21abcca2018b49c02f6b5a4eead2516958ac511b57916d2ba4e21349dcfecaca29ed6bf54eb43357137672d505693f693909acb55f12b8bdfb406e23c57171ccbb545d94350e0eef2747c3f7a2c8fead9195420185a9ed88633046ff98f2ea89e71dbfc0dd71b342a3d241304f53a5a143b032a9327f58976ef854586e1aee2856b2d7095ada8fdddba6f35c29222b0e26a2ebfccd81e695f353b9c7ace", 0xc4}, {&(0x7f0000000700)="edffce5c0562164ae078b45e553ec6135343939c69414314ad833651f9ef7d3ea60731a05edb514911c63edcfdccbe6bc4d55bc8698c6f14b5ec013b1aaa5394935eec4443639dc098004bed2c348adccf350ea546e5647aa6f58ff3563e0dd8dc2beb203012fe718ce069adba615704bc9f79a45a3d2a9804f2a8880e05e6578eacf08f368cf071a2061e38edc6894a0979729ed7a52aebc793d179c8", 0x9d}, {&(0x7f00000007c0)="7656bfc8e1cd95168c34e6354993213eb5a70a8fb00661822c1834bc2a65ba574e9c87da6261470707abb3a5a1839296204557a5c962bd7ebdaadecc9ddb4c46b6443ed172d172aacf4dc3a3d9834e2b1f2b466634d18c35b21e63468b1f10fc4cfa475f7b7ee8c7090d", 0x6a}, {&(0x7f0000000840)="955e38b1933226c47cb1f8d8e78174c07e801f7e0084bd9188345fa7167765572bc571742a55a16858db6016f74dfd4ca3dd0efd0ed8ed42248c3ad795df3f8b82f1800b080b2c6cadf62f64c098481725947e697b2f072ef07309689263c20caede58a7ad7b9b128c160429e5ca2a798e988def7699f6264b959b06e87d54b5407a171d6fb8b1f1e519b4a3b3b23b75fbecba39284d96d81697e48b9771bdd46fb23ab396b79ab8b706d1b858ca1c0906653cfb80c823444c095737d007e2e140fa451d605100f1351b95283c4983924d26306cdf9a43e8ffd3f5e6eafb355f946edde1829a2ffdfdb126b0b2891aba", 0xf0}, {&(0x7f0000000940)="70f86f", 0x3}], 0x8, &(0x7f0000000a00)=[{0x80, 0x10f, 0x1ff, "12a2fd54051bcb790708ee9834d014aea10a42f8a6ef1cebec77af1a92bb22a894abb21aff24e4ed9c59143ab0309ee5bf0349663696d04bbae01ffc85473cbddbb10cac83c2767310adc0bb20de7fd964108e83f7d7a8191eee86de38e7c1fc1799497105208c9fe35cb189ed"}, {0xe0, 0x3a, 0x7, "67c1c8f637fa5d634a3e028296604a88072498ff08d40d760ab3fb158ea6b1b5efa1df6f00d8bcef47cd937c3c913dda1b8ac8fce1478f669eb7e8adb62993b12205857e610b22db752522606ee50d4ae05916e8c79789f10eef888de1a6be9b477436491b982faadf7d72e912ea9b88b763c3baa4fee534a04b7cfd92143d5b97e8d3addb3404aa7b881f9da8a5f019e6aec3f591cd47c6d8487503445b0cc77f1ea98c802f54166c536a6d0076649afbb78a52fb6049006179067d24c5ce72a89075dc6265cf5ce54b"}, {0x110, 0x84, 0x8001, "d241841c562ff5738dd0ef3400431ff4d272b200298c407bcfbf2a8dde6d06feb6e845baa9217ed1ac3604053a8776fb61afb57ab73352c4ec2018640e6bd345f86c3c3781270fd137e06746af1bf088df16813620a90bbe0a724d37b804047e41371e4ffc84ef45f9cf3ddd9676da3aee3ce13ac974c3ba52787c4c7e1317eefa98756b4b6df50aecf5c8350e5663dfb5f9a9bfe16da7954a724e82e93136d6d158f776558880f77532fa7538336cdfb17beb3b03330364cc9625b4f2d913172f85739ecc6ca600ddc120c98f04f0d6eba718d939ab1fda84481002b0f7b2b19c34b0af3b6940f55d4f9530171ec1d842cc9a9177042e4b75"}, {0xe0, 0x100, 0x8, "7c931599d64ddb4dc368bbf8594a3f54261aab35113e06d8f8229877f0088013bd4221332f97baaba23cf9ffc2215f7cf06cc320a2b69ad25d197438a799476eb9c41d6ae99537daf9830bf11b82b547ed442dabd147aaf015076a3ccf08b87a92c4a3a0e26624903cbe973deb3f3e4fb8986d890fd299b29a8e20646099c78bbcb02d4aec85b93a4443b60e755144d777ede2ce4092f31a6134162b7155c0aca5d47013594a39132ef2e90af3c619258af29219bdd191bcc271197afb455033d3e8ba5c9715ef9bab3253e4"}], 0x350}, 0x800)
r2 = socket(0x10, 0x80002, 0x0)
bind$netlink(r2, &(0x7f0000177ff4)={0x10, 0x0, 0x4, 0x20}, 0xc)
write(r2, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000380)=0xfff, 0x4)
sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000300)=[{{&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)=""/177, 0xb1}, {&(0x7f00000001c0)=""/145, 0x91}, {&(0x7f0000000280)=""/118, 0x76}], 0x3}, 0x40000100}], 0x1, 0x2, 0x0)

17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x4c00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:00 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7e06000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:00 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 4:
r0 = syz_open_dev$evdev(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xc801, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:00 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x10}, 0x0, 0x0}})

17:25:00 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  497.801899][T31039] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  497.826717][T31039] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  497.842844][T31041] loop5: detected capacity change from 0 to 16383
17:25:00 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x6000}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  497.850804][T31046] loop3: detected capacity change from 0 to 264192
[  497.861256][T31045] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  497.861431][T31041] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  497.880295][T31046] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:00 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2000}, 0x0, 0x0}})

[  497.919584][T31068] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  497.929781][T31046] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  497.941100][T31046] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  497.952282][T31072] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
17:25:00 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x7fffffffffffffff, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x6800}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:00 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x4000}, 0x0, 0x0}})

[  497.964617][T31073] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  497.989838][T31041] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  498.001047][T31041] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:00 executing program 0:
socket$inet6(0xa, 0x6, 0x3)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
write(r1, &(0x7f0000000000)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e97bb1238ae4", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x4, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRES16=r4, @ANYBLOB="010000000000000000000c00000008000300", @ANYRES32=r3, @ANYBLOB], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x8}}}}, [@NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x2, 0x0, 0x2, 0x0, {0x8, 0x9, 0x0, 0x3f8, 0x0, 0x1, 0x1, 0x1}, 0x1, 0x1f, 0xb7}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0xc000)

17:25:00 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xd001, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:00 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x6c00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  498.101372][T31101] loop3: detected capacity change from 0 to 264192
[  498.110184][T31101] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  498.119658][   T25] audit: type=1400 audit(1621617900.346:44): avc:  denied  { create } for  pid=31099 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
17:25:00 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x10, 0x0}})

17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x7400}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  498.166985][T31101] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  498.178087][T31101] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:00 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:00 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8407000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4, 0x2, 0x7a00}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  498.214065][T31128] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=31128 comm=syz-executor.0
[  498.229406][T31126] loop5: detected capacity change from 0 to 16383
[  498.241741][T31126] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:00 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0xf}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  498.289826][T31126] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  498.301090][T31126] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  498.338179][T31153] loop3: detected capacity change from 0 to 264192
[  498.346395][T31153] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  498.381321][T31153] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  498.392429][T31153] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:01 executing program 0:
r0 = socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x210081, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x18, 0x3f9, 0x200, 0x70bd25, 0x25dfdbfc, {0x1}, ["", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x4001}, 0x40)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001680), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000002800)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001f00000008000100000000000800030001"], 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_GET_MPATH(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r4, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44804}, 0x80000)

17:25:01 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:01 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x600, 0x0}})

17:25:01 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xedc0, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x10}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:01 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8607000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  498.999941][T31175] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=31175 comm=syz-executor.0
17:25:01 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0xc0}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  499.045082][T31182] loop3: detected capacity change from 0 to 264192
[  499.051854][T31185] loop5: detected capacity change from 0 to 16383
[  499.061092][T31182] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  499.072445][T31185] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:01 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x2000, 0x0}})

[  499.107321][T31182] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  499.118449][T31182] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  499.137684][T31185] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:25:01 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:01 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0xec0}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:01 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf301, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  499.148783][T31185] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  499.258813][T31235] loop5: detected capacity change from 0 to 16383
[  499.272075][T31235] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  499.287315][T31235] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  499.298620][T31235] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:02 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)="9ea6868ee7b00e963c6e2d8dfadd21b75aec3b054818f997b7c4e31ae0875d3bf66dc2fb409c0e08ca1869543628377fbae63788bce3f80b45990d785d193d033615ca7651e4ee53bd69a479aafd3e92ba453f337bccdc14813cdbf47d3bdad06c59ee5128cb83d4969016288d251a5860054649baeadaf8ece2b31ad4d8e4a7e142dff22f17a54b741208f31391d932466c2434e129bb9780529535b4d022ff4ea9e878cef92822beebaac8e3f55470a1b10aad056c41637b05dfcf31ded127764c8b0c791842967a2db64db7318dd19f06a5e97d25f1a0de8d99a6b97f449a825a", 0xe2}, {&(0x7f0000000000)="0afca4919ea819cea2f8fdc2e12ef9f7f015db94f3df2de734", 0x19}], 0x2)
r1 = socket(0x10, 0x80002, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0), 0x400040, 0x0)
write$binfmt_misc(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="73797a31e7a8addb040000ffffff7f2af06d2f62ced08c863f6d36"], 0x29)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
writev(r0, &(0x7f0000000380)=[{&(0x7f0000000240)="f5fa4256fb333dbbef46f58da0a04a7385b0141b7af1830a5149fca95d6b7f0bb40c418149d7e4cedb7cc22a3cddc17b6dce374bb15f516e4ed887bfef39d544f00c13943b86247a77dabfa4ae8f1e0c94083f31657045d66c03ba17f4418a0ddb4faa3d27457146ff4416dec8a14a22feac20d92c6445f9bad880b4d9f8c1d7ed8b6eac221ac3acc6d51a8131b0d95e8bfcf39b9d33c95a", 0x98}, {&(0x7f0000000300)="a400554027f355f08f7a224c1251d8c8463df1626cefd22b3ee145aaf7483cfc9514267fe08dda0d17b63dd632710cdb9b54090235169f92ff2a04ec7933179481ce935d1f8a75a73bf7d9", 0x4b}], 0x2)

17:25:02 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:02 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x4000, 0x0}})

17:25:02 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x8cffffff00000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x33fe0}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf401, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:02 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  499.920596][T31260] loop5: detected capacity change from 0 to 16383
[  499.927009][T31262] loop3: detected capacity change from 0 to 264192
[  499.929273][T31260] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x200003bc}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:02 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x60000, 0x0}})

[  499.961810][T31262] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:02 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7ffff000}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:02 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  500.005965][T31262] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  500.017176][T31262] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  500.044990][T31260] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
17:25:02 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa51e000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

[  500.056117][T31260] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  500.157649][T31310] loop3: detected capacity change from 0 to 264192
[  500.166878][T31310] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  500.186932][T31310] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  500.198385][T31310] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:03 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x500, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:25:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0xfffffdef}}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:03 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:03 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x200000, 0x0}})

17:25:03 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf501, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:03 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa61e000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:03 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x2}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:03 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x10000000, 0x0}})

[  500.851394][T31333] loop3: detected capacity change from 0 to 264192
[  500.864215][T31336] loop5: detected capacity change from 0 to 16383
[  500.873910][T31336] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  500.886706][T31333] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:03 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  500.914563][T31336] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  500.925718][T31336] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:03 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf601, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:03 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x3}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  500.985357][T31333] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  500.996486][T31333] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  501.069483][T31377] loop5: detected capacity change from 0 to 16383
[  501.097404][T31377] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  501.156802][T31377] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  501.168056][T31377] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:04 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:04 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x40000000, 0x0}})

17:25:04 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
r0 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
syz_io_uring_setup(0x374, &(0x7f0000000080), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x40, &(0x7f0000000140)=0x307e, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x989680}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
syz_io_uring_submit(0x0, r3, &(0x7f0000000140)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x0, @fd_index=0x8, 0x3, 0x0, 0x0, 0xf, 0x0, {0x2}}, 0x9)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x14)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
connect$netlink(r0, &(0x7f0000000000)=@unspec, 0xc)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r2, 0x114, &(0x7f0000000180), 0x0, 0x4)

17:25:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x4}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:04 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xa71e000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:04 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xf901, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:04 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x5}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:04 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0xfdfdffff, 0x0}})

[  502.228412][T31406] loop5: detected capacity change from 0 to 16383
[  502.239703][T31407] loop3: detected capacity change from 0 to 264192
[  502.243670][T31406] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  502.256993][T31407] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  502.313627][T31406] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  502.324959][T31406] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  502.336552][T31407] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
17:25:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x6}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:04 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, 0x0, 0x0, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:04 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0xfffffdfd, 0x0}})

[  502.350536][T31407] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
17:25:04 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:04 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x8}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:04 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x0)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x12, r0, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
pipe2(&(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x0)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000240), 0x42c222, 0x0)
ioctl$EVIOCGNAME(r3, 0x80404506, &(0x7f00000003c0)=""/228)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xa00)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_MARK_MASK={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40010}, 0x4000000)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000100)=[r4, r0, r5], 0x3)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={@mcast1, 0x23})

[  502.497175][T31469] validate_nla: 14 callbacks suppressed
[  502.497188][T31469] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[  502.543959][T31474] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
17:25:05 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfa01, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:05 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb801000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:05 executing program 0:
socket$inet6(0xa, 0x2, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:25:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x9}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:05 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:05 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000507000/0x4000)=nil, 0x4000, 0x1000008, 0x40010, r1, 0x10000000)
r3 = syz_io_uring_setup(0x3977, &(0x7f0000000100), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000180))
r4 = syz_io_uring_setup(0x5417, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000240), &(0x7f0000000280))
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0x2, 0xc04a01, r5)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index=0x8, 0x14000, 0x0, 0x100, 0x1, 0x1, {0x0, r5}}, 0x1ff)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x5)
mmap(&(0x7f0000507000/0x1000)=nil, 0x1000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:05 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0xa}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:05 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0x0, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  503.660150][T31488] loop5: detected capacity change from 0 to 16383
[  503.669745][T31488] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  503.693062][T31498] loop3: detected capacity change from 0 to 264192
[  503.713292][T31488] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  503.724611][T31488] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  503.753089][T31498] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:06 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0xb}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:06 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0xdec, 0x201)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x5, {0x6}, {0xfb}, @period={0x5d, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:06 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfb01, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:06 executing program 4:
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:06 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x10}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

[  503.846413][T31498] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  503.857517][T31498] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  503.909207][T31536] loop5: detected capacity change from 0 to 16383
[  503.919369][T31536] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:06 executing program 4:
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:06 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x103001, 0x19c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  503.989501][T31536] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  504.000869][T31536] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  504.016340][T31552] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[  504.028554][T31552] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
17:25:07 executing program 0:
socket$inet6(0xa, 0x0, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000480)={0x5, &(0x7f0000000000)=[{0x8, 0x20, 0x6, 0x1}, {0x1f, 0xff, 0x81, 0x7f}, {0xc3, 0xb6, 0x9, 0x1f}, {0x1, 0x80, 0x7f, 0x160}, {0x8, 0x40, 0x26, 0xfffffffb}]})
writev(r1, &(0x7f0000000400)=[{&(0x7f00000000c0)="57b415ea50e85e366a55e82f318d867addcda4bb6b0f89686dbe177d5844a88a00ce64c8cfb25124923d3fb0dc7fb3bec47023beb270dd5f177248696f4aa287f43f1e75f2c8aa36e143e3e7e273d68fada2a5a77dee1f2fb59896a2ebf6cb9e6e9bd8a8dccc95a317cc9aaa9b3be907232d1b963baf0756058da56d1c80d2ba8f814bd00f58d3b253edb79e9502cf7c2001dff6d84fcd2c2b7b360ab69f001be643612b6a8d94593970092839b93460bc736ebbc4f042563ae5a5c852e30c3e207764ad4cf786aa69d5e6", 0xcb}, {&(0x7f00000001c0)="39d7ce39d5b4f963e3d7fc5a37c64b222e518748ffb9717a3cbb9dd043e7f5dcd0e020d755973b93447d45e73e7880f844f5df478f6a8c8881bbefc2381d46f855f8a903b91ebc7d3bd3a197bda7863ede8bcc35687011a1ca1447f137be7365fd8ec66c106abc992ba0fe7488ef79ef14b4feb4fe719c415e69c0551ed31b60310062661e18972f", 0x88}, {&(0x7f0000000280)="e30da59f4e915a8e1172365cc2bf8947", 0x10}, {&(0x7f00000002c0)="7719439c202272403fc0c835754d5d0a6b431b8dbd6ce77bb593a2e205250c455e6066e82b329dbb8323cef5", 0x2c}, {&(0x7f0000000300)="b1c71d429dba30281fd0dac7a48aa5564c8444e5785ec65420a251fca4fc9b17e6a2e6ebc75354a27b6d2859447859431fa7d9776ac4e2540aaf1fd1260cf3a4cfa774fa97b30f3126d06e4d93ae40018d64b8ea22daba1e70efeae5f0d4f0f0f7899308305cb83011e17d266d2c7b2e72cf81491ddd963c6c4c60569e3a8705013c5f1feeebf2d680f3d897dcf9605e733263eb46c20f50a155fc0a0974826bd71c20f687f8a08e0a50650193ec7a1da366b0a659465f9c7df5d965bdc6f2e77a16bf2b88b578506f01f6653437f9123f3225c86f2832cddd45e62a2c485f834c7020a4446a84ea41f391e55b72b5fe3a891e02e0fde12b99ec93f3ba", 0xfd}], 0x5)
write(r0, &(0x7f0000000040)="2600000022004701050000000002000005e1065a546feb1c04adb017ca5bdec1e98ae4ab5500", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)

17:25:07 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xb901000000000000, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:07 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x11}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:07 executing program 4:
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x5452, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:07 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x208400, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

17:25:07 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0xfe01, 0x7, &(0x7f0000000380)=[{&(0x7f0000000040)="200000000202000019000000500100000f000000000000000000000004000000000002000020000020000000d8f4655fd8f4655f0100ffff53ef010001000000d7f4655f000000000000000400000000000000000b0000008000000018000000c20500002b02", 0x66, 0x400}, {&(0x7f0000000180)="0000e331000000001100006fbe38543112eb43ac9dbc7e1411f64d55010040", 0x1f, 0x4e0}, {&(0x7f00000001c0)="010000000000050040", 0x9, 0x560}, {&(0x7f0000010300)="030000000400000005", 0x9, 0x800}, {&(0x7f0000010d00)="ed41000000040000d7f4655fd8f4655fd8f4655f000000000000040020", 0x1d, 0x1480}, {&(0x7f00000000c0)="504d4d00504d4dff", 0x8, 0x10000}, {0x0, 0x0, 0xfffffffffffffffc}], 0x0, &(0x7f00000002c0)={[{@nolazytime}, {@max_batch_time}]})

17:25:07 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x19}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:07 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, 0x0)

17:25:07 executing program 1:
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
signalfd4(r0, &(0x7f0000000040)={[0x80]}, 0x8, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r1, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x5c, 0x8f3a, 0x101, 0x5, 0x8000, {0x9, 0x101, 0x1, 0xf800}, 0x4, &(0x7f0000000080)=[0x7ffc, 0x2, 0x8, 0xffb0]}})

[  504.982951][T31576] loop5: detected capacity change from 0 to 16383
[  504.999466][T31576] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:07 executing program 4:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$EVIOCSFF(r0, 0x5452, 0x0)

[  505.036936][T31577] loop3: detected capacity change from 0 to 264192
[  505.055132][T31576] EXT4-fs error (device loop5): ext4_orphan_get:1413: comm syz-executor.5: bad orphan inode 1862270993
[  505.062608][T31577] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
17:25:07 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}, 0x25}, 0x0)
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

17:25:07 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x4}]}]}]}, 0x7c}}, 0x0)
mmap(&(0x7f00006a9000/0x3000)=nil, 0x3000, 0x1000009, 0x1010, r2, 0x558fe000)
ioctl$EVIOCSFF(r0, 0x80104592, &(0x7f00000002c0)={0x51, 0x0, 0x0, {0x6}, {0xfb}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

[  505.066286][T31576] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  505.119743][T31577] EXT4-fs error (device loop3): ext4_orphan_get:1413: comm syz-executor.3: bad orphan inode 1862270993
[  505.123194][T31610] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[  505.131057][T31577] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: none.
[  505.170191][T31610] netlink: 'syz-executor.1': attribute type 2 has an invalid length.