ages+0x1b4/0x880
[  290.401863][T16849]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  290.407411][T16849]  bio_iov_iter_get_pages+0x1e1/0x300
[  290.412759][T16849]  blkdev_direct_IO+0x626/0xf60
[  290.417647][T16849]  ? aio_prep_rw+0x3b0/0x3b0
[  290.422214][T16849]  ? current_time+0xdb/0x190
[  290.426781][T16849]  ? atime_needs_update+0x290/0x370
[  290.431976][T16849]  ? touch_atime+0x10e/0x2d0
[  290.436590][T16849]  generic_file_read_iter+0x2c4/0x3d0
[  290.441941][T16849]  blkdev_read_iter+0xb3/0xc0
[  290.446596][T16849]  aio_read+0x1be/0x280
[  290.450731][T16849]  ? __rcu_read_unlock+0x51/0x250
[  290.455803][T16849]  io_submit_one+0x62d/0x1230
[  290.460464][T16849]  ? asm_exc_page_fault+0x1e/0x30
[  290.465508][T16849]  __se_sys_io_submit+0xf5/0x270
[  290.470452][T16849]  ? ksys_write+0x157/0x180
[  290.474930][T16849]  ? fpregs_assert_state_consistent+0x7d/0x90
[  290.480971][T16849]  __x64_sys_io_submit+0x3f/0x50
[  290.485886][T16849]  do_syscall_64+0x39/0x80
[  290.490334][T16849]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  290.496208][T16849] RIP: 0033:0x45e149
[  290.500077][T16849] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  290.519672][T16849] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  290.528059][T16849] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  290.536079][T16849] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  290.544027][T16849] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  290.551974][T16849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  290.560032][T16849] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:15 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  290.582123][T16835] loop5: detected capacity change from 264192 to 0
16:56:15 executing program 4 (fault-call:2 fault-nth:8):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  290.720960][T16867] tbf_change: 2 callbacks suppressed
[  290.720973][T16867] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  290.745803][T16867] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:15 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0000ef, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:15 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000008, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:15 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000406, 0x1c49000}])

16:56:15 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49005}])

[  290.841687][T16871] FAULT_INJECTION: forcing a failure.
[  290.841687][T16871] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  290.863739][T16871] CPU: 0 PID: 16871 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  290.872171][T16871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.883348][T16871] Call Trace:
[  290.886608][T16871]  dump_stack+0x116/0x15d
[  290.890914][T16871]  should_fail+0x231/0x240
[  290.895305][T16871]  __alloc_pages_nodemask+0xd8/0x350
[  290.900566][T16871]  alloc_pages_vma+0x718/0x890
[  290.905323][T16871]  do_huge_pmd_anonymous_page+0x643/0x940
[  290.911020][T16871]  ? prandom_u32_state+0x9/0x80
[  290.915848][T16871]  ? __rcu_read_unlock+0x51/0x250
[  290.920939][T16871]  ? pmdp_set_access_flags+0x4c/0x60
[  290.926202][T16871]  handle_mm_fault+0x11fb/0x17b0
[  290.931182][T16871]  __get_user_pages+0xa32/0xff0
[  290.936011][T16871]  get_user_pages_unlocked+0x135/0x5f0
[  290.941461][T16871]  __gup_longterm_unlocked+0x4e/0x220
[  290.946808][T16871]  internal_get_user_pages_fast+0x7f4/0x900
[  290.952698][T16871]  get_user_pages_fast+0x5d/0x80
[  290.957649][T16871]  iov_iter_get_pages+0x1b4/0x880
[  290.962650][T16871]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  290.968135][T16871]  bio_iov_iter_get_pages+0x1e1/0x300
[  290.973583][T16871]  blkdev_direct_IO+0x626/0xf60
[  290.978470][T16871]  ? aio_prep_rw+0x3b0/0x3b0
[  290.983052][T16871]  ? current_time+0xdb/0x190
[  290.987617][T16871]  ? atime_needs_update+0x290/0x370
[  290.992790][T16871]  ? touch_atime+0x10e/0x2d0
[  290.997398][T16871]  generic_file_read_iter+0x2c4/0x3d0
[  291.002854][T16871]  blkdev_read_iter+0xb3/0xc0
[  291.007512][T16871]  aio_read+0x1be/0x280
[  291.011644][T16871]  ? __rcu_read_unlock+0x51/0x250
[  291.016689][T16871]  io_submit_one+0x62d/0x1230
[  291.021340][T16871]  ? asm_exc_page_fault+0x1e/0x30
[  291.026343][T16871]  __se_sys_io_submit+0xf5/0x270
[  291.031257][T16871]  ? ksys_write+0x157/0x180
[  291.035740][T16871]  ? fpregs_assert_state_consistent+0x7d/0x90
[  291.041784][T16871]  __x64_sys_io_submit+0x3f/0x50
[  291.046768][T16871]  do_syscall_64+0x39/0x80
[  291.051187][T16871]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  291.057054][T16871] RIP: 0033:0x45e149
[  291.061458][T16871] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  291.081082][T16871] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  291.089466][T16871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  291.097412][T16871] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  291.105354][T16871] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  291.113446][T16871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  291.121392][T16871] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:15 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:15 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000124, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  291.239731][T16886] loop5: detected capacity change from 264192 to 0
16:56:15 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49007}])

16:56:15 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000500, 0x1c49000}])

16:56:16 executing program 4 (fault-call:2 fault-nth:9):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  291.346132][T16893] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  291.363714][T16893] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:16 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000204, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:16 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  291.406011][T16886] loop5: detected capacity change from 264192 to 0
[  291.467661][T16911] FAULT_INJECTION: forcing a failure.
[  291.467661][T16911] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  291.485567][T16911] CPU: 0 PID: 16911 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  291.493984][T16911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.504034][T16911] Call Trace:
[  291.507318][T16911]  dump_stack+0x116/0x15d
[  291.511669][T16911]  should_fail+0x231/0x240
[  291.516080][T16911]  __alloc_pages_nodemask+0xd8/0x350
[  291.518074][T16913] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  291.521362][T16911]  alloc_pages_current+0x21d/0x310
[  291.533465][T16911]  pte_alloc_one+0x27/0x90
[  291.537943][T16911]  __do_huge_pmd_anonymous_page+0xfe/0x910
[  291.543800][T16911]  ? alloc_pages_vma+0x725/0x890
[  291.548961][T16911]  do_huge_pmd_anonymous_page+0x69b/0x940
[  291.554729][T16911]  ? prandom_u32_state+0x9/0x80
[  291.559575][T16911]  ? __rcu_read_unlock+0x51/0x250
[  291.561079][T16913] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  291.564600][T16911]  ? pmdp_set_access_flags+0x4c/0x60
[  291.564624][T16911]  handle_mm_fault+0x11fb/0x17b0
[  291.564653][T16911]  __get_user_pages+0xa32/0xff0
[  291.564677][T16911]  get_user_pages_unlocked+0x135/0x5f0
[  291.594826][T16911]  __gup_longterm_unlocked+0x4e/0x220
[  291.600893][T16911]  internal_get_user_pages_fast+0x7f4/0x900
[  291.606893][T16911]  get_user_pages_fast+0x5d/0x80
[  291.612493][T16911]  iov_iter_get_pages+0x1b4/0x880
[  291.617528][T16911]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  291.622993][T16911]  bio_iov_iter_get_pages+0x1e1/0x300
[  291.628371][T16911]  blkdev_direct_IO+0x626/0xf60
[  291.634326][T16911]  ? aio_prep_rw+0x3b0/0x3b0
[  291.638911][T16911]  ? current_time+0xdb/0x190
[  291.643495][T16911]  ? atime_needs_update+0x290/0x370
[  291.648685][T16911]  ? touch_atime+0x10e/0x2d0
[  291.654189][T16911]  generic_file_read_iter+0x2c4/0x3d0
[  291.660101][T16911]  blkdev_read_iter+0xb3/0xc0
[  291.664854][T16911]  aio_read+0x1be/0x280
[  291.669004][T16911]  ? __rcu_read_unlock+0x51/0x250
[  291.674029][T16911]  io_submit_one+0x62d/0x1230
[  291.679731][T16911]  ? asm_exc_page_fault+0x1e/0x30
[  291.684853][T16911]  __se_sys_io_submit+0xf5/0x270
[  291.691298][T16911]  ? ksys_write+0x157/0x180
[  291.695819][T16911]  ? fpregs_assert_state_consistent+0x7d/0x90
[  291.701879][T16911]  __x64_sys_io_submit+0x3f/0x50
[  291.707401][T16911]  do_syscall_64+0x39/0x80
[  291.711821][T16911]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  291.718819][T16911] RIP: 0033:0x45e149
[  291.722706][T16911] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  291.743119][T16911] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  291.751885][T16911] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  291.760351][T16911] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:56:16 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000604, 0x1c49000}])

[  291.768760][T16911] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  291.777613][T16911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009
[  291.786516][T16911] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:16 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49008}])

16:56:16 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00000d, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:16 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000300, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:16 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:16 executing program 4 (fault-call:2 fault-nth:10):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  291.977862][T16928] loop5: detected capacity change from 264192 to 0
[  291.999312][T16936] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  292.010359][T16936] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:16 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:16 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000700, 0x1c49000}])

16:56:16 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c4900d}])

16:56:16 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000402, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:16 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00000f, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  292.202977][T16943] FAULT_INJECTION: forcing a failure.
[  292.202977][T16943] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  292.261312][T16943] CPU: 0 PID: 16943 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  292.269741][T16943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.271485][T16951] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  292.279961][T16943] Call Trace:
[  292.279970][T16943]  dump_stack+0x116/0x15d
[  292.279996][T16943]  should_fail+0x231/0x240
[  292.280014][T16943]  __alloc_pages_nodemask+0xd8/0x350
[  292.304990][T16943]  alloc_pages_vma+0x718/0x890
[  292.310387][T16943]  do_huge_pmd_anonymous_page+0x643/0x940
[  292.317141][T16943]  ? __rcu_read_unlock+0x51/0x250
[  292.322997][T16943]  ? pmdp_set_access_flags+0x4c/0x60
[  292.328775][T16943]  handle_mm_fault+0x11fb/0x17b0
[  292.334633][T16943]  __get_user_pages+0xa32/0xff0
[  292.340288][T16943]  get_user_pages_unlocked+0x135/0x5f0
[  292.345789][T16943]  __gup_longterm_unlocked+0x4e/0x220
[  292.351222][T16943]  internal_get_user_pages_fast+0x7f4/0x900
[  292.357098][T16943]  get_user_pages_fast+0x5d/0x80
[  292.362096][T16943]  iov_iter_get_pages+0x1b4/0x880
[  292.367147][T16943]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  292.372636][T16943]  bio_iov_iter_get_pages+0x1e1/0x300
[  292.378053][T16943]  blkdev_direct_IO+0x626/0xf60
[  292.382921][T16943]  ? aio_prep_rw+0x3b0/0x3b0
[  292.387506][T16943]  ? current_time+0xdb/0x190
[  292.392082][T16943]  ? atime_needs_update+0x290/0x370
[  292.397255][T16943]  ? touch_atime+0x10e/0x2d0
[  292.401882][T16943]  generic_file_read_iter+0x2c4/0x3d0
[  292.407233][T16943]  blkdev_read_iter+0xb3/0xc0
[  292.411891][T16943]  aio_read+0x1be/0x280
[  292.416110][T16943]  ? __rcu_read_unlock+0x51/0x250
[  292.421124][T16943]  io_submit_one+0x62d/0x1230
[  292.425791][T16943]  ? asm_exc_page_fault+0x1e/0x30
[  292.430846][T16943]  __se_sys_io_submit+0xf5/0x270
[  292.435772][T16943]  ? ksys_write+0x157/0x180
[  292.440266][T16943]  ? fpregs_assert_state_consistent+0x7d/0x90
[  292.446311][T16943]  __x64_sys_io_submit+0x3f/0x50
[  292.451257][T16943]  do_syscall_64+0x39/0x80
[  292.455759][T16943]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  292.461734][T16943] RIP: 0033:0x45e149
[  292.465615][T16943] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  292.485367][T16943] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  292.493788][T16943] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  292.501824][T16943] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  292.509771][T16943] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  292.517717][T16943] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a
[  292.525778][T16943] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:17 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c4900f}])

16:56:17 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000406, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:17 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000d00, 0x1c49000}])

16:56:17 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  292.654323][T16958] loop5: detected capacity change from 264192 to 0
16:56:17 executing program 4 (fault-call:2 fault-nth:11):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:17 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49072}])

[  292.792582][T16969] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  292.799767][T16958] loop5: detected capacity change from 264192 to 0
16:56:17 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000f00, 0x1c49000}])

16:56:17 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000500, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:17 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c490ef}])

[  292.917028][T16977] FAULT_INJECTION: forcing a failure.
[  292.917028][T16977] name fail_page_alloc, interval 1, probability 0, space 0, times 0
16:56:17 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000010, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:17 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  293.072539][T16977] CPU: 0 PID: 16977 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  293.081187][T16977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.091236][T16977] Call Trace:
[  293.094517][T16977]  dump_stack+0x116/0x15d
[  293.098842][T16977]  should_fail+0x231/0x240
[  293.103284][T16977]  __alloc_pages_nodemask+0xd8/0x350
[  293.108558][T16977]  alloc_pages_current+0x21d/0x310
[  293.109514][T16994] loop5: detected capacity change from 264192 to 0
[  293.113722][T16977]  pte_alloc_one+0x27/0x90
[  293.113778][T16977]  __do_huge_pmd_anonymous_page+0xfe/0x910
[  293.130441][T16977]  ? alloc_pages_vma+0x725/0x890
[  293.135384][T16977]  do_huge_pmd_anonymous_page+0x69b/0x940
[  293.141103][T16977]  ? kvm_sched_clock_read+0x15/0x40
[  293.144491][T16995] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  293.146400][T16977]  ? prandom_u32_state+0x9/0x80
[  293.158234][T16977]  ? __rcu_read_unlock+0x51/0x250
[  293.163319][T16977]  ? pmdp_set_access_flags+0x4c/0x60
[  293.168638][T16977]  handle_mm_fault+0x11fb/0x17b0
[  293.173642][T16977]  __get_user_pages+0xa32/0xff0
[  293.178506][T16977]  get_user_pages_unlocked+0x135/0x5f0
[  293.183960][T16977]  __gup_longterm_unlocked+0x4e/0x220
[  293.189437][T16977]  internal_get_user_pages_fast+0x7f4/0x900
[  293.195327][T16977]  get_user_pages_fast+0x5d/0x80
[  293.200260][T16977]  iov_iter_get_pages+0x1b4/0x880
[  293.205432][T16977]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  293.210897][T16977]  bio_iov_iter_get_pages+0x1e1/0x300
[  293.216299][T16977]  blkdev_direct_IO+0x626/0xf60
16:56:17 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000604, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  293.221146][T16977]  ? aio_prep_rw+0x3b0/0x3b0
[  293.226288][T16977]  ? current_time+0xdb/0x190
[  293.232983][T16977]  ? atime_needs_update+0x290/0x370
[  293.239073][T16977]  ? touch_atime+0x10e/0x2d0
[  293.245197][T16977]  generic_file_read_iter+0x2c4/0x3d0
[  293.250912][T16977]  blkdev_read_iter+0xb3/0xc0
[  293.256572][T16977]  aio_read+0x1be/0x280
[  293.261623][T16977]  ? __rcu_read_unlock+0x51/0x250
[  293.266237][T16995] validate_nla: 2 callbacks suppressed
[  293.266247][T16995] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  293.266655][T16977]  io_submit_one+0x62d/0x1230
[  293.284880][T16977]  ? asm_exc_page_fault+0x1e/0x30
[  293.290066][T16977]  __se_sys_io_submit+0xf5/0x270
[  293.297339][T16977]  ? ksys_write+0x157/0x180
[  293.302359][T16977]  ? fpregs_assert_state_consistent+0x7d/0x90
[  293.309350][T16977]  __x64_sys_io_submit+0x3f/0x50
[  293.315317][T16977]  do_syscall_64+0x39/0x80
[  293.319972][T16977]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  293.325900][T16977] RIP: 0033:0x45e149
[  293.330374][T16977] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  293.350451][T16977] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  293.359303][T16977] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  293.367720][T16977] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  293.376313][T16977] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  293.384992][T16977] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b
[  293.392957][T16977] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:18 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80002000, 0x1c49000}])

16:56:18 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x81c47fff}])

16:56:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  293.499846][T16994] loop5: detected capacity change from 264192 to 0
[  293.533005][T17015] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:18 executing program 4 (fault-call:2 fault-nth:12):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  293.545255][T17015] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:18 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000700, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:18 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00008a, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  293.668647][T17027] FAULT_INJECTION: forcing a failure.
[  293.668647][T17027] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  293.682450][T17027] CPU: 0 PID: 17027 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  293.690991][T17027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.701029][T17027] Call Trace:
[  293.704290][T17027]  dump_stack+0x116/0x15d
[  293.708607][T17027]  should_fail+0x231/0x240
[  293.713068][T17027]  __alloc_pages_nodemask+0xd8/0x350
[  293.718400][T17027]  ? __perf_event_task_sched_in+0x565/0x590
[  293.724294][T17027]  alloc_pages_vma+0x718/0x890
[  293.729053][T17027]  do_huge_pmd_anonymous_page+0x643/0x940
[  293.734847][T17027]  ? prandom_u32_state+0x9/0x80
[  293.739737][T17027]  ? __rcu_read_unlock+0x51/0x250
[  293.744744][T17027]  ? pmdp_set_access_flags+0x4c/0x60
[  293.750015][T17027]  handle_mm_fault+0x11fb/0x17b0
[  293.754940][T17027]  __get_user_pages+0xa32/0xff0
[  293.759782][T17027]  get_user_pages_unlocked+0x135/0x5f0
[  293.765310][T17027]  __gup_longterm_unlocked+0x4e/0x220
[  293.770811][T17027]  internal_get_user_pages_fast+0x7f4/0x900
[  293.776701][T17027]  get_user_pages_fast+0x5d/0x80
[  293.781620][T17027]  iov_iter_get_pages+0x1b4/0x880
[  293.786634][T17027]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  293.792130][T17027]  bio_iov_iter_get_pages+0x1e1/0x300
[  293.797496][T17027]  blkdev_direct_IO+0x626/0xf60
[  293.802391][T17027]  ? aio_prep_rw+0x3b0/0x3b0
[  293.806983][T17027]  ? current_time+0xdb/0x190
[  293.811586][T17027]  ? atime_needs_update+0x290/0x370
[  293.816805][T17027]  ? touch_atime+0x10e/0x2d0
[  293.821372][T17027]  generic_file_read_iter+0x2c4/0x3d0
[  293.826773][T17027]  blkdev_read_iter+0xb3/0xc0
[  293.831588][T17027]  aio_read+0x1be/0x280
[  293.835737][T17027]  ? __rcu_read_unlock+0x51/0x250
[  293.840746][T17027]  io_submit_one+0x62d/0x1230
[  293.845403][T17027]  ? asm_exc_page_fault+0x1e/0x30
[  293.850464][T17027]  __se_sys_io_submit+0xf5/0x270
[  293.855383][T17027]  ? ksys_write+0x157/0x180
[  293.859898][T17027]  ? fpregs_assert_state_consistent+0x7d/0x90
[  293.866002][T17027]  __x64_sys_io_submit+0x3f/0x50
[  293.870925][T17027]  do_syscall_64+0x39/0x80
[  293.875337][T17027]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  293.881210][T17027] RIP: 0033:0x45e149
[  293.885083][T17027] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  293.904727][T17027] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:18 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000b901, 0x1c49000}])

16:56:18 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x3e80000000}])

[  293.913147][T17027] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  293.921096][T17027] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  293.929050][T17027] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  293.936999][T17027] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
[  293.944950][T17027] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:18 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000d00, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  294.031193][T17035] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  294.044670][T17035] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:18 executing program 4 (fault-call:2 fault-nth:13):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:18 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0xffffffffffffffff}])

16:56:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:18 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000efff, 0x1c49000}])

[  294.211168][T17049] FAULT_INJECTION: forcing a failure.
[  294.211168][T17049] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  294.239338][T17049] CPU: 1 PID: 17049 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  294.247973][T17049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  294.258718][T17049] Call Trace:
[  294.261994][T17049]  dump_stack+0x116/0x15d
[  294.266326][T17049]  should_fail+0x231/0x240
[  294.270734][T17049]  __alloc_pages_nodemask+0xd8/0x350
[  294.276012][T17049]  alloc_pages_current+0x21d/0x310
[  294.282201][T17049]  pte_alloc_one+0x27/0x90
[  294.286639][T17049]  __do_huge_pmd_anonymous_page+0xfe/0x910
[  294.292511][T17049]  ? alloc_pages_vma+0x725/0x890
[  294.297522][T17049]  do_huge_pmd_anonymous_page+0x69b/0x940
[  294.303251][T17049]  ? prandom_u32_state+0x9/0x80
[  294.308110][T17049]  ? __rcu_read_unlock+0x51/0x250
[  294.313141][T17049]  ? pmdp_set_access_flags+0x4c/0x60
[  294.318418][T17049]  handle_mm_fault+0x11fb/0x17b0
[  294.323367][T17049]  __get_user_pages+0xa32/0xff0
[  294.328236][T17049]  get_user_pages_unlocked+0x135/0x5f0
[  294.333774][T17049]  __gup_longterm_unlocked+0x4e/0x220
[  294.339196][T17049]  internal_get_user_pages_fast+0x7f4/0x900
[  294.346222][T17049]  get_user_pages_fast+0x5d/0x80
[  294.351496][T17049]  iov_iter_get_pages+0x1b4/0x880
[  294.356610][T17049]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  294.358426][T17053] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  294.362140][T17049]  bio_iov_iter_get_pages+0x1e1/0x300
[  294.374497][T17049]  blkdev_direct_IO+0x626/0xf60
[  294.379373][T17049]  ? aio_prep_rw+0x3b0/0x3b0
[  294.383948][T17049]  ? current_time+0xdb/0x190
[  294.388525][T17049]  ? atime_needs_update+0x290/0x370
[  294.393724][T17049]  ? touch_atime+0x10e/0x2d0
[  294.399154][T17049]  generic_file_read_iter+0x2c4/0x3d0
[  294.404520][T17049]  blkdev_read_iter+0xb3/0xc0
[  294.410080][T17049]  aio_read+0x1be/0x280
[  294.414230][T17049]  ? __rcu_read_unlock+0x51/0x250
[  294.419248][T17049]  io_submit_one+0x62d/0x1230
[  294.424767][T17049]  ? asm_exc_page_fault+0x1e/0x30
[  294.429790][T17049]  __se_sys_io_submit+0xf5/0x270
[  294.435640][T17049]  ? ksys_write+0x157/0x180
[  294.440763][T17049]  ? fpregs_assert_state_consistent+0x7d/0x90
[  294.446938][T17049]  __x64_sys_io_submit+0x3f/0x50
[  294.451873][T17049]  do_syscall_64+0x39/0x80
[  294.454573][T17053] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  294.456290][T17049]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  294.470207][T17049] RIP: 0033:0x45e149
[  294.474167][T17049] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  294.494069][T17049] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  294.503582][T17049] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:19 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000f00, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:19 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2}])

[  294.512515][T17049] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  294.520761][T17049] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  294.528729][T17049] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000d
[  294.536690][T17049] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:19 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000ffef, 0x1c49000}])

[  294.723813][T17069] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:19 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0000ef, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:19 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a002000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:19 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x3}])

16:56:19 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0xffffffffffffffff, 0x1c49000}])

16:56:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:19 executing program 4 (fault-call:2 fault-nth:14):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  295.077627][T17095] loop5: detected capacity change from 264192 to 0
[  295.085677][T17091] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  295.090205][T17094] FAULT_INJECTION: forcing a failure.
[  295.090205][T17094] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  295.114406][T17094] CPU: 1 PID: 17094 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  295.122850][T17094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.132985][T17094] Call Trace:
[  295.136256][T17094]  dump_stack+0x116/0x15d
[  295.140589][T17094]  should_fail+0x231/0x240
[  295.144989][T17094]  __alloc_pages_nodemask+0xd8/0x350
[  295.150267][T17094]  alloc_pages_vma+0x718/0x890
[  295.155052][T17094]  do_huge_pmd_anonymous_page+0x643/0x940
[  295.160781][T17094]  ? prandom_u32_state+0x9/0x80
[  295.165630][T17094]  ? __rcu_read_unlock+0x51/0x250
[  295.170714][T17094]  ? pmdp_set_access_flags+0x4c/0x60
[  295.176030][T17094]  handle_mm_fault+0x11fb/0x17b0
[  295.181011][T17094]  __get_user_pages+0xa32/0xff0
[  295.185927][T17094]  get_user_pages_unlocked+0x135/0x5f0
[  295.191440][T17094]  __gup_longterm_unlocked+0x4e/0x220
[  295.196882][T17094]  internal_get_user_pages_fast+0x7f4/0x900
[  295.202873][T17094]  get_user_pages_fast+0x5d/0x80
[  295.207803][T17094]  iov_iter_get_pages+0x1b4/0x880
[  295.212836][T17094]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  295.219398][T17094]  bio_iov_iter_get_pages+0x1e1/0x300
[  295.224767][T17094]  blkdev_direct_IO+0x626/0xf60
[  295.229923][T17094]  ? aio_prep_rw+0x3b0/0x3b0
[  295.235791][T17094]  ? current_time+0xdb/0x190
[  295.241083][T17094]  ? atime_needs_update+0x290/0x370
[  295.246839][T17094]  ? touch_atime+0x10e/0x2d0
[  295.252706][T17094]  generic_file_read_iter+0x2c4/0x3d0
[  295.259195][T17094]  blkdev_read_iter+0xb3/0xc0
[  295.265502][T17094]  aio_read+0x1be/0x280
[  295.271092][T17094]  ? __rcu_read_unlock+0x51/0x250
[  295.278039][T17094]  io_submit_one+0x62d/0x1230
[  295.283473][T17094]  ? asm_exc_page_fault+0x1e/0x30
[  295.288661][T17094]  __se_sys_io_submit+0xf5/0x270
[  295.294178][T17094]  ? ksys_write+0x157/0x180
[  295.299842][T17094]  ? fpregs_assert_state_consistent+0x7d/0x90
[  295.306589][T17094]  __x64_sys_io_submit+0x3f/0x50
[  295.313489][T17094]  do_syscall_64+0x39/0x80
[  295.319254][T17094]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  295.325148][T17094] RIP: 0033:0x45e149
[  295.329053][T17094] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  295.348654][T17094] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  295.357066][T17094] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  295.365051][T17094] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  295.373008][T17094] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  295.380963][T17094] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e
[  295.389020][T17094] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:20 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x4}])

16:56:20 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49002}])

16:56:20 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a002401, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:20 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000204, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:20 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:20 executing program 4 (fault-call:2 fault-nth:15):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  295.549067][T17109] loop5: detected capacity change from 264192 to 0
[  295.566386][T17115] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  295.586671][T17116] FAULT_INJECTION: forcing a failure.
[  295.586671][T17116] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  295.600055][T17116] CPU: 1 PID: 17116 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  295.608471][T17116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.618521][T17116] Call Trace:
[  295.621796][T17116]  dump_stack+0x116/0x15d
[  295.626131][T17116]  should_fail+0x231/0x240
[  295.630582][T17116]  __alloc_pages_nodemask+0xd8/0x350
[  295.636776][T17116]  alloc_pages_current+0x21d/0x310
[  295.643523][T17116]  pte_alloc_one+0x27/0x90
[  295.647948][T17116]  __do_huge_pmd_anonymous_page+0xfe/0x910
[  295.654407][T17116]  ? alloc_pages_vma+0x725/0x890
[  295.659423][T17116]  do_huge_pmd_anonymous_page+0x69b/0x940
[  295.665149][T17116]  ? __rcu_read_unlock+0x51/0x250
[  295.671191][T17116]  ? pmdp_set_access_flags+0x4c/0x60
[  295.677318][T17116]  handle_mm_fault+0x11fb/0x17b0
[  295.682766][T17116]  __get_user_pages+0xa32/0xff0
[  295.687625][T17116]  get_user_pages_unlocked+0x135/0x5f0
[  295.693169][T17116]  __gup_longterm_unlocked+0x4e/0x220
[  295.698768][T17116]  internal_get_user_pages_fast+0x7f4/0x900
[  295.705611][T17116]  get_user_pages_fast+0x5d/0x80
[  295.711293][T17116]  iov_iter_get_pages+0x1b4/0x880
[  295.718249][T17116]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  295.723746][T17116]  bio_iov_iter_get_pages+0x1e1/0x300
[  295.729120][T17116]  blkdev_direct_IO+0x626/0xf60
[  295.734050][T17116]  ? aio_prep_rw+0x3b0/0x3b0
[  295.738812][T17116]  ? current_time+0xdb/0x190
[  295.743379][T17116]  ? atime_needs_update+0x290/0x370
[  295.748694][T17116]  ? touch_atime+0x10e/0x2d0
[  295.753259][T17116]  generic_file_read_iter+0x2c4/0x3d0
[  295.758628][T17116]  blkdev_read_iter+0xb3/0xc0
[  295.763282][T17116]  aio_read+0x1be/0x280
[  295.767413][T17116]  ? __rcu_read_unlock+0x51/0x250
[  295.772453][T17116]  io_submit_one+0x62d/0x1230
[  295.777102][T17116]  ? asm_exc_page_fault+0x1e/0x30
[  295.782104][T17116]  __se_sys_io_submit+0xf5/0x270
[  295.787083][T17116]  ? ksys_write+0x157/0x180
[  295.791627][T17116]  ? fpregs_assert_state_consistent+0x7d/0x90
[  295.797681][T17116]  __x64_sys_io_submit+0x3f/0x50
[  295.802659][T17116]  do_syscall_64+0x39/0x80
[  295.807212][T17116]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  295.813308][T17116] RIP: 0033:0x45e149
[  295.817179][T17116] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  295.836982][T17116] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  295.845391][T17116] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  295.853377][T17116] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  295.861328][T17116] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  295.869314][T17116] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f
[  295.877301][T17116] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:20 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00efff, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:20 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x5}])

16:56:20 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:20 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49003}])

16:56:20 executing program 4 (fault-call:2 fault-nth:16):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  296.004222][T17109] loop5: detected capacity change from 264192 to 0
[  296.052710][T17132] tbf_change: 3 callbacks suppressed
[  296.052722][T17132] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  296.082069][T17132] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  296.110103][T17131] FAULT_INJECTION: forcing a failure.
[  296.110103][T17131] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  296.125285][T17131] CPU: 1 PID: 17131 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  296.133756][T17131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  296.143806][T17131] Call Trace:
[  296.147079][T17131]  dump_stack+0x116/0x15d
[  296.151458][T17131]  should_fail+0x231/0x240
[  296.155860][T17131]  __alloc_pages_nodemask+0xd8/0x350
[  296.161143][T17131]  alloc_pages_vma+0x718/0x890
[  296.165921][T17131]  do_huge_pmd_anonymous_page+0x643/0x940
[  296.171641][T17131]  ? prandom_u32_state+0x9/0x80
[  296.176488][T17131]  ? __rcu_read_unlock+0x51/0x250
[  296.181500][T17131]  ? pmdp_set_access_flags+0x4c/0x60
[  296.186816][T17131]  handle_mm_fault+0x11fb/0x17b0
[  296.191764][T17131]  __get_user_pages+0xa32/0xff0
[  296.196669][T17131]  get_user_pages_unlocked+0x135/0x5f0
[  296.202131][T17131]  __gup_longterm_unlocked+0x4e/0x220
[  296.207558][T17131]  internal_get_user_pages_fast+0x7f4/0x900
[  296.213510][T17131]  get_user_pages_fast+0x5d/0x80
[  296.218442][T17131]  iov_iter_get_pages+0x1b4/0x880
[  296.223463][T17131]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  296.228929][T17131]  bio_iov_iter_get_pages+0x1e1/0x300
[  296.234363][T17131]  blkdev_direct_IO+0x626/0xf60
[  296.239203][T17131]  ? aio_prep_rw+0x3b0/0x3b0
[  296.243777][T17131]  ? current_time+0xdb/0x190
[  296.248355][T17131]  ? atime_needs_update+0x290/0x370
[  296.253545][T17131]  ? touch_atime+0x10e/0x2d0
[  296.258191][T17131]  generic_file_read_iter+0x2c4/0x3d0
[  296.263555][T17131]  blkdev_read_iter+0xb3/0xc0
[  296.268231][T17131]  aio_read+0x1be/0x280
[  296.272381][T17131]  ? __rcu_read_unlock+0x51/0x250
[  296.277427][T17131]  io_submit_one+0x62d/0x1230
[  296.282158][T17131]  ? asm_exc_page_fault+0x1e/0x30
[  296.287209][T17131]  __se_sys_io_submit+0xf5/0x270
[  296.292149][T17131]  ? ksys_write+0x157/0x180
[  296.296649][T17131]  ? fpregs_assert_state_consistent+0x7d/0x90
[  296.302703][T17131]  __x64_sys_io_submit+0x3f/0x50
[  296.307647][T17131]  do_syscall_64+0x39/0x80
[  296.312057][T17131]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  296.317994][T17131] RIP: 0033:0x45e149
[  296.321870][T17131] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  296.341474][T17131] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  296.349958][T17131] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:21 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7}])

[  296.357917][T17131] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  296.365885][T17131] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  296.373852][T17131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
[  296.381820][T17131] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:21 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00ffef, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:21 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000300, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:21 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:21 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49004}])

16:56:21 executing program 4 (fault-call:2 fault-nth:17):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:21 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8}])

[  296.635915][T17159] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  296.667722][T17159] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  296.687028][T17161] FAULT_INJECTION: forcing a failure.
[  296.687028][T17161] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  296.700348][T17155] loop5: detected capacity change from 264192 to 0
[  296.733655][T17161] CPU: 1 PID: 17161 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  296.743006][T17161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  296.753397][T17161] Call Trace:
[  296.756669][T17161]  dump_stack+0x116/0x15d
[  296.761338][T17161]  should_fail+0x231/0x240
[  296.766817][T17161]  __alloc_pages_nodemask+0xd8/0x350
[  296.772735][T17161]  alloc_pages_current+0x21d/0x310
[  296.778036][T17161]  pte_alloc_one+0x27/0x90
[  296.783628][T17161]  __do_huge_pmd_anonymous_page+0xfe/0x910
[  296.789714][T17161]  ? alloc_pages_vma+0x725/0x890
[  296.795119][T17161]  do_huge_pmd_anonymous_page+0x69b/0x940
[  296.801936][T17161]  ? __rcu_read_unlock+0x51/0x250
[  296.807254][T17161]  ? pmdp_set_access_flags+0x4c/0x60
[  296.812563][T17161]  handle_mm_fault+0x11fb/0x17b0
[  296.818757][T17161]  __get_user_pages+0xa32/0xff0
[  296.824497][T17161]  get_user_pages_unlocked+0x135/0x5f0
[  296.830267][T17161]  __gup_longterm_unlocked+0x4e/0x220
[  296.836061][T17161]  internal_get_user_pages_fast+0x7f4/0x900
[  296.842009][T17161]  get_user_pages_fast+0x5d/0x80
[  296.847322][T17161]  iov_iter_get_pages+0x1b4/0x880
[  296.853204][T17161]  __bio_iov_iter_get_pages+0x9a/0x5f0
[  296.859217][T17161]  bio_iov_iter_get_pages+0x1e1/0x300
[  296.866188][T17161]  blkdev_direct_IO+0x626/0xf60
[  296.872004][T17161]  ? aio_prep_rw+0x3b0/0x3b0
[  296.876904][T17161]  ? current_time+0xdb/0x190
16:56:21 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49005}])

[  296.882483][T17161]  ? atime_needs_update+0x290/0x370
[  296.888306][T17161]  ? touch_atime+0x10e/0x2d0
[  296.892930][T17161]  generic_file_read_iter+0x2c4/0x3d0
[  296.898306][T17161]  blkdev_read_iter+0xb3/0xc0
[  296.903122][T17161]  aio_read+0x1be/0x280
[  296.907279][T17161]  ? __rcu_read_unlock+0x51/0x250
[  296.912302][T17161]  io_submit_one+0x62d/0x1230
[  296.916971][T17161]  ? asm_exc_page_fault+0x1e/0x30
[  296.922040][T17161]  __se_sys_io_submit+0xf5/0x270
[  296.927099][T17161]  ? ksys_write+0x157/0x180
[  296.931669][T17161]  ? fpregs_assert_state_consistent+0x7d/0x90
[  296.937803][T17161]  __x64_sys_io_submit+0x3f/0x50
[  296.942797][T17161]  do_syscall_64+0x39/0x80
[  296.947194][T17161]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  296.953064][T17161] RIP: 0033:0x45e149
[  296.957064][T17161] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  296.976643][T17161] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  296.985030][T17161] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  296.992999][T17161] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  297.000949][T17161] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  297.008896][T17161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011
[  297.016852][T17161] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:21 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd}])

16:56:21 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000402, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:21 executing program 4 (fault-call:2 fault-nth:18):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:21 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:21 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:21 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49007}])

16:56:21 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf}])

[  297.244587][T17179] loop5: detected capacity change from 264192 to 0
[  297.259697][T17184] FAULT_INJECTION: forcing a failure.
[  297.259697][T17184] name failslab, interval 1, probability 0, space 0, times 0
[  297.290699][T17184] CPU: 0 PID: 17184 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  297.299177][T17184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.309268][T17184] Call Trace:
[  297.312535][T17184]  dump_stack+0x116/0x15d
[  297.316916][T17184]  should_fail+0x231/0x240
[  297.321323][T17184]  __should_failslab+0x81/0x90
[  297.326077][T17184]  should_failslab+0x5/0x20
[  297.330574][T17184]  kmem_cache_alloc_node+0x46/0x2e0
[  297.335767][T17184]  ? create_task_io_context+0x36/0x1e0
[  297.341230][T17184]  create_task_io_context+0x36/0x1e0
[  297.346562][T17184]  submit_bio_checks+0x9fe/0xb20
[  297.351813][T17184]  submit_bio_noacct+0x33/0x910
[  297.356665][T17184]  ? prandom_u32_state+0x9/0x80
[  297.361632][T17184]  submit_bio+0x1f3/0x350
[  297.365962][T17184]  ? iov_iter_npages+0x160/0x5e0
[  297.370965][T17184]  blkdev_direct_IO+0x4fa/0xf60
[  297.376063][T17184]  ? aio_prep_rw+0x3b0/0x3b0
[  297.380942][T17184]  ? current_time+0xdb/0x190
[  297.385535][T17184]  ? atime_needs_update+0x290/0x370
[  297.390747][T17184]  ? touch_atime+0x10e/0x2d0
[  297.395338][T17184]  generic_file_read_iter+0x2c4/0x3d0
[  297.401655][T17184]  blkdev_read_iter+0xb3/0xc0
[  297.406358][T17184]  aio_read+0x1be/0x280
[  297.410316][T17194] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  297.410503][T17184]  ? __rcu_read_unlock+0x51/0x250
[  297.423062][T17184]  io_submit_one+0x62d/0x1230
[  297.427810][T17184]  ? asm_exc_page_fault+0x1e/0x30
[  297.432834][T17184]  __se_sys_io_submit+0xf5/0x270
[  297.437777][T17184]  ? ksys_write+0x157/0x180
[  297.442293][T17184]  ? fpregs_assert_state_consistent+0x7d/0x90
[  297.448647][T17184]  __x64_sys_io_submit+0x3f/0x50
[  297.454418][T17184]  do_syscall_64+0x39/0x80
[  297.459004][T17184]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  297.464898][T17184] RIP: 0033:0x45e149
[  297.468995][T17184] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:22 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  297.489804][T17184] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  297.499093][T17184] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  297.507674][T17184] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  297.516100][T17184] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  297.524065][T17184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
[  297.532927][T17184] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:22 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x2, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49008}])

16:56:22 executing program 4 (fault-call:2 fault-nth:19):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  297.637291][T17179] loop5: detected capacity change from 264192 to 0
16:56:22 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10}])

16:56:22 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x3, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  297.683541][T17205] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  297.697986][T17205] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  297.742450][T17211] FAULT_INJECTION: forcing a failure.
[  297.742450][T17211] name failslab, interval 1, probability 0, space 0, times 0
[  297.756901][T17211] CPU: 1 PID: 17211 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  297.765401][T17211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.775446][T17211] Call Trace:
[  297.778718][T17211]  dump_stack+0x116/0x15d
[  297.783120][T17211]  should_fail+0x231/0x240
[  297.787537][T17211]  ? mempool_alloc_slab+0x16/0x20
[  297.792622][T17211]  __should_failslab+0x81/0x90
[  297.797383][T17211]  should_failslab+0x5/0x20
[  297.801894][T17211]  kmem_cache_alloc+0x36/0x2e0
[  297.806717][T17211]  ? __perf_event_task_sched_in+0x565/0x590
[  297.812852][T17211]  mempool_alloc_slab+0x16/0x20
[  297.817696][T17211]  ? mempool_free+0x130/0x130
[  297.822367][T17211]  mempool_alloc+0x64/0x320
[  297.826869][T17211]  ? _raw_spin_unlock_irq+0x22/0x40
[  297.832058][T17211]  ? finish_task_switch+0x90/0x3a0
[  297.837160][T17211]  bio_alloc_bioset+0x138/0x3a0
[  297.842015][T17211]  ? preempt_schedule_irq+0x43/0x80
[  297.847210][T17211]  bio_clone_fast+0x23/0x110
[  297.851900][T17211]  bio_split+0x80/0x180
[  297.856058][T17211]  __blk_queue_split+0xabb/0xc80
[  297.861068][T17211]  blk_mq_submit_bio+0xce/0x1000
[  297.866010][T17211]  submit_bio_noacct+0x75d/0x910
[  297.870946][T17211]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  297.876602][T17211]  ? prandom_u32_state+0x9/0x80
[  297.881453][T17211]  submit_bio+0x1f3/0x350
[  297.885785][T17211]  ? iov_iter_npages+0x160/0x5e0
[  297.890836][T17211]  blkdev_direct_IO+0x4fa/0xf60
[  297.895780][T17211]  ? aio_prep_rw+0x3b0/0x3b0
[  297.900358][T17211]  ? current_time+0xdb/0x190
[  297.904943][T17211]  ? atime_needs_update+0x290/0x370
[  297.910127][T17211]  ? touch_atime+0x10e/0x2d0
[  297.914717][T17211]  generic_file_read_iter+0x2c4/0x3d0
[  297.920111][T17211]  blkdev_read_iter+0xb3/0xc0
[  297.924838][T17211]  aio_read+0x1be/0x280
[  297.928973][T17211]  ? __rcu_read_unlock+0x51/0x250
[  297.933995][T17211]  io_submit_one+0x62d/0x1230
[  297.938698][T17211]  ? asm_exc_page_fault+0x1e/0x30
[  297.943708][T17211]  __se_sys_io_submit+0xf5/0x270
[  297.948632][T17211]  ? ksys_write+0x157/0x180
[  297.953116][T17211]  ? fpregs_assert_state_consistent+0x7d/0x90
[  297.959166][T17211]  __x64_sys_io_submit+0x3f/0x50
[  297.964162][T17211]  do_syscall_64+0x39/0x80
[  297.968561][T17211]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  297.974485][T17211] RIP: 0033:0x45e149
[  297.978357][T17211] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  297.997941][T17211] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  298.006376][T17211] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  298.014323][T17211] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  298.022273][T17211] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  298.030374][T17211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  298.038333][T17211] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:22 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000406, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:22 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:22 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x72}])

16:56:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c4900d}])

16:56:22 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x4, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:22 executing program 4 (fault-call:2 fault-nth:20):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  298.190567][T17231] loop5: detected capacity change from 264192 to 0
[  298.206340][T17228] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:22 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c4900f}])

16:56:22 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xef}])

[  298.269644][T17236] FAULT_INJECTION: forcing a failure.
[  298.269644][T17236] name failslab, interval 1, probability 0, space 0, times 0
[  298.304249][T17228] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  298.308514][T17236] CPU: 1 PID: 17236 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  298.321729][T17236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.331779][T17236] Call Trace:
[  298.336203][T17236]  dump_stack+0x116/0x15d
[  298.341718][T17236]  should_fail+0x231/0x240
[  298.347332][T17236]  ? mempool_alloc_slab+0x16/0x20
[  298.354890][T17236]  __should_failslab+0x81/0x90
[  298.360286][T17236]  should_failslab+0x5/0x20
[  298.366055][T17236]  kmem_cache_alloc+0x36/0x2e0
[  298.371510][T17236]  ? mempool_alloc_slab+0x16/0x20
[  298.376866][T17236]  mempool_alloc_slab+0x16/0x20
[  298.382387][T17236]  ? mempool_free+0x130/0x130
[  298.387781][T17236]  mempool_alloc+0x64/0x320
[  298.392547][T17236]  ? submit_bio_checks+0x823/0xb20
[  298.397652][T17236]  ? find_next_zero_bit+0xca/0xf0
[  298.402675][T17236]  bio_alloc_bioset+0x138/0x3a0
[  298.407537][T17236]  bio_clone_fast+0x23/0x110
[  298.412220][T17236]  bio_split+0x80/0x180
[  298.416416][T17236]  __blk_queue_split+0xabb/0xc80
[  298.421377][T17236]  blk_mq_submit_bio+0xce/0x1000
[  298.426307][T17236]  submit_bio_noacct+0x75d/0x910
[  298.431540][T17236]  ? mempool_alloc+0x71/0x320
[  298.437354][T17236]  ? prandom_u32_state+0x9/0x80
[  298.443065][T17236]  submit_bio+0x1f3/0x350
[  298.449533][T17236]  ? iov_iter_npages+0x160/0x5e0
[  298.455364][T17236]  blkdev_direct_IO+0x4fa/0xf60
[  298.460778][T17236]  ? aio_prep_rw+0x3b0/0x3b0
[  298.466134][T17236]  ? current_time+0xdb/0x190
[  298.471416][T17236]  ? atime_needs_update+0x290/0x370
[  298.477088][T17236]  ? touch_atime+0x10e/0x2d0
[  298.482735][T17236]  generic_file_read_iter+0x2c4/0x3d0
[  298.488111][T17236]  blkdev_read_iter+0xb3/0xc0
[  298.493280][T17236]  aio_read+0x1be/0x280
[  298.498493][T17236]  ? __rcu_read_unlock+0x51/0x250
[  298.504313][T17236]  io_submit_one+0x62d/0x1230
[  298.509998][T17236]  ? asm_exc_page_fault+0x1e/0x30
[  298.515556][T17236]  __se_sys_io_submit+0xf5/0x270
[  298.520867][T17236]  ? ksys_write+0x157/0x180
[  298.526510][T17236]  ? fpregs_assert_state_consistent+0x7d/0x90
[  298.533328][T17236]  __x64_sys_io_submit+0x3f/0x50
[  298.538908][T17236]  do_syscall_64+0x39/0x80
[  298.544380][T17236]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  298.550446][T17236] RIP: 0033:0x45e149
[  298.554972][T17236] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  298.574632][T17236] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  298.583061][T17236] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  298.591006][T17236] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  298.598995][T17236] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  298.606963][T17236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014
16:56:23 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x5, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  298.614909][T17236] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:23 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:23 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x204}])

16:56:23 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000500, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:23 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x7, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  298.726473][T17256] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  298.737848][T17256] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:23 executing program 4 (fault-call:2 fault-nth:21):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:23 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c490ef}])

16:56:23 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:23 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x300}])

[  298.830363][T17267] loop5: detected capacity change from 264192 to 0
[  298.852388][T17270] FAULT_INJECTION: forcing a failure.
[  298.852388][T17270] name failslab, interval 1, probability 0, space 0, times 0
[  298.911912][T17270] CPU: 0 PID: 17270 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  298.915937][T17275] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  298.920365][T17270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.920380][T17270] Call Trace:
[  298.920388][T17270]  dump_stack+0x116/0x15d
[  298.945125][T17270]  should_fail+0x231/0x240
[  298.949633][T17270]  ? mempool_alloc_slab+0x16/0x20
[  298.949948][T17275] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  298.954648][T17270]  __should_failslab+0x81/0x90
[  298.954702][T17270]  should_failslab+0x5/0x20
[  298.954724][T17270]  kmem_cache_alloc+0x36/0x2e0
[  298.954744][T17270]  ? mempool_alloc_slab+0x16/0x20
[  298.983565][T17270]  mempool_alloc_slab+0x16/0x20
[  298.988462][T17270]  ? mempool_free+0x130/0x130
[  298.993378][T17270]  mempool_alloc+0x64/0x320
[  298.997872][T17270]  ? submit_bio_checks+0x823/0xb20
[  299.003411][T17270]  ? find_next_zero_bit+0xca/0xf0
[  299.008428][T17270]  bio_alloc_bioset+0x138/0x3a0
[  299.013405][T17270]  bio_clone_fast+0x23/0x110
[  299.018426][T17270]  bio_split+0x80/0x180
[  299.022876][T17270]  __blk_queue_split+0xabb/0xc80
[  299.029482][T17270]  blk_mq_submit_bio+0xce/0x1000
[  299.034431][T17270]  submit_bio_noacct+0x75d/0x910
[  299.039897][T17270]  ? mempool_alloc+0x71/0x320
[  299.045777][T17270]  ? prandom_u32_state+0x9/0x80
[  299.051396][T17270]  submit_bio+0x1f3/0x350
[  299.055730][T17270]  ? iov_iter_npages+0x160/0x5e0
[  299.061867][T17270]  blkdev_direct_IO+0x4fa/0xf60
[  299.068024][T17270]  ? aio_prep_rw+0x3b0/0x3b0
[  299.072651][T17270]  ? current_time+0xdb/0x190
[  299.078162][T17270]  ? atime_needs_update+0x290/0x370
[  299.084370][T17270]  ? touch_atime+0x10e/0x2d0
[  299.088955][T17270]  generic_file_read_iter+0x2c4/0x3d0
[  299.094315][T17270]  blkdev_read_iter+0xb3/0xc0
[  299.098997][T17270]  aio_read+0x1be/0x280
[  299.103139][T17270]  ? __rcu_read_unlock+0x51/0x250
[  299.108142][T17270]  io_submit_one+0x62d/0x1230
[  299.112797][T17270]  ? asm_exc_page_fault+0x1e/0x30
[  299.117800][T17270]  __se_sys_io_submit+0xf5/0x270
[  299.122835][T17270]  ? ksys_write+0x157/0x180
[  299.127315][T17270]  ? fpregs_assert_state_consistent+0x7d/0x90
[  299.133374][T17270]  __x64_sys_io_submit+0x3f/0x50
[  299.138305][T17270]  do_syscall_64+0x39/0x80
[  299.142761][T17270]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  299.148639][T17270] RIP: 0033:0x45e149
[  299.152510][T17270] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  299.172097][T17270] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  299.180484][T17270] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  299.188475][T17270] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  299.196423][T17270] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  299.204372][T17270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
16:56:23 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x8, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  299.212338][T17270] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:23 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:24 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x402}])

16:56:24 executing program 4 (fault-call:2 fault-nth:22):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:24 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x81c47fff}])

[  299.302299][T17267] loop5: detected capacity change from 264192 to 0
[  299.323019][T17291] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  299.332917][T17291] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  299.398933][T17299] FAULT_INJECTION: forcing a failure.
[  299.398933][T17299] name failslab, interval 1, probability 0, space 0, times 0
[  299.412383][T17299] CPU: 1 PID: 17299 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  299.420796][T17299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  299.430842][T17299] Call Trace:
[  299.434141][T17299]  dump_stack+0x116/0x15d
[  299.438535][T17299]  should_fail+0x231/0x240
[  299.443006][T17299]  ? mempool_alloc_slab+0x16/0x20
[  299.448005][T17299]  __should_failslab+0x81/0x90
[  299.452744][T17299]  should_failslab+0x5/0x20
[  299.457223][T17299]  kmem_cache_alloc+0x36/0x2e0
[  299.462067][T17299]  ? mempool_alloc_slab+0x16/0x20
[  299.467081][T17299]  mempool_alloc_slab+0x16/0x20
[  299.472086][T17299]  ? mempool_free+0x130/0x130
[  299.476737][T17299]  mempool_alloc+0x64/0x320
[  299.481214][T17299]  ? submit_bio_checks+0x823/0xb20
[  299.486363][T17299]  ? find_next_zero_bit+0xca/0xf0
[  299.491360][T17299]  bio_alloc_bioset+0x138/0x3a0
[  299.496262][T17299]  bio_clone_fast+0x23/0x110
[  299.500828][T17299]  bio_split+0x80/0x180
[  299.505041][T17299]  __blk_queue_split+0xabb/0xc80
[  299.509968][T17299]  blk_mq_submit_bio+0xce/0x1000
[  299.514921][T17299]  submit_bio_noacct+0x75d/0x910
[  299.519834][T17299]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  299.525353][T17299]  ? prandom_u32_state+0x9/0x80
[  299.530190][T17299]  submit_bio+0x1f3/0x350
[  299.534581][T17299]  ? iov_iter_npages+0x160/0x5e0
[  299.539502][T17299]  blkdev_direct_IO+0x4fa/0xf60
[  299.544419][T17299]  ? aio_prep_rw+0x3b0/0x3b0
[  299.548982][T17299]  ? current_time+0xdb/0x190
[  299.553581][T17299]  ? atime_needs_update+0x290/0x370
[  299.558850][T17299]  ? touch_atime+0x10e/0x2d0
[  299.563434][T17299]  generic_file_read_iter+0x2c4/0x3d0
[  299.568802][T17299]  blkdev_read_iter+0xb3/0xc0
[  299.573468][T17299]  aio_read+0x1be/0x280
[  299.577600][T17299]  ? __rcu_read_unlock+0x51/0x250
[  299.582675][T17299]  io_submit_one+0x62d/0x1230
[  299.587340][T17299]  ? asm_exc_page_fault+0x1e/0x30
[  299.592355][T17299]  __se_sys_io_submit+0xf5/0x270
[  299.597274][T17299]  ? ksys_write+0x157/0x180
[  299.601761][T17299]  ? fpregs_assert_state_consistent+0x7d/0x90
[  299.607811][T17299]  __x64_sys_io_submit+0x3f/0x50
[  299.612838][T17299]  do_syscall_64+0x39/0x80
[  299.617229][T17299]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  299.623194][T17299] RIP: 0033:0x45e149
[  299.627126][T17299] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  299.646758][T17299] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  299.655182][T17299] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  299.663127][T17299] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  299.671088][T17299] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  299.679072][T17299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016
[  299.687056][T17299] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:24 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000604, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:24 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x406}])

16:56:24 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xd, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:24 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x3e80000000}])

16:56:24 executing program 4 (fault-call:2 fault-nth:23):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  299.809524][T17305] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  299.821622][T17305] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  299.858807][T17316] loop5: detected capacity change from 264192 to 0
16:56:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  299.921207][T17323] FAULT_INJECTION: forcing a failure.
[  299.921207][T17323] name failslab, interval 1, probability 0, space 0, times 0
[  299.975834][T17323] CPU: 1 PID: 17323 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  299.984778][T17323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  299.994836][T17323] Call Trace:
[  299.998136][T17323]  dump_stack+0x116/0x15d
[  300.002460][T17323]  should_fail+0x231/0x240
[  300.006886][T17323]  ? mempool_alloc_slab+0x16/0x20
[  300.011896][T17323]  __should_failslab+0x81/0x90
[  300.016728][T17323]  should_failslab+0x5/0x20
[  300.021219][T17323]  kmem_cache_alloc+0x36/0x2e0
[  300.025974][T17323]  ? mempool_alloc_slab+0x16/0x20
[  300.030970][T17323]  mempool_alloc_slab+0x16/0x20
[  300.035794][T17323]  ? mempool_free+0x130/0x130
[  300.040443][T17323]  mempool_alloc+0x64/0x320
[  300.044926][T17323]  ? submit_bio_checks+0x823/0xb20
[  300.050026][T17323]  ? find_next_zero_bit+0xca/0xf0
[  300.055034][T17323]  bio_alloc_bioset+0x138/0x3a0
[  300.059860][T17323]  bio_clone_fast+0x23/0x110
[  300.064454][T17323]  bio_split+0x80/0x180
[  300.068581][T17323]  __blk_queue_split+0xabb/0xc80
[  300.073495][T17323]  blk_mq_submit_bio+0xce/0x1000
[  300.078478][T17323]  submit_bio_noacct+0x75d/0x910
[  300.083420][T17323]  ? mempool_alloc+0x71/0x320
[  300.088079][T17323]  ? prandom_u32_state+0x9/0x80
[  300.092940][T17323]  submit_bio+0x1f3/0x350
[  300.097245][T17323]  ? iov_iter_npages+0x160/0x5e0
[  300.102214][T17323]  blkdev_direct_IO+0x4fa/0xf60
[  300.107042][T17323]  ? aio_prep_rw+0x3b0/0x3b0
[  300.111600][T17323]  ? current_time+0xdb/0x190
[  300.116163][T17323]  ? atime_needs_update+0x290/0x370
[  300.121334][T17323]  ? touch_atime+0x10e/0x2d0
[  300.125932][T17323]  generic_file_read_iter+0x2c4/0x3d0
[  300.131347][T17323]  blkdev_read_iter+0xb3/0xc0
[  300.135999][T17323]  aio_read+0x1be/0x280
[  300.140125][T17323]  ? __rcu_read_unlock+0x51/0x250
[  300.145121][T17323]  io_submit_one+0x62d/0x1230
[  300.149768][T17323]  ? asm_exc_page_fault+0x1e/0x30
[  300.154809][T17323]  __se_sys_io_submit+0xf5/0x270
[  300.159747][T17323]  ? ksys_write+0x157/0x180
[  300.164225][T17323]  ? fpregs_assert_state_consistent+0x7d/0x90
[  300.170277][T17323]  __x64_sys_io_submit+0x3f/0x50
[  300.175266][T17323]  do_syscall_64+0x39/0x80
[  300.179658][T17323]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  300.185603][T17323] RIP: 0033:0x45e149
[  300.189470][T17323] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  300.209060][T17323] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  300.217554][T17323] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:24 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0xffffffffffffffff}])

16:56:24 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x500}])

16:56:24 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xf, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  300.225508][T17323] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  300.233450][T17323] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  300.241393][T17323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017
[  300.249337][T17323] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
[  300.314900][T17316] loop5: detected capacity change from 264192 to 0
16:56:25 executing program 4 (fault-call:2 fault-nth:24):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  300.411118][T17331] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  300.443865][T17331] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:25 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x10, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  300.465619][T17337] FAULT_INJECTION: forcing a failure.
[  300.465619][T17337] name failslab, interval 1, probability 0, space 0, times 0
[  300.478777][T17337] CPU: 1 PID: 17337 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  300.487303][T17337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  300.497380][T17337] Call Trace:
[  300.500645][T17337]  dump_stack+0x116/0x15d
[  300.505423][T17337]  should_fail+0x231/0x240
[  300.509936][T17337]  ? mempool_alloc_slab+0x16/0x20
[  300.515791][T17337]  __should_failslab+0x81/0x90
[  300.521736][T17337]  should_failslab+0x5/0x20
[  300.526513][T17337]  kmem_cache_alloc+0x36/0x2e0
[  300.532292][T17337]  ? mempool_alloc_slab+0x16/0x20
[  300.538351][T17337]  mempool_alloc_slab+0x16/0x20
[  300.544243][T17337]  ? mempool_free+0x130/0x130
[  300.550000][T17337]  mempool_alloc+0x64/0x320
[  300.554585][T17337]  ? submit_bio_checks+0x823/0xb20
[  300.560567][T17337]  ? find_next_zero_bit+0xca/0xf0
[  300.566690][T17337]  bio_alloc_bioset+0x138/0x3a0
[  300.572452][T17337]  bio_clone_fast+0x23/0x110
[  300.577020][T17337]  bio_split+0x80/0x180
[  300.581226][T17337]  __blk_queue_split+0xabb/0xc80
[  300.586325][T17337]  blk_mq_submit_bio+0xce/0x1000
[  300.591299][T17337]  submit_bio_noacct+0x75d/0x910
[  300.596391][T17337]  ? irqentry_exit+0x2a/0x40
[  300.600979][T17337]  ? prandom_u32_state+0x9/0x80
[  300.605828][T17337]  submit_bio+0x1f3/0x350
[  300.610144][T17337]  ? iov_iter_npages+0x160/0x5e0
[  300.615069][T17337]  blkdev_direct_IO+0x4fa/0xf60
[  300.619901][T17337]  ? aio_prep_rw+0x3b0/0x3b0
[  300.624471][T17337]  ? current_time+0xdb/0x190
[  300.629052][T17337]  ? atime_needs_update+0x290/0x370
[  300.634291][T17337]  ? touch_atime+0x10e/0x2d0
[  300.638867][T17337]  generic_file_read_iter+0x2c4/0x3d0
[  300.644215][T17337]  blkdev_read_iter+0xb3/0xc0
[  300.648900][T17337]  aio_read+0x1be/0x280
[  300.653029][T17337]  ? __rcu_read_unlock+0x51/0x250
[  300.658030][T17337]  io_submit_one+0x62d/0x1230
[  300.662700][T17337]  ? asm_exc_page_fault+0x1e/0x30
[  300.667705][T17337]  __se_sys_io_submit+0xf5/0x270
[  300.672623][T17337]  ? ksys_write+0x157/0x180
[  300.677240][T17337]  ? fpregs_assert_state_consistent+0x7d/0x90
[  300.683327][T17337]  __x64_sys_io_submit+0x3f/0x50
[  300.688330][T17337]  do_syscall_64+0x39/0x80
[  300.692721][T17337]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  300.698587][T17337] RIP: 0033:0x45e149
[  300.702528][T17337] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  300.722199][T17337] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  300.730586][T17337] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  300.738568][T17337] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  300.746514][T17337] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  300.754485][T17337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000018
16:56:25 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000700, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:25 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2}])

16:56:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x604}])

[  300.762428][T17337] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:25 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe80000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  300.870022][T17352] loop5: detected capacity change from 264192 to 0
16:56:25 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xef, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:25 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x3}])

16:56:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x700}])

[  300.971897][T17356] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd00}])

16:56:25 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000d00, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:25 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe80000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  301.182490][T17377] tbf_change: 1 callbacks suppressed
[  301.182500][T17377] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  301.196318][T17379] loop5: detected capacity change from 264192 to 0
16:56:25 executing program 4 (fault-call:2 fault-nth:25):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:25 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x124, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:25 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x4}])

[  301.256762][T17377] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  301.296669][T17394] FAULT_INJECTION: forcing a failure.
16:56:25 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf00}])

[  301.296669][T17394] name failslab, interval 1, probability 0, space 0, times 0
[  301.311161][T17394] CPU: 1 PID: 17394 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  301.319577][T17394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  301.329702][T17394] Call Trace:
[  301.332960][T17394]  dump_stack+0x116/0x15d
[  301.337285][T17394]  should_fail+0x231/0x240
[  301.341677][T17394]  ? mempool_alloc_slab+0x16/0x20
[  301.346678][T17394]  __should_failslab+0x81/0x90
[  301.351432][T17394]  should_failslab+0x5/0x20
[  301.355942][T17394]  kmem_cache_alloc+0x36/0x2e0
[  301.360713][T17394]  ? mempool_alloc_slab+0x16/0x20
[  301.365843][T17394]  mempool_alloc_slab+0x16/0x20
[  301.370758][T17394]  ? mempool_free+0x130/0x130
[  301.375416][T17394]  mempool_alloc+0x64/0x320
[  301.379921][T17394]  ? submit_bio_checks+0x823/0xb20
[  301.380829][T17379] loop5: detected capacity change from 264192 to 0
[  301.385032][T17394]  ? find_next_zero_bit+0xca/0xf0
[  301.385051][T17394]  bio_alloc_bioset+0x138/0x3a0
[  301.401363][T17394]  bio_clone_fast+0x23/0x110
[  301.406019][T17394]  bio_split+0x80/0x180
[  301.410171][T17394]  __blk_queue_split+0xabb/0xc80
[  301.415104][T17394]  blk_mq_submit_bio+0xce/0x1000
[  301.420092][T17394]  submit_bio_noacct+0x75d/0x910
[  301.425046][T17394]  ? mempool_alloc+0x71/0x320
[  301.429716][T17394]  ? prandom_u32_state+0x9/0x80
[  301.434568][T17394]  submit_bio+0x1f3/0x350
[  301.438914][T17394]  ? iov_iter_npages+0x160/0x5e0
[  301.443851][T17394]  blkdev_direct_IO+0x4fa/0xf60
[  301.448691][T17394]  ? aio_prep_rw+0x3b0/0x3b0
[  301.453278][T17394]  ? current_time+0xdb/0x190
[  301.458655][T17394]  ? atime_needs_update+0x290/0x370
[  301.465495][T17394]  ? touch_atime+0x10e/0x2d0
[  301.470208][T17394]  generic_file_read_iter+0x2c4/0x3d0
[  301.475910][T17394]  blkdev_read_iter+0xb3/0xc0
[  301.480639][T17394]  aio_read+0x1be/0x280
[  301.485008][T17394]  ? __rcu_read_unlock+0x51/0x250
[  301.490683][T17394]  io_submit_one+0x62d/0x1230
[  301.496659][T17394]  ? asm_exc_page_fault+0x1e/0x30
[  301.502635][T17394]  __se_sys_io_submit+0xf5/0x270
[  301.508612][T17394]  ? ksys_write+0x157/0x180
[  301.514069][T17394]  ? fpregs_assert_state_consistent+0x7d/0x90
[  301.521037][T17394]  __x64_sys_io_submit+0x3f/0x50
[  301.526212][T17394]  do_syscall_64+0x39/0x80
[  301.530660][T17394]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  301.536607][T17394] RIP: 0033:0x45e149
[  301.541176][T17394] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  301.561458][T17394] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  301.570222][T17394] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  301.580267][T17394] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  301.588925][T17394] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  301.597776][T17394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019
16:56:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe80000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:26 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x204, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  301.605828][T17394] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:26 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x5}])

16:56:26 executing program 4 (fault-call:2 fault-nth:26):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:26 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000}])

16:56:26 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000f00, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  301.679290][T17404] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  301.715124][T17404] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:26 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x300, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  301.783077][T17415] FAULT_INJECTION: forcing a failure.
[  301.783077][T17415] name failslab, interval 1, probability 0, space 0, times 0
[  301.805172][T17415] CPU: 1 PID: 17415 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  301.813581][T17415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  301.823666][T17415] Call Trace:
[  301.826931][T17415]  dump_stack+0x116/0x15d
[  301.831258][T17415]  should_fail+0x231/0x240
[  301.835667][T17415]  ? mempool_alloc_slab+0x16/0x20
[  301.840717][T17415]  __should_failslab+0x81/0x90
[  301.845488][T17415]  should_failslab+0x5/0x20
[  301.849974][T17415]  kmem_cache_alloc+0x36/0x2e0
[  301.854788][T17415]  ? mempool_alloc_slab+0x16/0x20
[  301.859809][T17415]  mempool_alloc_slab+0x16/0x20
[  301.864651][T17415]  ? mempool_free+0x130/0x130
[  301.869324][T17415]  mempool_alloc+0x64/0x320
[  301.874010][T17415]  ? submit_bio_checks+0x823/0xb20
[  301.879131][T17415]  ? find_next_zero_bit+0xca/0xf0
[  301.884148][T17415]  bio_alloc_bioset+0x138/0x3a0
[  301.889055][T17415]  bio_clone_fast+0x23/0x110
[  301.893641][T17415]  bio_split+0x80/0x180
[  301.897792][T17415]  __blk_queue_split+0xabb/0xc80
[  301.902734][T17415]  blk_mq_submit_bio+0xce/0x1000
[  301.907666][T17415]  submit_bio_noacct+0x75d/0x910
[  301.912596][T17415]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  301.918128][T17415]  ? prandom_u32_state+0x9/0x80
[  301.922975][T17415]  submit_bio+0x1f3/0x350
[  301.927295][T17415]  ? iov_iter_npages+0x160/0x5e0
[  301.932230][T17415]  blkdev_direct_IO+0x4fa/0xf60
[  301.937086][T17415]  ? aio_prep_rw+0x3b0/0x3b0
[  301.941742][T17415]  ? current_time+0xdb/0x190
[  301.946326][T17415]  ? atime_needs_update+0x290/0x370
[  301.951653][T17415]  ? touch_atime+0x10e/0x2d0
[  301.956268][T17415]  generic_file_read_iter+0x2c4/0x3d0
[  301.961714][T17415]  blkdev_read_iter+0xb3/0xc0
[  301.966379][T17415]  aio_read+0x1be/0x280
[  301.970637][T17415]  ? __rcu_read_unlock+0x51/0x250
[  301.975670][T17415]  io_submit_one+0x62d/0x1230
[  301.980346][T17415]  ? asm_exc_page_fault+0x1e/0x30
[  301.985392][T17415]  __se_sys_io_submit+0xf5/0x270
[  301.990439][T17415]  ? ksys_write+0x157/0x180
[  301.994957][T17415]  ? fpregs_assert_state_consistent+0x7d/0x90
[  302.001018][T17415]  __x64_sys_io_submit+0x3f/0x50
[  302.005965][T17415]  do_syscall_64+0x39/0x80
[  302.010448][T17415]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  302.016377][T17415] RIP: 0033:0x45e149
[  302.020259][T17415] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  302.039854][T17415] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  302.048289][T17415] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  302.056245][T17415] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  302.064309][T17415] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  302.072409][T17415] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001a
[  302.080370][T17415] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
[  302.109126][T17420] loop5: detected capacity change from 264192 to 0
16:56:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:26 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7}])

16:56:26 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7200}])

16:56:26 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x402, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  302.337335][T17437] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  302.350414][T17437] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:27 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a002000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:27 executing program 4 (fault-call:2 fault-nth:27):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:27 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefff}])

16:56:27 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8}])

[  302.450339][T17447] FAULT_INJECTION: forcing a failure.
[  302.450339][T17447] name failslab, interval 1, probability 0, space 0, times 0
[  302.463122][T17447] CPU: 1 PID: 17447 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  302.471633][T17447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  302.482674][T17447] Call Trace:
[  302.485950][T17447]  dump_stack+0x116/0x15d
[  302.490624][T17447]  should_fail+0x231/0x240
[  302.495044][T17447]  ? mempool_alloc_slab+0x16/0x20
[  302.500067][T17447]  __should_failslab+0x81/0x90
[  302.505986][T17447]  should_failslab+0x5/0x20
[  302.510493][T17447]  kmem_cache_alloc+0x36/0x2e0
[  302.515762][T17447]  ? mempool_alloc_slab+0x16/0x20
[  302.520940][T17447]  mempool_alloc_slab+0x16/0x20
[  302.525899][T17447]  ? mempool_free+0x130/0x130
[  302.531341][T17447]  mempool_alloc+0x64/0x320
[  302.535986][T17447]  ? submit_bio_checks+0x823/0xb20
[  302.541730][T17447]  ? find_next_zero_bit+0xca/0xf0
[  302.546756][T17447]  bio_alloc_bioset+0x138/0x3a0
[  302.551663][T17447]  bio_clone_fast+0x23/0x110
[  302.556369][T17447]  bio_split+0x80/0x180
[  302.561085][T17447]  __blk_queue_split+0xabb/0xc80
[  302.566687][T17447]  blk_mq_submit_bio+0xce/0x1000
[  302.572607][T17447]  submit_bio_noacct+0x75d/0x910
[  302.579341][T17447]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  302.585269][T17447]  ? prandom_u32_state+0x9/0x80
[  302.591129][T17447]  submit_bio+0x1f3/0x350
[  302.595518][T17447]  ? iov_iter_npages+0x160/0x5e0
[  302.602623][T17447]  blkdev_direct_IO+0x4fa/0xf60
[  302.608286][T17447]  ? aio_prep_rw+0x3b0/0x3b0
[  302.614074][T17447]  ? current_time+0xdb/0x190
[  302.618851][T17447]  ? atime_needs_update+0x290/0x370
[  302.625554][T17447]  ? touch_atime+0x10e/0x2d0
[  302.630985][T17447]  generic_file_read_iter+0x2c4/0x3d0
[  302.636355][T17447]  blkdev_read_iter+0xb3/0xc0
[  302.642206][T17447]  aio_read+0x1be/0x280
[  302.646621][T17447]  ? __rcu_read_unlock+0x51/0x250
[  302.652555][T17447]  io_submit_one+0x62d/0x1230
[  302.657833][T17447]  ? asm_exc_page_fault+0x1e/0x30
[  302.664491][T17447]  __se_sys_io_submit+0xf5/0x270
[  302.670239][T17447]  ? ksys_write+0x157/0x180
[  302.675862][T17447]  ? fpregs_assert_state_consistent+0x7d/0x90
[  302.681928][T17447]  __x64_sys_io_submit+0x3f/0x50
[  302.687723][T17447]  do_syscall_64+0x39/0x80
[  302.693351][T17447]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  302.699243][T17447] RIP: 0033:0x45e149
[  302.703473][T17447] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  302.707824][T17449] loop5: detected capacity change from 264192 to 0
[  302.723073][T17447] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  302.723094][T17447] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  302.723106][T17447] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  302.756107][T17447] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  302.764073][T17447] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001b
[  302.772029][T17447] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:27 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x406, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:27 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffef}])

16:56:27 executing program 4 (fault-call:2 fault-nth:28):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:27 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd}])

[  302.910972][T17459] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  302.951594][T17449] loop5: detected capacity change from 264192 to 0
16:56:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  302.995611][T17472] FAULT_INJECTION: forcing a failure.
[  302.995611][T17472] name failslab, interval 1, probability 0, space 0, times 0
[  303.016499][T17472] CPU: 0 PID: 17472 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  303.024926][T17472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.034975][T17472] Call Trace:
[  303.038248][T17472]  dump_stack+0x116/0x15d
[  303.042577][T17472]  should_fail+0x231/0x240
[  303.044968][T17477] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  303.046989][T17472]  ? mempool_alloc_slab+0x16/0x20
[  303.047013][T17472]  __should_failslab+0x81/0x90
[  303.064384][T17472]  should_failslab+0x5/0x20
[  303.070624][T17472]  kmem_cache_alloc+0x36/0x2e0
[  303.076536][T17472]  ? mempool_alloc_slab+0x16/0x20
[  303.081565][T17472]  mempool_alloc_slab+0x16/0x20
[  303.087269][T17472]  ? mempool_free+0x130/0x130
[  303.092858][T17472]  mempool_alloc+0x64/0x320
[  303.098413][T17472]  ? submit_bio_checks+0x823/0xb20
[  303.104564][T17472]  ? find_next_zero_bit+0xca/0xf0
[  303.110466][T17472]  bio_alloc_bioset+0x138/0x3a0
[  303.115322][T17472]  bio_clone_fast+0x23/0x110
[  303.121128][T17472]  bio_split+0x80/0x180
[  303.125705][T17472]  __blk_queue_split+0xabb/0xc80
[  303.130700][T17472]  blk_mq_submit_bio+0xce/0x1000
[  303.135694][T17472]  submit_bio_noacct+0x75d/0x910
[  303.140694][T17472]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  303.146246][T17472]  ? prandom_u32_state+0x9/0x80
[  303.151076][T17472]  submit_bio+0x1f3/0x350
[  303.155431][T17472]  ? iov_iter_npages+0x160/0x5e0
[  303.160361][T17472]  blkdev_direct_IO+0x4fa/0xf60
[  303.165196][T17472]  ? aio_prep_rw+0x3b0/0x3b0
[  303.169767][T17472]  ? current_time+0xdb/0x190
[  303.174438][T17472]  ? atime_needs_update+0x290/0x370
[  303.179704][T17472]  ? touch_atime+0x10e/0x2d0
[  303.184320][T17472]  generic_file_read_iter+0x2c4/0x3d0
[  303.189670][T17472]  blkdev_read_iter+0xb3/0xc0
[  303.194333][T17472]  aio_read+0x1be/0x280
[  303.198478][T17472]  ? __rcu_read_unlock+0x51/0x250
[  303.203497][T17472]  io_submit_one+0x62d/0x1230
[  303.208236][T17472]  ? asm_exc_page_fault+0x1e/0x30
[  303.213260][T17472]  __se_sys_io_submit+0xf5/0x270
[  303.218217][T17472]  ? ksys_write+0x157/0x180
[  303.222721][T17472]  ? fpregs_assert_state_consistent+0x7d/0x90
[  303.228763][T17472]  __x64_sys_io_submit+0x3f/0x50
[  303.233750][T17472]  do_syscall_64+0x39/0x80
[  303.238158][T17472]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  303.244028][T17472] RIP: 0033:0x45e149
[  303.247931][T17472] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  303.267514][T17472] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  303.275957][T17472] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  303.283903][T17472] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  303.291850][T17472] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  303.299800][T17472] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001c
[  303.307795][T17472] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:28 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x18100}])

16:56:28 executing program 4 (fault-call:2 fault-nth:29):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:28 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a004000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:28 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf}])

16:56:28 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x500, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:28 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  303.452639][T17484] FAULT_INJECTION: forcing a failure.
[  303.452639][T17484] name failslab, interval 1, probability 0, space 0, times 0
[  303.490748][T17492] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  303.491081][T17484] CPU: 0 PID: 17484 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  303.506520][T17484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.516604][T17484] Call Trace:
[  303.519870][T17484]  dump_stack+0x116/0x15d
[  303.520283][T17492] validate_nla: 2 callbacks suppressed
[  303.520293][T17492] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  303.524194][T17484]  should_fail+0x231/0x240
[  303.524213][T17484]  ? mempool_alloc_slab+0x16/0x20
[  303.524232][T17484]  __should_failslab+0x81/0x90
[  303.551930][T17484]  should_failslab+0x5/0x20
[  303.556445][T17484]  kmem_cache_alloc+0x36/0x2e0
[  303.561226][T17484]  ? mempool_alloc_slab+0x16/0x20
[  303.566379][T17484]  mempool_alloc_slab+0x16/0x20
[  303.571349][T17484]  ? mempool_free+0x130/0x130
[  303.576011][T17484]  mempool_alloc+0x64/0x320
[  303.580505][T17484]  ? submit_bio_checks+0x823/0xb20
[  303.585644][T17484]  ? find_next_zero_bit+0xca/0xf0
[  303.590675][T17484]  bio_alloc_bioset+0x138/0x3a0
[  303.595538][T17484]  bio_clone_fast+0x23/0x110
[  303.600122][T17484]  bio_split+0x80/0x180
[  303.604298][T17484]  __blk_queue_split+0xabb/0xc80
[  303.609233][T17484]  blk_mq_submit_bio+0xce/0x1000
[  303.614231][T17484]  submit_bio_noacct+0x75d/0x910
[  303.619162][T17484]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  303.624704][T17484]  ? prandom_u32_state+0x9/0x80
[  303.629550][T17484]  submit_bio+0x1f3/0x350
[  303.633877][T17484]  ? iov_iter_npages+0x160/0x5e0
[  303.638805][T17484]  blkdev_direct_IO+0x4fa/0xf60
[  303.643706][T17484]  ? aio_prep_rw+0x3b0/0x3b0
[  303.648697][T17484]  ? current_time+0xdb/0x190
[  303.653283][T17484]  ? atime_needs_update+0x290/0x370
[  303.658605][T17484]  ? touch_atime+0x10e/0x2d0
[  303.663192][T17484]  generic_file_read_iter+0x2c4/0x3d0
[  303.668562][T17484]  blkdev_read_iter+0xb3/0xc0
[  303.673315][T17484]  aio_read+0x1be/0x280
[  303.677532][T17484]  ? __rcu_read_unlock+0x51/0x250
[  303.682713][T17484]  io_submit_one+0x62d/0x1230
[  303.687389][T17484]  ? asm_exc_page_fault+0x1e/0x30
[  303.692410][T17484]  __se_sys_io_submit+0xf5/0x270
[  303.697390][T17484]  ? ksys_write+0x157/0x180
[  303.701937][T17484]  ? fpregs_assert_state_consistent+0x7d/0x90
[  303.708010][T17484]  __x64_sys_io_submit+0x3f/0x50
[  303.712957][T17484]  do_syscall_64+0x39/0x80
[  303.717657][T17484]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  303.723892][T17484] RIP: 0033:0x45e149
[  303.727805][T17484] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  303.747496][T17484] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  303.755905][T17484] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  303.763866][T17484] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  303.772967][T17484] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  303.781842][T17484] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001d
[  303.789815][T17484] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:28 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x20000}])

16:56:28 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10}])

[  303.805604][T17496] loop5: detected capacity change from 264192 to 0
16:56:28 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:28 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x604, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:28 executing program 4 (fault-call:2 fault-nth:30):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  303.928013][T17496] loop5: detected capacity change from 264192 to 0
[  304.007944][T17520] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  304.009047][T17515] FAULT_INJECTION: forcing a failure.
[  304.009047][T17515] name failslab, interval 1, probability 0, space 0, times 0
[  304.030382][T17515] CPU: 1 PID: 17515 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  304.038855][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  304.044604][T17520] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:28 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x100000}])

[  304.048925][T17515] Call Trace:
[  304.048934][T17515]  dump_stack+0x116/0x15d
[  304.064617][T17515]  should_fail+0x231/0x240
[  304.069345][T17515]  ? mempool_alloc_slab+0x16/0x20
[  304.074381][T17515]  __should_failslab+0x81/0x90
[  304.079938][T17515]  should_failslab+0x5/0x20
[  304.084875][T17515]  kmem_cache_alloc+0x36/0x2e0
[  304.090701][T17515]  ? mempool_alloc_slab+0x16/0x20
[  304.096785][T17515]  mempool_alloc_slab+0x16/0x20
[  304.101627][T17515]  ? mempool_free+0x130/0x130
[  304.107534][T17515]  mempool_alloc+0x64/0x320
[  304.112027][T17515]  ? submit_bio_checks+0x823/0xb20
[  304.117122][T17515]  ? find_next_zero_bit+0xca/0xf0
[  304.122150][T17515]  bio_alloc_bioset+0x138/0x3a0
[  304.126986][T17515]  bio_clone_fast+0x23/0x110
[  304.131560][T17515]  bio_split+0x80/0x180
[  304.135749][T17515]  __blk_queue_split+0xabb/0xc80
[  304.140670][T17515]  blk_mq_submit_bio+0xce/0x1000
[  304.145586][T17515]  submit_bio_noacct+0x75d/0x910
[  304.150502][T17515]  ? prandom_u32_state+0x9/0x80
[  304.155330][T17515]  submit_bio+0x1f3/0x350
[  304.159636][T17515]  ? iov_iter_npages+0x160/0x5e0
[  304.164551][T17515]  blkdev_direct_IO+0x4fa/0xf60
[  304.169417][T17515]  ? aio_prep_rw+0x3b0/0x3b0
[  304.173981][T17515]  ? current_time+0xdb/0x190
[  304.178546][T17515]  ? atime_needs_update+0x290/0x370
[  304.183756][T17515]  ? touch_atime+0x10e/0x2d0
[  304.188323][T17515]  generic_file_read_iter+0x2c4/0x3d0
[  304.193701][T17515]  blkdev_read_iter+0xb3/0xc0
[  304.198355][T17515]  aio_read+0x1be/0x280
[  304.202518][T17515]  ? __rcu_read_unlock+0x51/0x250
[  304.207548][T17515]  io_submit_one+0x62d/0x1230
[  304.212201][T17515]  ? asm_exc_page_fault+0x1e/0x30
[  304.217261][T17515]  __se_sys_io_submit+0xf5/0x270
[  304.222180][T17515]  ? ksys_write+0x157/0x180
[  304.226722][T17515]  ? fpregs_assert_state_consistent+0x7d/0x90
[  304.232763][T17515]  __x64_sys_io_submit+0x3f/0x50
[  304.237682][T17515]  do_syscall_64+0x39/0x80
[  304.242115][T17515]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  304.248000][T17515] RIP: 0033:0x45e149
[  304.251869][T17515] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  304.271471][T17515] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  304.279918][T17515] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  304.287967][T17515] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  304.295914][T17515] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  304.303860][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001e
[  304.311817][T17515] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:29 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x700, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:29 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a008a00, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:29 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xef}])

16:56:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:29 executing program 4 (fault-call:2 fault-nth:31):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:29 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x200000}])

[  304.517053][T17537] FAULT_INJECTION: forcing a failure.
[  304.517053][T17537] name failslab, interval 1, probability 0, space 0, times 0
[  304.518944][T17538] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  304.540136][T17540] loop5: detected capacity change from 264192 to 0
[  304.554191][T17537] CPU: 0 PID: 17537 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  304.562794][T17537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  304.572850][T17537] Call Trace:
[  304.577057][T17537]  dump_stack+0x116/0x15d
[  304.581392][T17537]  should_fail+0x231/0x240
[  304.585837][T17537]  ? mempool_alloc_slab+0x16/0x20
[  304.590861][T17537]  __should_failslab+0x81/0x90
[  304.595611][T17537]  should_failslab+0x5/0x20
[  304.600126][T17537]  kmem_cache_alloc+0x36/0x2e0
[  304.604930][T17537]  ? mempool_alloc_slab+0x16/0x20
[  304.610023][T17537]  mempool_alloc_slab+0x16/0x20
[  304.614910][T17537]  ? mempool_free+0x130/0x130
[  304.619589][T17537]  mempool_alloc+0x64/0x320
[  304.624086][T17537]  ? submit_bio_checks+0x823/0xb20
[  304.629230][T17537]  ? find_next_zero_bit+0xca/0xf0
[  304.634249][T17537]  bio_alloc_bioset+0x138/0x3a0
[  304.639168][T17537]  bio_clone_fast+0x23/0x110
[  304.643838][T17537]  bio_split+0x80/0x180
[  304.647990][T17537]  __blk_queue_split+0xabb/0xc80
[  304.652936][T17537]  blk_mq_submit_bio+0xce/0x1000
[  304.657921][T17537]  submit_bio_noacct+0x75d/0x910
[  304.662870][T17537]  ? mempool_alloc+0x71/0x320
[  304.667534][T17537]  ? prandom_u32_state+0x9/0x80
[  304.672551][T17537]  submit_bio+0x1f3/0x350
[  304.677939][T17537]  ? iov_iter_npages+0x160/0x5e0
[  304.683936][T17537]  blkdev_direct_IO+0x4fa/0xf60
[  304.688835][T17537]  ? aio_prep_rw+0x3b0/0x3b0
[  304.689371][T17538] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  304.693413][T17537]  ? current_time+0xdb/0x190
[  304.693434][T17537]  ? atime_needs_update+0x290/0x370
[  304.693454][T17537]  ? touch_atime+0x10e/0x2d0
16:56:29 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xd00, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  304.716581][T17537]  generic_file_read_iter+0x2c4/0x3d0
[  304.723057][T17537]  blkdev_read_iter+0xb3/0xc0
[  304.728405][T17537]  aio_read+0x1be/0x280
[  304.732863][T17537]  ? __rcu_read_unlock+0x51/0x250
[  304.738692][T17537]  io_submit_one+0x62d/0x1230
[  304.743372][T17537]  ? asm_exc_page_fault+0x1e/0x30
[  304.749154][T17537]  __se_sys_io_submit+0xf5/0x270
[  304.755092][T17537]  ? ksys_write+0x157/0x180
[  304.759644][T17537]  ? fpregs_assert_state_consistent+0x7d/0x90
[  304.766150][T17537]  __x64_sys_io_submit+0x3f/0x50
[  304.772012][T17537]  do_syscall_64+0x39/0x80
[  304.776532][T17537]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  304.782746][T17537] RIP: 0033:0x45e149
[  304.787269][T17537] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  304.807972][T17537] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:29 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x1b9}])

[  304.817112][T17537] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  304.825962][T17537] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  304.834750][T17537] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  304.842773][T17537] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000001f
[  304.850870][T17537] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:29 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x810100}])

16:56:29 executing program 4 (fault-call:2 fault-nth:32):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  304.966502][T17540] loop5: detected capacity change from 264192 to 0
[  305.018471][T17563] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  305.040136][T17566] FAULT_INJECTION: forcing a failure.
[  305.040136][T17566] name failslab, interval 1, probability 0, space 0, times 0
[  305.042797][T17563] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  305.065395][T17566] CPU: 0 PID: 17566 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  305.073808][T17566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  305.083850][T17566] Call Trace:
[  305.087116][T17566]  dump_stack+0x116/0x15d
[  305.091447][T17566]  should_fail+0x231/0x240
[  305.095861][T17566]  ? mempool_alloc_slab+0x16/0x20
[  305.100957][T17566]  __should_failslab+0x81/0x90
[  305.105722][T17566]  should_failslab+0x5/0x20
[  305.110277][T17566]  kmem_cache_alloc+0x36/0x2e0
[  305.115116][T17566]  ? mempool_alloc_slab+0x16/0x20
[  305.120197][T17566]  mempool_alloc_slab+0x16/0x20
[  305.125047][T17566]  ? mempool_free+0x130/0x130
[  305.129713][T17566]  mempool_alloc+0x64/0x320
[  305.134208][T17566]  ? submit_bio_checks+0x823/0xb20
[  305.139338][T17566]  ? find_next_zero_bit+0xca/0xf0
[  305.144454][T17566]  bio_alloc_bioset+0x138/0x3a0
[  305.149292][T17566]  bio_clone_fast+0x23/0x110
[  305.153971][T17566]  bio_split+0x80/0x180
[  305.158129][T17566]  __blk_queue_split+0xabb/0xc80
[  305.163049][T17566]  blk_mq_submit_bio+0xce/0x1000
[  305.167976][T17566]  submit_bio_noacct+0x75d/0x910
[  305.172999][T17566]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  305.178609][T17566]  ? prandom_u32_state+0x9/0x80
[  305.183483][T17566]  submit_bio+0x1f3/0x350
[  305.187858][T17566]  ? iov_iter_npages+0x160/0x5e0
[  305.192778][T17566]  blkdev_direct_IO+0x4fa/0xf60
[  305.197666][T17566]  ? aio_prep_rw+0x3b0/0x3b0
[  305.202235][T17566]  ? current_time+0xdb/0x190
[  305.206870][T17566]  ? atime_needs_update+0x290/0x370
[  305.212132][T17566]  ? touch_atime+0x10e/0x2d0
[  305.216717][T17566]  generic_file_read_iter+0x2c4/0x3d0
[  305.222168][T17566]  blkdev_read_iter+0xb3/0xc0
[  305.226826][T17566]  aio_read+0x1be/0x280
[  305.230959][T17566]  ? __rcu_read_unlock+0x51/0x250
[  305.235962][T17566]  io_submit_one+0x62d/0x1230
[  305.240679][T17566]  ? asm_exc_page_fault+0x1e/0x30
[  305.245742][T17566]  __se_sys_io_submit+0xf5/0x270
[  305.250754][T17566]  ? ksys_write+0x157/0x180
[  305.255244][T17566]  ? fpregs_assert_state_consistent+0x7d/0x90
[  305.261294][T17566]  __x64_sys_io_submit+0x3f/0x50
[  305.266249][T17566]  do_syscall_64+0x39/0x80
[  305.270667][T17566]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  305.276546][T17566] RIP: 0033:0x45e149
[  305.280416][T17566] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  305.299996][T17566] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  305.308382][T17566] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:30 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xf00, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  305.316327][T17566] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  305.324279][T17566] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  305.332228][T17566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020
[  305.340174][T17566] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:30 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x1000000}])

16:56:30 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00efff, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:30 executing program 4 (fault-call:2 fault-nth:33):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:30 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x204}])

16:56:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:30 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x2000, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  305.572729][T17582] loop5: detected capacity change from 264192 to 0
[  305.609537][T17587] FAULT_INJECTION: forcing a failure.
[  305.609537][T17587] name failslab, interval 1, probability 0, space 0, times 0
16:56:30 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000000}])

[  305.633387][T17590] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  305.658467][T17587] CPU: 0 PID: 17587 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  305.667884][T17587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  305.676195][T17590] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  305.677929][T17587] Call Trace:
[  305.677938][T17587]  dump_stack+0x116/0x15d
[  305.694223][T17587]  should_fail+0x231/0x240
[  305.698672][T17587]  ? mempool_alloc_slab+0x16/0x20
[  305.703696][T17587]  __should_failslab+0x81/0x90
[  305.708509][T17587]  should_failslab+0x5/0x20
[  305.713457][T17587]  kmem_cache_alloc+0x36/0x2e0
[  305.719238][T17587]  ? mempool_alloc_slab+0x16/0x20
[  305.724260][T17587]  mempool_alloc_slab+0x16/0x20
[  305.729145][T17587]  ? mempool_free+0x130/0x130
[  305.733820][T17587]  mempool_alloc+0x64/0x320
[  305.740785][T17587]  ? submit_bio_checks+0x823/0xb20
[  305.746229][T17587]  ? find_next_zero_bit+0xca/0xf0
[  305.752165][T17587]  bio_alloc_bioset+0x138/0x3a0
[  305.757020][T17587]  bio_clone_fast+0x23/0x110
[  305.761801][T17587]  bio_split+0x80/0x180
[  305.766134][T17587]  __blk_queue_split+0xabb/0xc80
[  305.771649][T17587]  blk_mq_submit_bio+0xce/0x1000
[  305.777609][T17587]  submit_bio_noacct+0x75d/0x910
[  305.783475][T17587]  ? mempool_alloc+0x71/0x320
[  305.789115][T17587]  ? prandom_u32_state+0x9/0x80
[  305.795134][T17587]  submit_bio+0x1f3/0x350
[  305.799555][T17587]  ? iov_iter_npages+0x160/0x5e0
[  305.804491][T17587]  blkdev_direct_IO+0x4fa/0xf60
[  305.810288][T17587]  ? aio_prep_rw+0x3b0/0x3b0
[  305.815059][T17587]  ? current_time+0xdb/0x190
[  305.820755][T17587]  ? atime_needs_update+0x290/0x370
[  305.826224][T17587]  ? touch_atime+0x10e/0x2d0
[  305.830850][T17587]  generic_file_read_iter+0x2c4/0x3d0
[  305.836535][T17587]  blkdev_read_iter+0xb3/0xc0
[  305.842142][T17587]  aio_read+0x1be/0x280
[  305.846885][T17587]  ? __rcu_read_unlock+0x51/0x250
[  305.852477][T17587]  io_submit_one+0x62d/0x1230
[  305.857954][T17587]  ? asm_exc_page_fault+0x1e/0x30
[  305.862973][T17587]  __se_sys_io_submit+0xf5/0x270
[  305.868720][T17587]  ? ksys_write+0x157/0x180
[  305.873255][T17587]  ? fpregs_assert_state_consistent+0x7d/0x90
[  305.880446][T17587]  __x64_sys_io_submit+0x3f/0x50
[  305.886175][T17587]  do_syscall_64+0x39/0x80
[  305.891972][T17587]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  305.897955][T17587] RIP: 0033:0x45e149
[  305.902365][T17587] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  305.922088][T17587] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:30 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x300}])

[  305.930475][T17587] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  305.938425][T17587] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  305.946397][T17587] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  305.954343][T17587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000021
[  305.962295][T17587] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:30 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x2401, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  306.034339][T17582] loop5: detected capacity change from 264192 to 0
16:56:30 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2040000}])

16:56:30 executing program 4 (fault-call:2 fault-nth:34):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  306.103302][T17606] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:30 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x402}])

16:56:30 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a00ffef, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  306.222583][T17618] FAULT_INJECTION: forcing a failure.
[  306.222583][T17618] name failslab, interval 1, probability 0, space 0, times 0
[  306.235927][T17618] CPU: 0 PID: 17618 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  306.244367][T17618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  306.254396][T17618] Call Trace:
[  306.257751][T17618]  dump_stack+0x116/0x15d
[  306.262092][T17618]  should_fail+0x231/0x240
[  306.266481][T17618]  ? mempool_alloc_slab+0x16/0x20
[  306.271485][T17618]  __should_failslab+0x81/0x90
[  306.276339][T17618]  should_failslab+0x5/0x20
[  306.280908][T17618]  kmem_cache_alloc+0x36/0x2e0
[  306.285650][T17618]  ? mempool_alloc_slab+0x16/0x20
[  306.290644][T17618]  mempool_alloc_slab+0x16/0x20
[  306.295512][T17618]  ? mempool_free+0x130/0x130
[  306.300227][T17618]  mempool_alloc+0x64/0x320
[  306.304704][T17618]  ? submit_bio_checks+0x823/0xb20
[  306.309851][T17618]  ? find_next_zero_bit+0xca/0xf0
[  306.314844][T17618]  bio_alloc_bioset+0x138/0x3a0
[  306.319732][T17618]  bio_clone_fast+0x23/0x110
[  306.324367][T17618]  bio_split+0x80/0x180
[  306.328514][T17618]  __blk_queue_split+0xabb/0xc80
[  306.333510][T17618]  blk_mq_submit_bio+0xce/0x1000
[  306.338439][T17618]  submit_bio_noacct+0x75d/0x910
[  306.343353][T17618]  ? mempool_alloc+0x71/0x320
[  306.348069][T17618]  ? prandom_u32_state+0x9/0x80
[  306.352903][T17618]  submit_bio+0x1f3/0x350
[  306.357215][T17618]  ? iov_iter_npages+0x160/0x5e0
[  306.362189][T17618]  blkdev_direct_IO+0x4fa/0xf60
[  306.367019][T17618]  ? aio_prep_rw+0x3b0/0x3b0
[  306.371582][T17618]  ? current_time+0xdb/0x190
[  306.376151][T17618]  ? atime_needs_update+0x290/0x370
[  306.381330][T17618]  ? touch_atime+0x10e/0x2d0
[  306.385896][T17618]  generic_file_read_iter+0x2c4/0x3d0
[  306.391351][T17618]  blkdev_read_iter+0xb3/0xc0
[  306.396059][T17618]  aio_read+0x1be/0x280
[  306.400236][T17618]  ? __rcu_read_unlock+0x51/0x250
[  306.405296][T17618]  io_submit_one+0x62d/0x1230
[  306.409960][T17618]  ? asm_exc_page_fault+0x1e/0x30
[  306.414967][T17618]  __se_sys_io_submit+0xf5/0x270
[  306.419895][T17618]  ? ksys_write+0x157/0x180
[  306.424415][T17618]  ? fpregs_assert_state_consistent+0x7d/0x90
[  306.430519][T17618]  __x64_sys_io_submit+0x3f/0x50
[  306.435439][T17618]  do_syscall_64+0x39/0x80
[  306.439842][T17618]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  306.445737][T17618] RIP: 0033:0x45e149
[  306.449653][T17618] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  306.469408][T17618] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  306.477794][T17618] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  306.485742][T17618] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  306.493755][T17618] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  306.501809][T17618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000022
[  306.509770][T17618] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:31 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x3000000}])

16:56:31 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xefff, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:31 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x406}])

[  306.567102][T17626] tbf_change: 1 callbacks suppressed
[  306.567112][T17626] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:31 executing program 4 (fault-call:2 fault-nth:35):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  306.620932][T17626] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  306.625409][T17629] loop5: detected capacity change from 264192 to 0
16:56:31 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x4000000}])

[  306.743439][T17642] FAULT_INJECTION: forcing a failure.
[  306.743439][T17642] name failslab, interval 1, probability 0, space 0, times 0
[  306.781364][T17642] CPU: 0 PID: 17642 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
16:56:31 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xffef, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:31 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  306.789887][T17642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  306.799932][T17642] Call Trace:
[  306.803238][T17642]  dump_stack+0x116/0x15d
[  306.807557][T17642]  should_fail+0x231/0x240
[  306.811947][T17642]  ? mempool_alloc_slab+0x16/0x20
[  306.816948][T17642]  __should_failslab+0x81/0x90
[  306.821686][T17642]  should_failslab+0x5/0x20
[  306.826180][T17642]  kmem_cache_alloc+0x36/0x2e0
[  306.830940][T17642]  ? mempool_alloc_slab+0x16/0x20
[  306.835941][T17642]  mempool_alloc_slab+0x16/0x20
[  306.840933][T17642]  ? mempool_free+0x130/0x130
[  306.845600][T17642]  mempool_alloc+0x64/0x320
[  306.850077][T17642]  ? submit_bio_checks+0x823/0xb20
[  306.855190][T17642]  ? find_next_zero_bit+0xca/0xf0
[  306.860187][T17642]  bio_alloc_bioset+0x138/0x3a0
[  306.865017][T17642]  bio_clone_fast+0x23/0x110
[  306.869628][T17642]  bio_split+0x80/0x180
[  306.873824][T17642]  __blk_queue_split+0xabb/0xc80
[  306.878784][T17642]  blk_mq_submit_bio+0xce/0x1000
[  306.883700][T17642]  submit_bio_noacct+0x75d/0x910
[  306.888614][T17642]  ? mempool_alloc+0x71/0x320
[  306.893279][T17642]  ? prandom_u32_state+0x9/0x80
[  306.898107][T17642]  submit_bio+0x1f3/0x350
[  306.902413][T17642]  ? iov_iter_npages+0x160/0x5e0
[  306.907331][T17642]  blkdev_direct_IO+0x4fa/0xf60
[  306.912196][T17642]  ? aio_prep_rw+0x3b0/0x3b0
[  306.916764][T17642]  ? current_time+0xdb/0x190
[  306.921339][T17642]  ? atime_needs_update+0x290/0x370
[  306.926564][T17642]  ? touch_atime+0x10e/0x2d0
[  306.931165][T17642]  generic_file_read_iter+0x2c4/0x3d0
[  306.936530][T17642]  blkdev_read_iter+0xb3/0xc0
[  306.941213][T17642]  aio_read+0x1be/0x280
[  306.945343][T17642]  ? __rcu_read_unlock+0x51/0x250
[  306.950362][T17642]  io_submit_one+0x62d/0x1230
[  306.955023][T17642]  ? asm_exc_page_fault+0x1e/0x30
[  306.960049][T17642]  __se_sys_io_submit+0xf5/0x270
[  306.965003][T17642]  ? ksys_write+0x157/0x180
[  306.969484][T17642]  ? fpregs_assert_state_consistent+0x7d/0x90
[  306.975643][T17642]  __x64_sys_io_submit+0x3f/0x50
[  306.980586][T17642]  do_syscall_64+0x39/0x80
[  306.985153][T17642]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  306.991064][T17642] RIP: 0033:0x45e149
[  306.994936][T17642] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  307.014530][T17642] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  307.022935][T17642] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  307.030920][T17642] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  307.038941][T17642] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  307.046901][T17642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000023
[  307.054849][T17642] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:31 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x500}])

16:56:31 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x5000000}])

16:56:31 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xffff, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  307.137921][T17652] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  307.172075][T17652] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:31 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  307.280168][T17667] loop5: detected capacity change from 264192 to 0
16:56:31 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:31 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x604}])

16:56:32 executing program 4 (fault-call:2 fault-nth:36):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:32 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:32 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x6040000}])

[  307.409775][T17672] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:32 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x700}])

[  307.453090][T17672] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  307.466936][T17667] loop5: detected capacity change from 264192 to 0
[  307.529261][T17683] FAULT_INJECTION: forcing a failure.
[  307.529261][T17683] name failslab, interval 1, probability 0, space 0, times 0
[  307.544214][T17683] CPU: 1 PID: 17683 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  307.552634][T17683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.562697][T17683] Call Trace:
[  307.565971][T17683]  dump_stack+0x116/0x15d
[  307.570290][T17683]  should_fail+0x231/0x240
[  307.574703][T17683]  ? mempool_alloc_slab+0x16/0x20
[  307.579721][T17683]  __should_failslab+0x81/0x90
[  307.584473][T17683]  should_failslab+0x5/0x20
[  307.589018][T17683]  kmem_cache_alloc+0x36/0x2e0
[  307.593811][T17683]  mempool_alloc_slab+0x16/0x20
[  307.598697][T17683]  ? mempool_free+0x130/0x130
[  307.603359][T17683]  mempool_alloc+0x64/0x320
[  307.607880][T17683]  ? preempt_schedule+0x54/0x80
[  307.612808][T17683]  bio_alloc_bioset+0x138/0x3a0
[  307.617697][T17683]  ? __blk_mq_delay_run_hw_queue+0x1c5/0x330
[  307.623666][T17683]  bio_clone_fast+0x23/0x110
[  307.628265][T17683]  bio_split+0x80/0x180
[  307.632703][T17683]  __blk_queue_split+0xabb/0xc80
[  307.637637][T17683]  blk_mq_submit_bio+0xce/0x1000
[  307.642568][T17683]  submit_bio_noacct+0x75d/0x910
[  307.647523][T17683]  ? mempool_alloc+0x71/0x320
[  307.652185][T17683]  ? prandom_u32_state+0x9/0x80
[  307.657138][T17683]  submit_bio+0x1f3/0x350
[  307.661523][T17683]  ? iov_iter_npages+0x160/0x5e0
[  307.666458][T17683]  blkdev_direct_IO+0x4fa/0xf60
[  307.671356][T17683]  ? aio_prep_rw+0x3b0/0x3b0
16:56:32 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x2, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  307.675939][T17683]  ? current_time+0xdb/0x190
[  307.680521][T17683]  ? atime_needs_update+0x290/0x370
[  307.685737][T17683]  ? touch_atime+0x10e/0x2d0
[  307.690352][T17683]  generic_file_read_iter+0x2c4/0x3d0
[  307.695702][T17683]  blkdev_read_iter+0xb3/0xc0
[  307.700458][T17683]  aio_read+0x1be/0x280
[  307.704635][T17683]  ? __rcu_read_unlock+0x51/0x250
[  307.709636][T17683]  io_submit_one+0x62d/0x1230
[  307.714321][T17683]  ? asm_exc_page_fault+0x1e/0x30
[  307.719325][T17683]  __se_sys_io_submit+0xf5/0x270
[  307.724281][T17683]  ? ksys_write+0x157/0x180
[  307.728767][T17683]  ? fpregs_assert_state_consistent+0x7d/0x90
[  307.734887][T17683]  __x64_sys_io_submit+0x3f/0x50
[  307.739829][T17683]  do_syscall_64+0x39/0x80
[  307.744237][T17683]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  307.750181][T17683] RIP: 0033:0x45e149
[  307.754178][T17683] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  307.773885][T17683] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  307.782397][T17683] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  307.790367][T17683] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  307.798320][T17683] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  307.806277][T17683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024
[  307.814233][T17683] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:32 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:32 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x3, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:32 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7000000}])

16:56:32 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x2, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:32 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd00}])

16:56:32 executing program 4 (fault-call:2 fault-nth:37):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  307.950657][T17702] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  307.977643][T17702] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  307.997064][T17710] loop5: detected capacity change from 264192 to 0
[  308.020325][T17711] FAULT_INJECTION: forcing a failure.
[  308.020325][T17711] name failslab, interval 1, probability 0, space 0, times 0
[  308.033039][T17711] CPU: 0 PID: 17711 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  308.041539][T17711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  308.051590][T17711] Call Trace:
[  308.054859][T17711]  dump_stack+0x116/0x15d
[  308.059182][T17711]  should_fail+0x231/0x240
[  308.063640][T17711]  ? mempool_alloc_slab+0x16/0x20
[  308.068765][T17711]  __should_failslab+0x81/0x90
[  308.073906][T17711]  should_failslab+0x5/0x20
[  308.078409][T17711]  kmem_cache_alloc+0x36/0x2e0
[  308.083202][T17711]  ? mempool_alloc_slab+0x16/0x20
[  308.088216][T17711]  mempool_alloc_slab+0x16/0x20
[  308.093087][T17711]  ? mempool_free+0x130/0x130
[  308.098862][T17711]  mempool_alloc+0x64/0x320
[  308.103362][T17711]  ? submit_bio_checks+0x823/0xb20
[  308.109074][T17711]  ? find_next_zero_bit+0xca/0xf0
[  308.114802][T17711]  bio_alloc_bioset+0x138/0x3a0
[  308.120434][T17711]  bio_clone_fast+0x23/0x110
[  308.126074][T17711]  bio_split+0x80/0x180
[  308.131229][T17711]  __blk_queue_split+0xabb/0xc80
[  308.137279][T17711]  blk_mq_submit_bio+0xce/0x1000
[  308.142530][T17711]  submit_bio_noacct+0x75d/0x910
[  308.148159][T17711]  ? bio_set_pages_dirty+0x6b/0x1e0
[  308.154777][T17711]  submit_bio+0x1f3/0x350
[  308.159153][T17711]  ? iov_iter_npages+0x160/0x5e0
[  308.166531][T17711]  blkdev_direct_IO+0x4fa/0xf60
[  308.173025][T17711]  ? aio_prep_rw+0x3b0/0x3b0
[  308.178630][T17711]  ? current_time+0xdb/0x190
[  308.183213][T17711]  ? atime_needs_update+0x290/0x370
[  308.188803][T17711]  ? touch_atime+0x10e/0x2d0
[  308.194259][T17711]  generic_file_read_iter+0x2c4/0x3d0
[  308.199981][T17711]  blkdev_read_iter+0xb3/0xc0
[  308.205433][T17711]  aio_read+0x1be/0x280
[  308.209748][T17711]  ? __rcu_read_unlock+0x51/0x250
[  308.215367][T17711]  io_submit_one+0x62d/0x1230
[  308.220408][T17711]  ? asm_exc_page_fault+0x1e/0x30
[  308.226267][T17711]  __se_sys_io_submit+0xf5/0x270
[  308.232094][T17711]  ? ksys_write+0x157/0x180
[  308.236736][T17711]  ? fpregs_assert_state_consistent+0x7d/0x90
[  308.243432][T17711]  __x64_sys_io_submit+0x3f/0x50
[  308.248938][T17711]  do_syscall_64+0x39/0x80
[  308.254336][T17711]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  308.260227][T17711] RIP: 0033:0x45e149
[  308.264197][T17711] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  308.283813][T17711] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  308.292322][T17711] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:32 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x4, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:32 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8000000}])

16:56:33 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf00}])

16:56:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  308.300272][T17711] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  308.308220][T17711] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  308.316215][T17711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000025
[  308.324163][T17711] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:33 executing program 4 (fault-call:2 fault-nth:38):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  308.397794][T17710] loop5: detected capacity change from 264192 to 0
16:56:33 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x3, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:33 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000}])

[  308.464155][T17727] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  308.499984][T17732] FAULT_INJECTION: forcing a failure.
[  308.499984][T17732] name failslab, interval 1, probability 0, space 0, times 0
[  308.531038][T17732] CPU: 0 PID: 17732 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  308.539460][T17732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  308.549555][T17732] Call Trace:
[  308.552833][T17732]  dump_stack+0x116/0x15d
[  308.557191][T17732]  should_fail+0x231/0x240
[  308.561584][T17732]  ? mempool_alloc_slab+0x16/0x20
[  308.566592][T17732]  __should_failslab+0x81/0x90
[  308.571352][T17732]  should_failslab+0x5/0x20
[  308.575853][T17732]  kmem_cache_alloc+0x36/0x2e0
[  308.580624][T17732]  mempool_alloc_slab+0x16/0x20
[  308.585519][T17732]  ? mempool_free+0x130/0x130
[  308.590187][T17732]  mempool_alloc+0x64/0x320
[  308.594669][T17732]  ? submit_bio_checks+0x823/0xb20
[  308.599763][T17732]  ? find_next_zero_bit+0xca/0xf0
[  308.604835][T17732]  bio_alloc_bioset+0x138/0x3a0
[  308.609732][T17732]  bio_clone_fast+0x23/0x110
[  308.614350][T17732]  bio_split+0x80/0x180
[  308.618579][T17732]  __blk_queue_split+0xabb/0xc80
[  308.623500][T17732]  blk_mq_submit_bio+0xce/0x1000
[  308.628512][T17732]  submit_bio_noacct+0x75d/0x910
[  308.633458][T17732]  ? mempool_alloc+0x71/0x320
[  308.638115][T17732]  ? prandom_u32_state+0x9/0x80
[  308.642945][T17732]  submit_bio+0x1f3/0x350
[  308.647251][T17732]  ? iov_iter_npages+0x160/0x5e0
[  308.652202][T17732]  blkdev_direct_IO+0x4fa/0xf60
[  308.657035][T17732]  ? aio_prep_rw+0x3b0/0x3b0
[  308.661685][T17732]  ? current_time+0xdb/0x190
[  308.666254][T17732]  ? atime_needs_update+0x290/0x370
[  308.671429][T17732]  ? touch_atime+0x10e/0x2d0
[  308.675995][T17732]  generic_file_read_iter+0x2c4/0x3d0
[  308.681409][T17732]  blkdev_read_iter+0xb3/0xc0
[  308.686148][T17732]  aio_read+0x1be/0x280
[  308.690301][T17732]  ? __rcu_read_unlock+0x51/0x250
[  308.695404][T17732]  io_submit_one+0x62d/0x1230
[  308.700052][T17732]  ? asm_exc_page_fault+0x1e/0x30
[  308.705126][T17732]  __se_sys_io_submit+0xf5/0x270
[  308.710169][T17732]  ? ksys_write+0x157/0x180
[  308.714722][T17732]  ? fpregs_assert_state_consistent+0x7d/0x90
[  308.720870][T17732]  __x64_sys_io_submit+0x3f/0x50
[  308.725817][T17732]  do_syscall_64+0x39/0x80
[  308.730276][T17732]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  308.736147][T17732] RIP: 0033:0x45e149
[  308.740062][T17732] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  308.759654][T17732] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  308.768056][T17732] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:33 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x5, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:33 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd000000}])

[  308.776007][T17732] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  308.783967][T17732] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  308.791989][T17732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000026
[  308.799940][T17732] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:33 executing program 4 (fault-call:2 fault-nth:39):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  308.880721][T17741] loop5: detected capacity change from 264192 to 0
[  308.908698][T17747] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  308.951940][T17747] validate_nla: 1 callbacks suppressed
[  308.951952][T17747] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:33 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf000000}])

16:56:33 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x7, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:33 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xb901}])

16:56:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  309.027681][T17741] loop5: detected capacity change from 264192 to 0
16:56:33 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x4, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  309.163493][T17762] FAULT_INJECTION: forcing a failure.
[  309.163493][T17762] name failslab, interval 1, probability 0, space 0, times 0
[  309.173055][T17767] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  309.187752][T17767] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  309.206877][T17762] CPU: 0 PID: 17762 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  309.215301][T17762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.225344][T17762] Call Trace:
[  309.228611][T17762]  dump_stack+0x116/0x15d
[  309.233005][T17762]  should_fail+0x231/0x240
[  309.237457][T17762]  ? mempool_alloc_slab+0x16/0x20
[  309.242460][T17762]  __should_failslab+0x81/0x90
[  309.247204][T17762]  should_failslab+0x5/0x20
[  309.251743][T17762]  kmem_cache_alloc+0x36/0x2e0
[  309.256495][T17762]  ? mempool_alloc_slab+0x16/0x20
[  309.261510][T17762]  mempool_alloc_slab+0x16/0x20
[  309.266339][T17762]  ? mempool_free+0x130/0x130
[  309.270993][T17762]  mempool_alloc+0x64/0x320
[  309.275474][T17762]  ? submit_bio_checks+0x823/0xb20
[  309.280581][T17762]  ? find_next_zero_bit+0xca/0xf0
[  309.285591][T17762]  bio_alloc_bioset+0x138/0x3a0
[  309.290494][T17762]  bio_clone_fast+0x23/0x110
[  309.295098][T17762]  bio_split+0x80/0x180
[  309.299321][T17762]  __blk_queue_split+0xabb/0xc80
[  309.304241][T17762]  blk_mq_submit_bio+0xce/0x1000
[  309.309169][T17762]  submit_bio_noacct+0x75d/0x910
[  309.314104][T17762]  ? prandom_u32_state+0x9/0x80
[  309.318957][T17762]  submit_bio+0x1f3/0x350
[  309.323262][T17762]  ? iov_iter_npages+0x160/0x5e0
[  309.328231][T17762]  blkdev_direct_IO+0x4fa/0xf60
[  309.333089][T17762]  ? aio_prep_rw+0x3b0/0x3b0
[  309.337669][T17762]  ? current_time+0xdb/0x190
[  309.342235][T17762]  ? atime_needs_update+0x290/0x370
[  309.347410][T17762]  ? touch_atime+0x10e/0x2d0
[  309.351977][T17762]  generic_file_read_iter+0x2c4/0x3d0
[  309.357327][T17762]  blkdev_read_iter+0xb3/0xc0
[  309.362005][T17762]  aio_read+0x1be/0x280
[  309.366139][T17762]  ? __rcu_read_unlock+0x51/0x250
[  309.371146][T17762]  io_submit_one+0x62d/0x1230
[  309.375839][T17762]  ? asm_exc_page_fault+0x1e/0x30
[  309.380843][T17762]  __se_sys_io_submit+0xf5/0x270
[  309.385769][T17762]  ? ksys_write+0x157/0x180
[  309.390256][T17762]  ? fpregs_assert_state_consistent+0x7d/0x90
[  309.396303][T17762]  __x64_sys_io_submit+0x3f/0x50
[  309.401305][T17762]  do_syscall_64+0x39/0x80
[  309.405711][T17762]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  309.411596][T17762] RIP: 0033:0x45e149
[  309.415473][T17762] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  309.435184][T17762] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  309.443704][T17762] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  309.451653][T17762] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  309.459612][T17762] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  309.467570][T17762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000027
[  309.475580][T17762] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:34 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x8, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:34 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x72000000}])

16:56:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:34 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefff}])

16:56:34 executing program 4 (fault-call:2 fault-nth:40):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  309.628612][T17779] loop5: detected capacity change from 264192 to 0
16:56:34 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefffffff}])

[  309.685070][T17788] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  309.708196][T17787] FAULT_INJECTION: forcing a failure.
[  309.708196][T17787] name failslab, interval 1, probability 0, space 0, times 0
16:56:34 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xd, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  309.730006][T17787] CPU: 0 PID: 17787 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  309.738431][T17787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.748473][T17787] Call Trace:
[  309.751739][T17787]  dump_stack+0x116/0x15d
[  309.755248][T17788] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  309.756071][T17787]  should_fail+0x231/0x240
[  309.756093][T17787]  ? mempool_alloc_slab+0x16/0x20
[  309.773524][T17787]  __should_failslab+0x81/0x90
[  309.778940][T17787]  should_failslab+0x5/0x20
[  309.785432][T17787]  kmem_cache_alloc+0x36/0x2e0
[  309.790833][T17787]  ? mempool_alloc_slab+0x16/0x20
[  309.796445][T17787]  mempool_alloc_slab+0x16/0x20
[  309.802071][T17787]  ? mempool_free+0x130/0x130
[  309.806747][T17787]  mempool_alloc+0x64/0x320
[  309.812238][T17787]  ? submit_bio_checks+0x823/0xb20
[  309.818238][T17787]  ? find_next_zero_bit+0xca/0xf0
[  309.823263][T17787]  bio_alloc_bioset+0x138/0x3a0
[  309.828112][T17787]  bio_clone_fast+0x23/0x110
[  309.832704][T17787]  bio_split+0x80/0x180
[  309.836852][T17787]  __blk_queue_split+0xabb/0xc80
[  309.841883][T17787]  blk_mq_submit_bio+0xce/0x1000
[  309.846818][T17787]  submit_bio_noacct+0x75d/0x910
[  309.851786][T17787]  ? mempool_alloc+0x71/0x320
[  309.856457][T17787]  ? prandom_u32_state+0x9/0x80
[  309.861403][T17787]  submit_bio+0x1f3/0x350
[  309.865727][T17787]  ? iov_iter_npages+0x160/0x5e0
[  309.870764][T17787]  blkdev_direct_IO+0x4fa/0xf60
[  309.875641][T17787]  ? aio_prep_rw+0x3b0/0x3b0
[  309.880207][T17787]  ? current_time+0xdb/0x190
[  309.884775][T17787]  ? atime_needs_update+0x290/0x370
[  309.889948][T17787]  ? touch_atime+0x10e/0x2d0
[  309.894623][T17787]  generic_file_read_iter+0x2c4/0x3d0
[  309.900012][T17787]  blkdev_read_iter+0xb3/0xc0
[  309.904685][T17787]  aio_read+0x1be/0x280
[  309.908816][T17787]  ? __rcu_read_unlock+0x51/0x250
[  309.913838][T17787]  io_submit_one+0x62d/0x1230
[  309.918499][T17787]  ? asm_exc_page_fault+0x1e/0x30
[  309.923551][T17787]  __se_sys_io_submit+0xf5/0x270
[  309.928565][T17787]  ? ksys_write+0x157/0x180
[  309.933091][T17787]  ? fpregs_assert_state_consistent+0x7d/0x90
[  309.939153][T17787]  __x64_sys_io_submit+0x3f/0x50
[  309.944087][T17787]  do_syscall_64+0x39/0x80
[  309.948482][T17787]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  309.954354][T17787] RIP: 0033:0x45e149
[  309.958223][T17787] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  309.977966][T17787] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:34 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffef}])

[  309.986525][T17787] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  309.994475][T17787] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  310.002424][T17787] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  310.010415][T17787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000028
[  310.018377][T17787] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:34 executing program 4 (fault-call:2 fault-nth:41):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:34 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x5, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:34 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xf, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:34 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffefffff}])

16:56:34 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x18100}])

[  310.256525][T17806] FAULT_INJECTION: forcing a failure.
[  310.256525][T17806] name failslab, interval 1, probability 0, space 0, times 0
[  310.273218][T17813] loop5: detected capacity change from 264192 to 0
[  310.281269][T17809] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  310.304501][T17806] CPU: 0 PID: 17806 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  310.312929][T17806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.323047][T17806] Call Trace:
[  310.326320][T17806]  dump_stack+0x116/0x15d
[  310.330702][T17806]  should_fail+0x231/0x240
[  310.335113][T17806]  ? mempool_alloc_slab+0x16/0x20
[  310.336288][T17809] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  310.340133][T17806]  __should_failslab+0x81/0x90
[  310.353001][T17806]  should_failslab+0x5/0x20
[  310.357564][T17806]  kmem_cache_alloc+0x36/0x2e0
[  310.363251][T17806]  ? mempool_alloc_slab+0x16/0x20
[  310.368965][T17806]  mempool_alloc_slab+0x16/0x20
[  310.373817][T17806]  ? mempool_free+0x130/0x130
[  310.379459][T17806]  mempool_alloc+0x64/0x320
[  310.384043][T17806]  ? submit_bio_checks+0x823/0xb20
[  310.389644][T17806]  ? find_next_zero_bit+0xca/0xf0
[  310.395354][T17806]  bio_alloc_bioset+0x138/0x3a0
[  310.401073][T17806]  bio_clone_fast+0x23/0x110
[  310.406448][T17806]  bio_split+0x80/0x180
[  310.410643][T17806]  __blk_queue_split+0xabb/0xc80
[  310.417517][T17806]  blk_mq_submit_bio+0xce/0x1000
[  310.422458][T17806]  submit_bio_noacct+0x75d/0x910
[  310.427450][T17806]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  310.432982][T17806]  ? prandom_u32_state+0x9/0x80
[  310.437827][T17806]  submit_bio+0x1f3/0x350
[  310.442158][T17806]  ? iov_iter_npages+0x160/0x5e0
[  310.447078][T17806]  blkdev_direct_IO+0x4fa/0xf60
[  310.451998][T17806]  ? aio_prep_rw+0x3b0/0x3b0
[  310.456564][T17806]  ? current_time+0xdb/0x190
[  310.461212][T17806]  ? atime_needs_update+0x290/0x370
[  310.466480][T17806]  ? touch_atime+0x10e/0x2d0
[  310.471125][T17806]  generic_file_read_iter+0x2c4/0x3d0
[  310.476493][T17806]  blkdev_read_iter+0xb3/0xc0
[  310.481151][T17806]  aio_read+0x1be/0x280
[  310.485283][T17806]  ? __rcu_read_unlock+0x51/0x250
[  310.490286][T17806]  io_submit_one+0x62d/0x1230
[  310.494979][T17806]  ? asm_exc_page_fault+0x1e/0x30
[  310.500036][T17806]  __se_sys_io_submit+0xf5/0x270
[  310.504955][T17806]  ? ksys_write+0x157/0x180
[  310.509439][T17806]  ? fpregs_assert_state_consistent+0x7d/0x90
[  310.515482][T17806]  __x64_sys_io_submit+0x3f/0x50
[  310.520441][T17806]  do_syscall_64+0x39/0x80
[  310.524838][T17806]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  310.530709][T17806] RIP: 0033:0x45e149
[  310.534580][T17806] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  310.554239][T17806] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  310.562632][T17806] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  310.570584][T17806] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  310.578533][T17806] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  310.586485][T17806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029
[  310.594439][T17806] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:35 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x20000}])

16:56:35 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffefff}])

[  310.648213][T17813] loop5: detected capacity change from 264192 to 0
16:56:35 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x10, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:35 executing program 4 (fault-call:2 fault-nth:42):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:35 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x7, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  310.803308][T17838] FAULT_INJECTION: forcing a failure.
[  310.803308][T17838] name failslab, interval 1, probability 0, space 0, times 0
[  310.816206][T17838] CPU: 1 PID: 17838 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  310.824617][T17838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.826911][T17836] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  310.834684][T17838] Call Trace:
[  310.834693][T17838]  dump_stack+0x116/0x15d
[  310.850992][T17838]  should_fail+0x231/0x240
[  310.855407][T17838]  ? mempool_alloc_slab+0x16/0x20
[  310.857629][T17836] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  310.860460][T17838]  __should_failslab+0x81/0x90
[  310.873705][T17838]  should_failslab+0x5/0x20
[  310.879107][T17838]  kmem_cache_alloc+0x36/0x2e0
[  310.883920][T17838]  ? mempool_alloc_slab+0x16/0x20
[  310.889409][T17838]  mempool_alloc_slab+0x16/0x20
[  310.894812][T17838]  ? mempool_free+0x130/0x130
[  310.900613][T17838]  mempool_alloc+0x64/0x320
[  310.905130][T17838]  ? submit_bio_checks+0x823/0xb20
[  310.910219][T17838]  ? find_next_zero_bit+0xca/0xf0
[  310.915220][T17838]  bio_alloc_bioset+0x138/0x3a0
[  310.920058][T17838]  bio_clone_fast+0x23/0x110
[  310.924639][T17838]  bio_split+0x80/0x180
[  310.928821][T17838]  __blk_queue_split+0xabb/0xc80
[  310.933738][T17838]  blk_mq_submit_bio+0xce/0x1000
[  310.938721][T17838]  submit_bio_noacct+0x75d/0x910
[  310.943636][T17838]  ? prandom_u32_state+0x9/0x80
[  310.948546][T17838]  submit_bio+0x1f3/0x350
[  310.952863][T17838]  ? iov_iter_npages+0x160/0x5e0
[  310.957851][T17838]  blkdev_direct_IO+0x4fa/0xf60
[  310.962811][T17838]  ? aio_prep_rw+0x3b0/0x3b0
[  310.967420][T17838]  ? current_time+0xdb/0x190
[  310.972028][T17838]  ? atime_needs_update+0x290/0x370
[  310.977290][T17838]  ? touch_atime+0x10e/0x2d0
[  310.981907][T17838]  generic_file_read_iter+0x2c4/0x3d0
[  310.987273][T17838]  blkdev_read_iter+0xb3/0xc0
[  310.991929][T17838]  aio_read+0x1be/0x280
[  310.996102][T17838]  ? __rcu_read_unlock+0x51/0x250
[  311.001107][T17838]  io_submit_one+0x62d/0x1230
[  311.005894][T17838]  ? asm_exc_page_fault+0x1e/0x30
[  311.010943][T17838]  __se_sys_io_submit+0xf5/0x270
[  311.015877][T17838]  ? ksys_write+0x157/0x180
[  311.020359][T17838]  ? fpregs_assert_state_consistent+0x7d/0x90
[  311.026416][T17838]  __x64_sys_io_submit+0x3f/0x50
[  311.031365][T17838]  do_syscall_64+0x39/0x80
[  311.035791][T17838]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  311.041662][T17838] RIP: 0033:0x45e149
[  311.045532][T17838] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  311.065119][T17838] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  311.073506][T17838] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  311.081455][T17838] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  311.089401][T17838] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
16:56:35 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xef, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  311.097362][T17838] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002a
[  311.105322][T17838] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:35 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x100000}])

16:56:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:35 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffffef}])

16:56:35 executing program 4 (fault-call:2 fault-nth:43):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  311.195136][T17848] loop5: detected capacity change from 264192 to 0
16:56:35 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x200000}])

16:56:35 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x124, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  311.296009][T17848] loop5: detected capacity change from 264192 to 0
[  311.327327][T17858] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  311.329797][T17864] FAULT_INJECTION: forcing a failure.
[  311.329797][T17864] name failslab, interval 1, probability 0, space 0, times 0
[  311.372072][T17864] CPU: 1 PID: 17864 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  311.380510][T17864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  311.390775][T17864] Call Trace:
[  311.394686][T17864]  dump_stack+0x116/0x15d
[  311.399092][T17864]  should_fail+0x231/0x240
[  311.403511][T17864]  ? mempool_alloc_slab+0x16/0x20
[  311.409437][T17864]  __should_failslab+0x81/0x90
[  311.414252][T17864]  should_failslab+0x5/0x20
[  311.418764][T17864]  kmem_cache_alloc+0x36/0x2e0
[  311.423550][T17864]  ? mempool_alloc_slab+0x16/0x20
[  311.428582][T17864]  mempool_alloc_slab+0x16/0x20
[  311.433421][T17864]  ? mempool_free+0x130/0x130
[  311.438205][T17864]  mempool_alloc+0x64/0x320
[  311.442808][T17864]  ? submit_bio_checks+0x823/0xb20
[  311.447938][T17864]  ? find_next_zero_bit+0xca/0xf0
[  311.452975][T17864]  bio_alloc_bioset+0x138/0x3a0
[  311.457831][T17864]  bio_clone_fast+0x23/0x110
[  311.463221][T17864]  bio_split+0x80/0x180
[  311.467386][T17864]  __blk_queue_split+0xabb/0xc80
[  311.472422][T17864]  blk_mq_submit_bio+0xce/0x1000
[  311.477425][T17864]  submit_bio_noacct+0x75d/0x910
[  311.483252][T17864]  ? mempool_alloc+0x71/0x320
[  311.488039][T17864]  ? prandom_u32_state+0x9/0x80
[  311.494037][T17864]  submit_bio+0x1f3/0x350
[  311.498372][T17864]  ? iov_iter_npages+0x160/0x5e0
[  311.503315][T17864]  blkdev_direct_IO+0x4fa/0xf60
[  311.508902][T17864]  ? aio_prep_rw+0x3b0/0x3b0
[  311.513549][T17864]  ? current_time+0xdb/0x190
[  311.518187][T17864]  ? atime_needs_update+0x290/0x370
[  311.523753][T17864]  ? touch_atime+0x10e/0x2d0
[  311.528345][T17864]  generic_file_read_iter+0x2c4/0x3d0
[  311.534043][T17864]  blkdev_read_iter+0xb3/0xc0
[  311.539911][T17864]  aio_read+0x1be/0x280
[  311.544454][T17864]  ? __rcu_read_unlock+0x51/0x250
[  311.550251][T17864]  io_submit_one+0x62d/0x1230
[  311.554931][T17864]  ? asm_exc_page_fault+0x1e/0x30
[  311.561029][T17864]  __se_sys_io_submit+0xf5/0x270
[  311.568365][T17864]  ? ksys_write+0x157/0x180
[  311.572900][T17864]  ? fpregs_assert_state_consistent+0x7d/0x90
[  311.578961][T17864]  __x64_sys_io_submit+0x3f/0x50
[  311.584609][T17864]  do_syscall_64+0x39/0x80
[  311.589098][T17864]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  311.595944][T17864] RIP: 0033:0x45e149
[  311.599896][T17864] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  311.619505][T17864] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  311.627963][T17864] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  311.635910][T17864] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  311.643902][T17864] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  311.651917][T17864] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002b
[  311.659883][T17864] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:36 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10000000000}])

16:56:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:36 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x8, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:36 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x204, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:36 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x810100}])

16:56:36 executing program 4 (fault-call:2 fault-nth:44):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:36 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x1000000000000}])

16:56:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e000000", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  311.787133][T17884] tbf_change: 1 callbacks suppressed
[  311.787143][T17884] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  311.806809][T17884] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  311.826996][T17885] loop5: detected capacity change from 264192 to 0
[  311.890019][T17898] FAULT_INJECTION: forcing a failure.
[  311.890019][T17898] name failslab, interval 1, probability 0, space 0, times 0
[  311.903684][T17898] CPU: 0 PID: 17898 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  311.912108][T17898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  311.916430][T17900] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  311.922148][T17898] Call Trace:
[  311.922157][T17898]  dump_stack+0x116/0x15d
[  311.936774][T17898]  should_fail+0x231/0x240
[  311.941179][T17898]  ? mempool_alloc_slab+0x16/0x20
[  311.946195][T17898]  __should_failslab+0x81/0x90
[  311.950962][T17898]  should_failslab+0x5/0x20
[  311.956313][T17898]  kmem_cache_alloc+0x36/0x2e0
[  311.962837][T17898]  ? mempool_alloc_slab+0x16/0x20
[  311.965102][T17900] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  311.967883][T17898]  mempool_alloc_slab+0x16/0x20
[  311.967905][T17898]  ? mempool_free+0x130/0x130
[  311.967921][T17898]  mempool_alloc+0x64/0x320
[  311.967940][T17898]  ? submit_bio_checks+0x823/0xb20
[  311.996894][T17898]  ? find_next_zero_bit+0xca/0xf0
[  312.002292][T17898]  bio_alloc_bioset+0x138/0x3a0
[  312.007149][T17898]  bio_clone_fast+0x23/0x110
[  312.012451][T17898]  bio_split+0x80/0x180
[  312.017419][T17898]  __blk_queue_split+0xabb/0xc80
[  312.022407][T17898]  blk_mq_submit_bio+0xce/0x1000
[  312.027343][T17898]  submit_bio_noacct+0x75d/0x910
[  312.032271][T17898]  ? mempool_alloc+0x71/0x320
[  312.037637][T17898]  ? prandom_u32_state+0x9/0x80
[  312.042838][T17898]  submit_bio+0x1f3/0x350
[  312.047743][T17898]  ? iov_iter_npages+0x160/0x5e0
[  312.052926][T17898]  blkdev_direct_IO+0x4fa/0xf60
[  312.057821][T17898]  ? aio_prep_rw+0x3b0/0x3b0
[  312.063011][T17898]  ? current_time+0xdb/0x190
[  312.067597][T17898]  ? atime_needs_update+0x290/0x370
[  312.073681][T17898]  ? touch_atime+0x10e/0x2d0
[  312.078262][T17898]  generic_file_read_iter+0x2c4/0x3d0
[  312.083631][T17898]  blkdev_read_iter+0xb3/0xc0
[  312.088308][T17898]  aio_read+0x1be/0x280
[  312.092480][T17898]  ? __rcu_read_unlock+0x51/0x250
[  312.097494][T17898]  io_submit_one+0x62d/0x1230
[  312.102162][T17898]  ? asm_exc_page_fault+0x1e/0x30
[  312.107230][T17898]  __se_sys_io_submit+0xf5/0x270
[  312.112175][T17898]  ? ksys_write+0x157/0x180
[  312.116682][T17898]  ? fpregs_assert_state_consistent+0x7d/0x90
[  312.122833][T17898]  __x64_sys_io_submit+0x3f/0x50
[  312.127769][T17898]  do_syscall_64+0x39/0x80
[  312.132256][T17898]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  312.138649][T17898] RIP: 0033:0x45e149
[  312.142538][T17898] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  312.162130][T17898] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  312.170534][T17898] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  312.178967][T17898] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:56:36 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x300, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  312.187748][T17898] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  312.196539][T17898] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002c
[  312.204568][T17898] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
[  312.220715][T17885] loop5: detected capacity change from 264192 to 0
16:56:36 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000000000000}])

16:56:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e000000", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:36 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x1000000}])

16:56:36 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xd, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:36 executing program 4 (fault-call:2 fault-nth:45):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:37 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000000}])

[  312.386152][T17924] FAULT_INJECTION: forcing a failure.
[  312.386152][T17924] name failslab, interval 1, probability 0, space 0, times 0
[  312.399864][T17925] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  312.413913][T17924] CPU: 0 PID: 17924 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  312.422410][T17924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  312.432476][T17924] Call Trace:
16:56:37 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10000000000000}])

16:56:37 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x402, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  312.435742][T17924]  dump_stack+0x116/0x15d
[  312.440068][T17924]  should_fail+0x231/0x240
[  312.444559][T17924]  ? mempool_alloc_slab+0x16/0x20
[  312.449583][T17924]  __should_failslab+0x81/0x90
[  312.454340][T17924]  should_failslab+0x5/0x20
[  312.458853][T17924]  kmem_cache_alloc+0x36/0x2e0
[  312.463619][T17924]  ? mempool_alloc_slab+0x16/0x20
[  312.468692][T17924]  mempool_alloc_slab+0x16/0x20
[  312.472702][T17925] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  312.473541][T17924]  ? mempool_free+0x130/0x130
[  312.473563][T17924]  mempool_alloc+0x64/0x320
[  312.490818][T17924]  ? submit_bio_checks+0x823/0xb20
[  312.493808][T17928] loop5: detected capacity change from 264192 to 0
[  312.495923][T17924]  ? find_next_zero_bit+0xca/0xf0
[  312.495946][T17924]  bio_alloc_bioset+0x138/0x3a0
[  312.512237][T17924]  bio_clone_fast+0x23/0x110
[  312.516840][T17924]  bio_split+0x80/0x180
[  312.521002][T17924]  __blk_queue_split+0xabb/0xc80
[  312.525938][T17924]  blk_mq_submit_bio+0xce/0x1000
[  312.530934][T17924]  submit_bio_noacct+0x75d/0x910
[  312.535936][T17924]  ? mempool_alloc+0x71/0x320
[  312.540612][T17924]  ? prandom_u32_state+0x9/0x80
[  312.545462][T17924]  submit_bio+0x1f3/0x350
[  312.549822][T17924]  ? iov_iter_npages+0x160/0x5e0
[  312.554798][T17924]  blkdev_direct_IO+0x4fa/0xf60
[  312.559715][T17924]  ? aio_prep_rw+0x3b0/0x3b0
[  312.564333][T17924]  ? current_time+0xdb/0x190
[  312.568984][T17924]  ? atime_needs_update+0x290/0x370
[  312.574179][T17924]  ? touch_atime+0x10e/0x2d0
[  312.578769][T17924]  generic_file_read_iter+0x2c4/0x3d0
[  312.584130][T17924]  blkdev_read_iter+0xb3/0xc0
[  312.588797][T17924]  aio_read+0x1be/0x280
[  312.593002][T17924]  ? __rcu_read_unlock+0x51/0x250
[  312.598099][T17924]  io_submit_one+0x62d/0x1230
[  312.602802][T17924]  ? asm_exc_page_fault+0x1e/0x30
[  312.607825][T17924]  __se_sys_io_submit+0xf5/0x270
[  312.612309][ T9198] Bluetooth: hci5: command 0x0406 tx timeout
[  312.612763][T17924]  ? ksys_write+0x157/0x180
[  312.623214][T17924]  ? fpregs_assert_state_consistent+0x7d/0x90
[  312.629297][T17924]  __x64_sys_io_submit+0x3f/0x50
[  312.634233][T17924]  do_syscall_64+0x39/0x80
[  312.638692][T17924]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  312.644582][T17924] RIP: 0033:0x45e149
[  312.648461][T17924] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  312.668988][T17924] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  312.678514][T17924] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  312.686514][T17924] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  312.695653][T17924] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  312.703623][T17924] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002d
[  312.711745][T17924] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:37 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e000000", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:37 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x20000000000000}])

16:56:37 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2040000}])

16:56:37 executing program 4 (fault-call:2 fault-nth:46):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:37 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x406, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  312.830865][T17928] loop5: detected capacity change from 264192 to 0
[  312.914556][T17956] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:37 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xf, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:37 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x3000000}])

[  312.964543][T17956] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  312.983822][T17959] FAULT_INJECTION: forcing a failure.
[  312.983822][T17959] name failslab, interval 1, probability 0, space 0, times 0
[  312.998705][T17959] CPU: 0 PID: 17959 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  313.007569][T17959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  313.018732][T17959] Call Trace:
[  313.021989][T17959]  dump_stack+0x116/0x15d
[  313.026299][T17959]  should_fail+0x231/0x240
[  313.030691][T17959]  ? mempool_alloc_slab+0x16/0x20
[  313.035694][T17959]  __should_failslab+0x81/0x90
[  313.040432][T17959]  should_failslab+0x5/0x20
[  313.044913][T17959]  kmem_cache_alloc+0x36/0x2e0
[  313.049658][T17959]  ? mempool_alloc_slab+0x16/0x20
[  313.054727][T17959]  mempool_alloc_slab+0x16/0x20
[  313.059620][T17959]  ? mempool_free+0x130/0x130
[  313.064270][T17959]  mempool_alloc+0x64/0x320
[  313.068800][T17959]  ? submit_bio_checks+0x823/0xb20
[  313.073889][T17959]  ? find_next_zero_bit+0xca/0xf0
[  313.078887][T17959]  bio_alloc_bioset+0x138/0x3a0
[  313.083713][T17959]  bio_clone_fast+0x23/0x110
[  313.088280][T17959]  bio_split+0x80/0x180
[  313.092417][T17959]  __blk_queue_split+0xabb/0xc80
[  313.097442][T17959]  blk_mq_submit_bio+0xce/0x1000
[  313.102443][T17959]  submit_bio_noacct+0x75d/0x910
[  313.107442][T17959]  ? prandom_u32_state+0x9/0x80
[  313.112291][T17959]  submit_bio+0x1f3/0x350
[  313.116596][T17959]  ? iov_iter_npages+0x160/0x5e0
[  313.121582][T17959]  blkdev_direct_IO+0x4fa/0xf60
[  313.126411][T17959]  ? aio_prep_rw+0x3b0/0x3b0
[  313.131021][T17959]  ? current_time+0xdb/0x190
[  313.135604][T17959]  ? atime_needs_update+0x290/0x370
[  313.140823][T17959]  ? touch_atime+0x10e/0x2d0
[  313.145410][T17959]  generic_file_read_iter+0x2c4/0x3d0
[  313.150764][T17959]  blkdev_read_iter+0xb3/0xc0
[  313.155416][T17959]  aio_read+0x1be/0x280
[  313.159543][T17959]  ? __rcu_read_unlock+0x51/0x250
[  313.164591][T17959]  io_submit_one+0x62d/0x1230
[  313.169242][T17959]  ? asm_exc_page_fault+0x1e/0x30
[  313.174255][T17959]  __se_sys_io_submit+0xf5/0x270
[  313.179198][T17959]  ? ksys_write+0x157/0x180
[  313.183678][T17959]  ? fpregs_assert_state_consistent+0x7d/0x90
[  313.189766][T17959]  __x64_sys_io_submit+0x3f/0x50
[  313.194684][T17959]  do_syscall_64+0x39/0x80
[  313.199079][T17959]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  313.204975][T17959] RIP: 0033:0x45e149
[  313.208845][T17959] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  313.228516][T17959] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  313.236900][T17959] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  313.244845][T17959] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  313.252792][T17959] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
16:56:37 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x81010000000000}])

[  313.260742][T17959] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002e
[  313.268765][T17959] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:37 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x500, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:38 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x4000000}])

16:56:38 executing program 4 (fault-call:2 fault-nth:47):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  313.345583][T17971] loop5: detected capacity change from 264192 to 0
16:56:38 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x100000000000000}])

[  313.434768][T17979] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  313.451052][T17971] loop5: detected capacity change from 264192 to 0
16:56:38 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x604, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  313.548327][T17991] FAULT_INJECTION: forcing a failure.
[  313.548327][T17991] name failslab, interval 1, probability 0, space 0, times 0
16:56:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  313.590769][T17991] CPU: 0 PID: 17991 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  313.599283][T17991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  313.609337][T17991] Call Trace:
[  313.612612][T17991]  dump_stack+0x116/0x15d
[  313.616939][T17991]  should_fail+0x231/0x240
[  313.621347][T17991]  ? mempool_alloc_slab+0x16/0x20
[  313.626368][T17991]  __should_failslab+0x81/0x90
[  313.631250][T17991]  should_failslab+0x5/0x20
[  313.635822][T17991]  kmem_cache_alloc+0x36/0x2e0
[  313.640580][T17991]  ? mempool_alloc_slab+0x16/0x20
[  313.645702][T17991]  mempool_alloc_slab+0x16/0x20
[  313.650616][T17991]  ? mempool_free+0x130/0x130
[  313.655290][T17991]  mempool_alloc+0x64/0x320
[  313.659846][T17991]  ? submit_bio_checks+0x823/0xb20
[  313.664964][T17991]  ? find_next_zero_bit+0xca/0xf0
[  313.670027][T17991]  bio_alloc_bioset+0x138/0x3a0
[  313.674877][T17991]  bio_clone_fast+0x23/0x110
[  313.679459][T17991]  bio_split+0x80/0x180
[  313.683610][T17991]  __blk_queue_split+0xabb/0xc80
[  313.688570][T17991]  blk_mq_submit_bio+0xce/0x1000
[  313.693515][T17991]  submit_bio_noacct+0x75d/0x910
[  313.698450][T17991]  ? mempool_alloc+0x71/0x320
[  313.703126][T17991]  ? prandom_u32_state+0x9/0x80
[  313.707985][T17991]  submit_bio+0x1f3/0x350
[  313.712321][T17991]  ? iov_iter_npages+0x160/0x5e0
[  313.717282][T17991]  blkdev_direct_IO+0x4fa/0xf60
[  313.722283][T17991]  ? aio_prep_rw+0x3b0/0x3b0
[  313.726871][T17991]  ? current_time+0xdb/0x190
[  313.731461][T17991]  ? atime_needs_update+0x290/0x370
[  313.736659][T17991]  ? touch_atime+0x10e/0x2d0
[  313.741245][T17991]  generic_file_read_iter+0x2c4/0x3d0
[  313.746616][T17991]  blkdev_read_iter+0xb3/0xc0
[  313.751284][T17991]  aio_read+0x1be/0x280
[  313.755431][T17991]  ? __rcu_read_unlock+0x51/0x250
[  313.760481][T17991]  io_submit_one+0x62d/0x1230
[  313.765276][T17991]  ? asm_exc_page_fault+0x1e/0x30
[  313.770282][T17991]  __se_sys_io_submit+0xf5/0x270
[  313.775203][T17991]  ? ksys_write+0x157/0x180
[  313.779689][T17991]  ? fpregs_assert_state_consistent+0x7d/0x90
[  313.785738][T17991]  __x64_sys_io_submit+0x3f/0x50
[  313.790667][T17991]  do_syscall_64+0x39/0x80
[  313.795143][T17991]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  313.801059][T17991] RIP: 0033:0x45e149
[  313.804934][T17991] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  313.824578][T17991] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  313.832973][T17991] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  313.840935][T17991] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  313.849078][T17991] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  313.857050][T17991] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002f
[  313.865002][T17991] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:38 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x200000000000000}])

16:56:38 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x5000000}])

16:56:38 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x10, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  313.913640][T17999] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:38 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x700, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:38 executing program 4 (fault-call:2 fault-nth:48):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:38 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x204000000000000}])

16:56:38 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x6040000}])

[  314.074751][T18015] loop5: detected capacity change from 264192 to 0
[  314.103322][T18017] FAULT_INJECTION: forcing a failure.
[  314.103322][T18017] name failslab, interval 1, probability 0, space 0, times 0
[  314.131227][T18017] CPU: 0 PID: 18017 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  314.139682][T18017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.149779][T18017] Call Trace:
[  314.153849][T18017]  dump_stack+0x116/0x15d
[  314.159347][T18017]  should_fail+0x231/0x240
[  314.163948][T18017]  ? mempool_alloc_slab+0x16/0x20
[  314.169332][T18017]  __should_failslab+0x81/0x90
[  314.174898][T18017]  should_failslab+0x5/0x20
[  314.181641][T18017]  kmem_cache_alloc+0x36/0x2e0
[  314.187311][T18017]  ? mempool_alloc_slab+0x16/0x20
[  314.193078][T18017]  mempool_alloc_slab+0x16/0x20
[  314.199325][T18017]  ? mempool_free+0x130/0x130
[  314.204187][T18017]  mempool_alloc+0x64/0x320
[  314.209392][T18017]  ? submit_bio_checks+0x823/0xb20
[  314.214575][T18017]  ? find_next_zero_bit+0xca/0xf0
[  314.220216][T18017]  bio_alloc_bioset+0x138/0x3a0
[  314.225984][T18017]  bio_clone_fast+0x23/0x110
[  314.232370][T18017]  bio_split+0x80/0x180
[  314.236578][T18017]  __blk_queue_split+0xabb/0xc80
[  314.241930][T18017]  blk_mq_submit_bio+0xce/0x1000
[  314.248560][T18017]  submit_bio_noacct+0x75d/0x910
[  314.253893][T18017]  ? mempool_alloc+0x71/0x320
[  314.259559][T18017]  ? prandom_u32_state+0x9/0x80
[  314.265512][T18017]  submit_bio+0x1f3/0x350
[  314.269964][T18017]  ? iov_iter_npages+0x160/0x5e0
[  314.275524][T18017]  blkdev_direct_IO+0x4fa/0xf60
[  314.280836][T18017]  ? aio_prep_rw+0x3b0/0x3b0
[  314.285448][T18017]  ? current_time+0xdb/0x190
[  314.290118][T18017]  ? atime_needs_update+0x290/0x370
[  314.295320][T18017]  ? touch_atime+0x10e/0x2d0
[  314.300273][T18017]  generic_file_read_iter+0x2c4/0x3d0
[  314.305638][T18017]  blkdev_read_iter+0xb3/0xc0
[  314.310297][T18017]  aio_read+0x1be/0x280
[  314.314502][T18017]  ? __rcu_read_unlock+0x51/0x250
[  314.319506][T18017]  io_submit_one+0x62d/0x1230
[  314.324160][T18017]  ? asm_exc_page_fault+0x1e/0x30
[  314.329249][T18017]  __se_sys_io_submit+0xf5/0x270
[  314.334182][T18017]  ? ksys_write+0x157/0x180
[  314.338665][T18017]  ? fpregs_assert_state_consistent+0x7d/0x90
[  314.344798][T18017]  __x64_sys_io_submit+0x3f/0x50
[  314.349730][T18017]  do_syscall_64+0x39/0x80
[  314.354130][T18017]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  314.360036][T18017] RIP: 0033:0x45e149
16:56:39 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xd00, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:39 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x300000000000000}])

[  314.363908][T18017] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  314.383492][T18017] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  314.391894][T18017] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  314.399845][T18017] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  314.407810][T18017] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  314.415760][T18017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000030
[  314.423709][T18017] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:39 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7000000}])

16:56:39 executing program 4 (fault-call:2 fault-nth:49):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:39 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x8a, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  314.524531][T18034] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  314.579071][T18034] validate_nla: 2 callbacks suppressed
[  314.579084][T18034] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  314.602857][T18043] FAULT_INJECTION: forcing a failure.
[  314.602857][T18043] name failslab, interval 1, probability 0, space 0, times 0
[  314.615634][T18044] loop5: detected capacity change from 264192 to 0
16:56:39 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8000000}])

[  314.625809][T18043] CPU: 0 PID: 18043 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  314.634227][T18043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.644281][T18043] Call Trace:
[  314.647556][T18043]  dump_stack+0x116/0x15d
[  314.651928][T18043]  should_fail+0x231/0x240
[  314.656333][T18043]  ? mempool_alloc_slab+0x16/0x20
[  314.661344][T18043]  __should_failslab+0x81/0x90
[  314.666119][T18043]  should_failslab+0x5/0x20
[  314.670603][T18043]  kmem_cache_alloc+0x36/0x2e0
[  314.675384][T18043]  ? mempool_alloc_slab+0x16/0x20
[  314.680476][T18043]  mempool_alloc_slab+0x16/0x20
[  314.685305][T18043]  ? mempool_free+0x130/0x130
[  314.689980][T18043]  mempool_alloc+0x64/0x320
[  314.694460][T18043]  ? submit_bio_checks+0x823/0xb20
[  314.699564][T18043]  ? find_next_zero_bit+0xca/0xf0
[  314.704589][T18043]  bio_alloc_bioset+0x138/0x3a0
[  314.709448][T18043]  bio_clone_fast+0x23/0x110
[  314.714238][T18043]  bio_split+0x80/0x180
[  314.718372][T18043]  __blk_queue_split+0xabb/0xc80
[  314.723293][T18043]  blk_mq_submit_bio+0xce/0x1000
[  314.728258][T18043]  submit_bio_noacct+0x75d/0x910
[  314.733176][T18043]  ? mempool_alloc+0x71/0x320
[  314.737879][T18043]  ? prandom_u32_state+0x9/0x80
[  314.742761][T18043]  submit_bio+0x1f3/0x350
[  314.747071][T18043]  ? iov_iter_npages+0x160/0x5e0
[  314.752040][T18043]  blkdev_direct_IO+0x4fa/0xf60
[  314.756874][T18043]  ? aio_prep_rw+0x3b0/0x3b0
[  314.761442][T18043]  ? current_time+0xdb/0x190
[  314.766013][T18043]  ? atime_needs_update+0x290/0x370
[  314.771187][T18043]  ? touch_atime+0x10e/0x2d0
[  314.775755][T18043]  generic_file_read_iter+0x2c4/0x3d0
[  314.781160][T18043]  blkdev_read_iter+0xb3/0xc0
[  314.785869][T18043]  aio_read+0x1be/0x280
[  314.790074][T18043]  ? __rcu_read_unlock+0x51/0x250
[  314.795130][T18043]  io_submit_one+0x62d/0x1230
[  314.799791][T18043]  ? asm_exc_page_fault+0x1e/0x30
[  314.804828][T18043]  __se_sys_io_submit+0xf5/0x270
[  314.809759][T18043]  ? ksys_write+0x157/0x180
[  314.814321][T18043]  ? fpregs_assert_state_consistent+0x7d/0x90
[  314.820444][T18043]  __x64_sys_io_submit+0x3f/0x50
[  314.825421][T18043]  do_syscall_64+0x39/0x80
[  314.829828][T18043]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  314.835766][T18043] RIP: 0033:0x45e149
[  314.839638][T18043] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  314.859353][T18043] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  314.867739][T18043] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:39 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x400000000000000}])

16:56:39 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xf00, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  314.875686][T18043] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  314.883636][T18043] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  314.891584][T18043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000031
[  314.899568][T18043] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:39 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:39 executing program 4 (fault-call:2 fault-nth:50):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  314.972881][T18044] loop5: detected capacity change from 264192 to 0
16:56:39 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xef, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  315.104849][T18063] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  315.117110][T18064] FAULT_INJECTION: forcing a failure.
[  315.117110][T18064] name failslab, interval 1, probability 0, space 0, times 0
[  315.134834][T18063] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  315.136101][T18064] CPU: 1 PID: 18064 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  315.151354][T18064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  315.162334][T18064] Call Trace:
[  315.166323][T18064]  dump_stack+0x116/0x15d
[  315.170757][T18064]  should_fail+0x231/0x240
[  315.175150][T18064]  ? mempool_alloc_slab+0x16/0x20
[  315.180272][T18064]  __should_failslab+0x81/0x90
[  315.185140][T18064]  should_failslab+0x5/0x20
[  315.189670][T18064]  kmem_cache_alloc+0x36/0x2e0
[  315.194431][T18064]  ? mempool_alloc_slab+0x16/0x20
[  315.199569][T18064]  mempool_alloc_slab+0x16/0x20
[  315.204417][T18064]  ? mempool_free+0x130/0x130
[  315.209079][T18064]  mempool_alloc+0x64/0x320
[  315.213572][T18064]  ? submit_bio_checks+0x823/0xb20
[  315.218710][T18064]  ? find_next_zero_bit+0xca/0xf0
[  315.223709][T18064]  bio_alloc_bioset+0x138/0x3a0
[  315.228550][T18064]  bio_clone_fast+0x23/0x110
[  315.233125][T18064]  bio_split+0x80/0x180
[  315.237298][T18064]  __blk_queue_split+0xabb/0xc80
[  315.242218][T18064]  blk_mq_submit_bio+0xce/0x1000
[  315.247222][T18064]  submit_bio_noacct+0x75d/0x910
[  315.252139][T18064]  ? mempool_alloc+0x71/0x320
[  315.256806][T18064]  ? prandom_u32_state+0x9/0x80
[  315.261636][T18064]  submit_bio+0x1f3/0x350
[  315.265971][T18064]  ? iov_iter_npages+0x160/0x5e0
[  315.270927][T18064]  blkdev_direct_IO+0x4fa/0xf60
[  315.275823][T18064]  ? aio_prep_rw+0x3b0/0x3b0
[  315.280387][T18064]  ? current_time+0xdb/0x190
[  315.285033][T18064]  ? atime_needs_update+0x290/0x370
[  315.290251][T18064]  ? touch_atime+0x10e/0x2d0
[  315.294814][T18064]  generic_file_read_iter+0x2c4/0x3d0
[  315.300276][T18064]  blkdev_read_iter+0xb3/0xc0
[  315.304993][T18064]  aio_read+0x1be/0x280
[  315.309139][T18064]  ? __rcu_read_unlock+0x51/0x250
[  315.314178][T18064]  io_submit_one+0x62d/0x1230
[  315.318826][T18064]  ? asm_exc_page_fault+0x1e/0x30
[  315.323837][T18064]  __se_sys_io_submit+0xf5/0x270
[  315.328916][T18064]  ? ksys_write+0x157/0x180
[  315.333400][T18064]  ? fpregs_assert_state_consistent+0x7d/0x90
[  315.339466][T18064]  __x64_sys_io_submit+0x3f/0x50
[  315.344425][T18064]  do_syscall_64+0x39/0x80
[  315.348818][T18064]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  315.354688][T18064] RIP: 0033:0x45e149
[  315.358559][T18064] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  315.378197][T18064] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  315.386608][T18064] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  315.394557][T18064] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  315.402513][T18064] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  315.410460][T18064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032
[  315.418414][T18064] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:40 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x500000000000000}])

16:56:40 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd000000}])

16:56:40 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x2000, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:40 executing program 4 (fault-call:2 fault-nth:51):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  315.518824][T18072] loop5: detected capacity change from 264192 to 0
[  315.591627][T18084] FAULT_INJECTION: forcing a failure.
[  315.591627][T18084] name failslab, interval 1, probability 0, space 0, times 0
[  315.598540][T18085] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  315.613682][T18084] CPU: 0 PID: 18084 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  315.623105][T18084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  315.633951][T18084] Call Trace:
[  315.637244][T18084]  dump_stack+0x116/0x15d
[  315.642086][T18084]  should_fail+0x231/0x240
[  315.646601][T18084]  ? mempool_alloc_slab+0x16/0x20
[  315.651871][T18084]  __should_failslab+0x81/0x90
[  315.657213][T18084]  should_failslab+0x5/0x20
[  315.661737][T18084]  kmem_cache_alloc+0x36/0x2e0
[  315.667132][T18084]  ? mempool_alloc_slab+0x16/0x20
[  315.672279][T18084]  mempool_alloc_slab+0x16/0x20
[  315.677999][T18084]  ? mempool_free+0x130/0x130
[  315.683519][T18084]  mempool_alloc+0x64/0x320
[  315.689014][T18084]  ? submit_bio_checks+0x823/0xb20
[  315.694597][T18084]  ? find_next_zero_bit+0xca/0xf0
[  315.699870][T18084]  bio_alloc_bioset+0x138/0x3a0
[  315.705288][T18084]  bio_clone_fast+0x23/0x110
[  315.710589][T18084]  bio_split+0x80/0x180
[  315.714855][T18084]  __blk_queue_split+0xabb/0xc80
[  315.720023][T18084]  blk_mq_submit_bio+0xce/0x1000
[  315.725569][T18084]  submit_bio_noacct+0x75d/0x910
[  315.732292][T18084]  ? prandom_u32_state+0x9/0x80
[  315.738111][T18084]  submit_bio+0x1f3/0x350
[  315.742547][T18084]  ? iov_iter_npages+0x160/0x5e0
[  315.747886][T18084]  blkdev_direct_IO+0x4fa/0xf60
[  315.755259][T18084]  ? aio_prep_rw+0x3b0/0x3b0
[  315.761047][T18084]  ? current_time+0xdb/0x190
[  315.765644][T18084]  ? atime_needs_update+0x290/0x370
[  315.767930][T18085] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  315.770841][T18084]  ? touch_atime+0x10e/0x2d0
[  315.784245][T18084]  generic_file_read_iter+0x2c4/0x3d0
[  315.789623][T18084]  blkdev_read_iter+0xb3/0xc0
[  315.795135][T18084]  aio_read+0x1be/0x280
[  315.799704][T18084]  ? __rcu_read_unlock+0x51/0x250
[  315.804761][T18084]  io_submit_one+0x62d/0x1230
[  315.809440][T18084]  ? asm_exc_page_fault+0x1e/0x30
[  315.814513][T18084]  __se_sys_io_submit+0xf5/0x270
[  315.819509][T18084]  ? ksys_write+0x157/0x180
[  315.824017][T18084]  ? fpregs_assert_state_consistent+0x7d/0x90
[  315.830078][T18084]  __x64_sys_io_submit+0x3f/0x50
[  315.835049][T18084]  do_syscall_64+0x39/0x80
[  315.839465][T18084]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  315.845377][T18084] RIP: 0033:0x45e149
[  315.849247][T18084] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  315.868842][T18084] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  315.877231][T18084] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  315.885196][T18084] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:56:40 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf000000}])

16:56:40 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x604000000000000}])

16:56:40 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x2401, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  315.893145][T18084] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  315.901093][T18084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000033
[  315.909041][T18084] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:40 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x204, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:40 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xb9010000}])

16:56:40 executing program 4 (fault-call:2 fault-nth:52):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  316.067644][T18102] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  316.091610][T18102] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  316.102006][T18103] loop5: detected capacity change from 264192 to 0
16:56:40 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x700000000000000}])

16:56:40 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xefff, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  316.123013][T18108] FAULT_INJECTION: forcing a failure.
[  316.123013][T18108] name failslab, interval 1, probability 0, space 0, times 0
[  316.144822][T18108] CPU: 1 PID: 18108 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  316.153240][T18108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  316.163313][T18108] Call Trace:
[  316.166649][T18108]  dump_stack+0x116/0x15d
[  316.170981][T18108]  should_fail+0x231/0x240
[  316.175402][T18108]  ? mempool_alloc_slab+0x16/0x20
[  316.180417][T18108]  __should_failslab+0x81/0x90
[  316.185183][T18108]  should_failslab+0x5/0x20
[  316.189727][T18108]  kmem_cache_alloc+0x36/0x2e0
[  316.194559][T18108]  mempool_alloc_slab+0x16/0x20
[  316.199430][T18108]  ? mempool_free+0x130/0x130
[  316.204082][T18108]  mempool_alloc+0x64/0x320
[  316.208607][T18108]  ? preempt_schedule+0x54/0x80
[  316.213447][T18108]  bio_alloc_bioset+0x138/0x3a0
[  316.218279][T18108]  ? __blk_mq_delay_run_hw_queue+0x1c5/0x330
[  316.224250][T18108]  bio_clone_fast+0x23/0x110
[  316.228866][T18108]  bio_split+0x80/0x180
[  316.233002][T18108]  __blk_queue_split+0xabb/0xc80
[  316.237978][T18108]  blk_mq_submit_bio+0xce/0x1000
[  316.242895][T18108]  submit_bio_noacct+0x75d/0x910
[  316.247855][T18108]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  316.253377][T18108]  ? prandom_u32_state+0x9/0x80
[  316.258268][T18108]  submit_bio+0x1f3/0x350
[  316.262705][T18108]  ? iov_iter_npages+0x160/0x5e0
[  316.267624][T18108]  blkdev_direct_IO+0x4fa/0xf60
[  316.272642][T18108]  ? aio_prep_rw+0x3b0/0x3b0
[  316.277251][T18108]  ? current_time+0xdb/0x190
[  316.281862][T18108]  ? atime_needs_update+0x290/0x370
[  316.287068][T18108]  ? touch_atime+0x10e/0x2d0
[  316.291657][T18108]  generic_file_read_iter+0x2c4/0x3d0
[  316.297058][T18108]  blkdev_read_iter+0xb3/0xc0
[  316.301793][T18108]  aio_read+0x1be/0x280
[  316.305930][T18108]  ? __rcu_read_unlock+0x51/0x250
[  316.310953][T18108]  io_submit_one+0x62d/0x1230
[  316.315621][T18108]  ? asm_exc_page_fault+0x1e/0x30
[  316.320707][T18108]  __se_sys_io_submit+0xf5/0x270
[  316.325774][T18108]  ? ksys_write+0x157/0x180
[  316.330273][T18108]  ? fpregs_assert_state_consistent+0x7d/0x90
[  316.336356][T18108]  __x64_sys_io_submit+0x3f/0x50
[  316.341287][T18108]  do_syscall_64+0x39/0x80
[  316.345684][T18108]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  316.351564][T18108] RIP: 0033:0x45e149
[  316.355435][T18108] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  316.375072][T18108] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  316.383463][T18108] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  316.391413][T18108] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  316.399451][T18108] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  316.407407][T18108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000034
[  316.415358][T18108] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:41 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefffffff}])

16:56:41 executing program 4 (fault-call:2 fault-nth:53):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  316.522500][T18103] loop5: detected capacity change from 264192 to 0
16:56:41 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x800000000000000}])

[  316.661817][T18126] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:41 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xffef, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:41 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x300, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  316.717944][T18127] FAULT_INJECTION: forcing a failure.
[  316.717944][T18127] name failslab, interval 1, probability 0, space 0, times 0
[  316.730705][T18127] CPU: 1 PID: 18127 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  316.739166][T18127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  316.749215][T18127] Call Trace:
[  316.752491][T18127]  dump_stack+0x116/0x15d
[  316.756870][T18127]  should_fail+0x231/0x240
[  316.761265][T18127]  ? mempool_alloc_slab+0x16/0x20
[  316.766321][T18127]  __should_failslab+0x81/0x90
[  316.771066][T18127]  should_failslab+0x5/0x20
[  316.775550][T18127]  kmem_cache_alloc+0x36/0x2e0
[  316.780304][T18127]  ? mempool_alloc_slab+0x16/0x20
[  316.785439][T18127]  mempool_alloc_slab+0x16/0x20
[  316.790272][T18127]  ? mempool_free+0x130/0x130
[  316.794925][T18127]  mempool_alloc+0x64/0x320
[  316.799422][T18127]  ? submit_bio_checks+0x823/0xb20
[  316.804511][T18127]  ? find_next_zero_bit+0xca/0xf0
[  316.809525][T18127]  bio_alloc_bioset+0x138/0x3a0
[  316.814363][T18127]  bio_clone_fast+0x23/0x110
[  316.818934][T18127]  bio_split+0x80/0x180
[  316.823095][T18127]  __blk_queue_split+0xabb/0xc80
[  316.828051][T18127]  blk_mq_submit_bio+0xce/0x1000
[  316.832969][T18127]  submit_bio_noacct+0x75d/0x910
[  316.837887][T18127]  ? mempool_alloc+0x71/0x320
[  316.842542][T18127]  ? prandom_u32_state+0x9/0x80
[  316.847369][T18127]  submit_bio+0x1f3/0x350
[  316.851670][T18127]  ? iov_iter_npages+0x160/0x5e0
[  316.856605][T18127]  blkdev_direct_IO+0x4fa/0xf60
[  316.861451][T18127]  ? aio_prep_rw+0x3b0/0x3b0
[  316.866050][T18127]  ? current_time+0xdb/0x190
[  316.870616][T18127]  ? atime_needs_update+0x290/0x370
[  316.875789][T18127]  ? touch_atime+0x10e/0x2d0
[  316.880451][T18127]  generic_file_read_iter+0x2c4/0x3d0
[  316.885946][T18127]  blkdev_read_iter+0xb3/0xc0
[  316.890638][T18127]  aio_read+0x1be/0x280
[  316.894784][T18127]  ? __rcu_read_unlock+0x51/0x250
[  316.899848][T18127]  io_submit_one+0x62d/0x1230
[  316.904507][T18127]  ? asm_exc_page_fault+0x1e/0x30
[  316.909509][T18127]  __se_sys_io_submit+0xf5/0x270
[  316.914547][T18127]  ? ksys_write+0x157/0x180
[  316.919029][T18127]  ? fpregs_assert_state_consistent+0x7d/0x90
[  316.925148][T18127]  __x64_sys_io_submit+0x3f/0x50
[  316.930139][T18127]  do_syscall_64+0x39/0x80
[  316.934532][T18127]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  316.940403][T18127] RIP: 0033:0x45e149
[  316.944270][T18127] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:41 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffefffff}])

[  316.963850][T18127] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  316.972237][T18127] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  316.980186][T18127] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  316.988135][T18127] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  316.996081][T18127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000035
[  317.004088][T18127] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:41 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd00000000000000}])

16:56:41 executing program 4 (fault-call:2 fault-nth:54):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  317.088101][T18140] loop5: detected capacity change from 264192 to 0
[  317.125422][T18144] tbf_change: 1 callbacks suppressed
[  317.125434][T18144] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  317.167707][T18144] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:41 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xffff, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:41 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffefff}])

16:56:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  317.213821][T18140] loop5: detected capacity change from 264192 to 0
16:56:41 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf00000000000000}])

[  317.316355][T18161] FAULT_INJECTION: forcing a failure.
[  317.316355][T18161] name failslab, interval 1, probability 0, space 0, times 0
[  317.324236][T18165] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  317.340707][T18165] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  317.352173][T18161] CPU: 1 PID: 18161 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
16:56:42 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x402, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  317.360665][T18161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.370708][T18161] Call Trace:
[  317.373981][T18161]  dump_stack+0x116/0x15d
[  317.379244][T18161]  should_fail+0x231/0x240
[  317.383692][T18161]  ? mempool_alloc_slab+0x16/0x20
[  317.388708][T18161]  __should_failslab+0x81/0x90
[  317.393472][T18161]  should_failslab+0x5/0x20
[  317.398769][T18161]  kmem_cache_alloc+0x36/0x2e0
[  317.403541][T18161]  ? mempool_alloc_slab+0x16/0x20
[  317.408615][T18161]  mempool_alloc_slab+0x16/0x20
[  317.413703][T18161]  ? mempool_free+0x130/0x130
[  317.418374][T18161]  mempool_alloc+0x64/0x320
[  317.422911][T18161]  ? submit_bio_checks+0x823/0xb20
[  317.430409][T18161]  ? find_next_zero_bit+0xca/0xf0
[  317.436089][T18161]  bio_alloc_bioset+0x138/0x3a0
[  317.441475][T18161]  bio_clone_fast+0x23/0x110
[  317.446935][T18161]  bio_split+0x80/0x180
[  317.451512][T18161]  __blk_queue_split+0xabb/0xc80
[  317.458544][T18161]  blk_mq_submit_bio+0xce/0x1000
[  317.463482][T18161]  submit_bio_noacct+0x75d/0x910
[  317.468414][T18161]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  317.473969][T18161]  ? prandom_u32_state+0x9/0x80
[  317.478798][T18161]  submit_bio+0x1f3/0x350
[  317.483101][T18161]  ? iov_iter_npages+0x160/0x5e0
[  317.488030][T18161]  blkdev_direct_IO+0x4fa/0xf60
[  317.492923][T18161]  ? aio_prep_rw+0x3b0/0x3b0
[  317.497490][T18161]  ? current_time+0xdb/0x190
[  317.502058][T18161]  ? atime_needs_update+0x290/0x370
[  317.507232][T18161]  ? touch_atime+0x10e/0x2d0
[  317.511874][T18161]  generic_file_read_iter+0x2c4/0x3d0
[  317.517225][T18161]  blkdev_read_iter+0xb3/0xc0
[  317.521880][T18161]  aio_read+0x1be/0x280
[  317.526017][T18161]  ? __rcu_read_unlock+0x51/0x250
[  317.531059][T18161]  io_submit_one+0x62d/0x1230
[  317.535721][T18161]  ? asm_exc_page_fault+0x1e/0x30
[  317.540763][T18161]  __se_sys_io_submit+0xf5/0x270
[  317.545758][T18161]  ? ksys_write+0x157/0x180
[  317.550246][T18161]  ? fpregs_assert_state_consistent+0x7d/0x90
[  317.556292][T18161]  __x64_sys_io_submit+0x3f/0x50
[  317.561256][T18161]  do_syscall_64+0x39/0x80
[  317.565724][T18161]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  317.571596][T18161] RIP: 0033:0x45e149
[  317.575469][T18161] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  317.595077][T18161] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  317.603471][T18161] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:42 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x1c49000, 0x1c49000}])

[  317.611533][T18161] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  317.619488][T18161] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  317.627459][T18161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000036
[  317.635406][T18161] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:42 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffffef}])

16:56:42 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:42 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7200000000000000}])

16:56:42 executing program 4 (fault-call:2 fault-nth:55):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  317.730367][T18177] loop5: detected capacity change from 264192 to 0
[  317.771859][T18183] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  317.788980][T18183] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:42 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10000000000}])

16:56:42 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x7ffff000, 0x1c49000}])

16:56:42 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  317.823949][T18177] loop5: detected capacity change from 264192 to 0
16:56:42 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8000000000000000}])

[  317.886057][T18196] FAULT_INJECTION: forcing a failure.
[  317.886057][T18196] name failslab, interval 1, probability 0, space 0, times 0
[  317.900984][T18196] CPU: 1 PID: 18196 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  317.909397][T18196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.919440][T18196] Call Trace:
[  317.922708][T18196]  dump_stack+0x116/0x15d
[  317.928163][T18196]  should_fail+0x231/0x240
[  317.933264][T18196]  ? mempool_alloc_slab+0x16/0x20
[  317.938887][T18196]  __should_failslab+0x81/0x90
[  317.944654][T18196]  should_failslab+0x5/0x20
[  317.949894][T18196]  kmem_cache_alloc+0x36/0x2e0
[  317.954690][T18196]  ? mempool_alloc_slab+0x16/0x20
[  317.959723][T18196]  mempool_alloc_slab+0x16/0x20
[  317.964585][T18196]  ? mempool_free+0x130/0x130
[  317.969270][T18196]  mempool_alloc+0x64/0x320
[  317.973895][T18196]  ? submit_bio_checks+0x823/0xb20
[  317.978982][T18196]  ? find_next_zero_bit+0xca/0xf0
[  317.983983][T18196]  bio_alloc_bioset+0x138/0x3a0
[  317.988818][T18196]  bio_clone_fast+0x23/0x110
[  317.993406][T18196]  bio_split+0x80/0x180
[  317.997544][T18196]  __blk_queue_split+0xabb/0xc80
[  318.002488][T18196]  blk_mq_submit_bio+0xce/0x1000
[  318.007532][T18196]  submit_bio_noacct+0x75d/0x910
[  318.012489][T18196]  ? mempool_alloc+0x71/0x320
[  318.017140][T18196]  ? prandom_u32_state+0x9/0x80
[  318.021971][T18196]  submit_bio+0x1f3/0x350
[  318.026292][T18196]  ? iov_iter_npages+0x160/0x5e0
[  318.031226][T18196]  blkdev_direct_IO+0x4fa/0xf60
[  318.036103][T18196]  ? aio_prep_rw+0x3b0/0x3b0
[  318.040670][T18196]  ? current_time+0xdb/0x190
[  318.045235][T18196]  ? atime_needs_update+0x290/0x370
[  318.050469][T18196]  ? touch_atime+0x10e/0x2d0
[  318.055035][T18196]  generic_file_read_iter+0x2c4/0x3d0
[  318.060437][T18196]  blkdev_read_iter+0xb3/0xc0
[  318.065110][T18196]  aio_read+0x1be/0x280
[  318.069384][T18196]  ? __rcu_read_unlock+0x51/0x250
[  318.074388][T18196]  io_submit_one+0x62d/0x1230
[  318.079043][T18196]  ? asm_exc_page_fault+0x1e/0x30
[  318.084048][T18196]  __se_sys_io_submit+0xf5/0x270
[  318.089021][T18196]  ? ksys_write+0x157/0x180
[  318.093501][T18196]  ? fpregs_assert_state_consistent+0x7d/0x90
[  318.099573][T18196]  __x64_sys_io_submit+0x3f/0x50
[  318.104559][T18196]  do_syscall_64+0x39/0x80
[  318.109048][T18196]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  318.114936][T18196] RIP: 0033:0x45e149
[  318.118808][T18196] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  318.138390][T18196] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  318.146824][T18196] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  318.154770][T18196] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  318.162715][T18196] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  318.170663][T18196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000037
[  318.178611][T18196] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:42 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x406, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:42 executing program 4 (fault-call:2 fault-nth:56):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:42 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x1000000000000}])

[  318.309108][T18203] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:43 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefffffffffffffff}])

16:56:43 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e01000000, 0x1c49000}])

[  318.355263][T18203] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  318.423794][T18214] FAULT_INJECTION: forcing a failure.
[  318.423794][T18214] name failslab, interval 1, probability 0, space 0, times 0
[  318.436346][T18216] loop5: detected capacity change from 264192 to 0
[  318.452002][T18214] CPU: 0 PID: 18214 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  318.460477][T18214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  318.470727][T18214] Call Trace:
[  318.474005][T18214]  dump_stack+0x116/0x15d
[  318.478344][T18214]  should_fail+0x231/0x240
[  318.482756][T18214]  ? mempool_alloc_slab+0x16/0x20
[  318.487850][T18214]  __should_failslab+0x81/0x90
[  318.493078][T18214]  should_failslab+0x5/0x20
[  318.497619][T18214]  kmem_cache_alloc+0x36/0x2e0
[  318.502389][T18214]  ? mempool_alloc_slab+0x16/0x20
[  318.508234][T18214]  mempool_alloc_slab+0x16/0x20
[  318.514534][T18214]  ? mempool_free+0x130/0x130
[  318.519209][T18214]  mempool_alloc+0x64/0x320
[  318.523739][T18214]  ? submit_bio_checks+0x823/0xb20
[  318.528901][T18214]  ? find_next_zero_bit+0xca/0xf0
[  318.533935][T18214]  bio_alloc_bioset+0x138/0x3a0
[  318.540002][T18214]  bio_clone_fast+0x23/0x110
[  318.545284][T18214]  bio_split+0x80/0x180
[  318.549675][T18214]  __blk_queue_split+0xabb/0xc80
[  318.555464][T18214]  blk_mq_submit_bio+0xce/0x1000
[  318.560409][T18214]  submit_bio_noacct+0x75d/0x910
[  318.566414][T18214]  ? mempool_alloc+0x71/0x320
[  318.571508][T18214]  ? prandom_u32_state+0x9/0x80
[  318.576938][T18214]  submit_bio+0x1f3/0x350
[  318.582333][T18214]  ? iov_iter_npages+0x160/0x5e0
[  318.587696][T18214]  blkdev_direct_IO+0x4fa/0xf60
[  318.593689][T18214]  ? aio_prep_rw+0x3b0/0x3b0
[  318.599215][T18214]  ? current_time+0xdb/0x190
[  318.604562][T18214]  ? atime_needs_update+0x290/0x370
[  318.610388][T18214]  ? touch_atime+0x10e/0x2d0
[  318.615515][T18214]  generic_file_read_iter+0x2c4/0x3d0
[  318.622367][T18214]  blkdev_read_iter+0xb3/0xc0
[  318.628127][T18214]  aio_read+0x1be/0x280
[  318.632343][T18214]  ? __rcu_read_unlock+0x51/0x250
[  318.638030][T18214]  io_submit_one+0x62d/0x1230
[  318.642702][T18214]  ? asm_exc_page_fault+0x1e/0x30
[  318.647988][T18214]  __se_sys_io_submit+0xf5/0x270
[  318.654052][T18214]  ? ksys_write+0x157/0x180
[  318.659300][T18214]  ? fpregs_assert_state_consistent+0x7d/0x90
[  318.667013][T18214]  __x64_sys_io_submit+0x3f/0x50
[  318.672841][T18214]  do_syscall_64+0x39/0x80
[  318.677844][T18214]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  318.684786][T18214] RIP: 0033:0x45e149
[  318.689133][T18214] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  318.710945][T18214] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:43 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  318.719355][T18214] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  318.727391][T18214] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  318.735350][T18214] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  318.743295][T18214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000038
[  318.751288][T18214] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:43 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000000000000}])

16:56:43 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000002, 0x1c49000}])

16:56:43 executing program 4 (fault-call:2 fault-nth:57):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:43 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffefffff00000000}])

[  318.856514][T18216] loop5: detected capacity change from 264192 to 0
[  318.880788][T18228] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  318.911969][T18228] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  318.956302][T18237] FAULT_INJECTION: forcing a failure.
[  318.956302][T18237] name failslab, interval 1, probability 0, space 0, times 0
[  318.970567][T18237] CPU: 0 PID: 18237 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  318.978979][T18237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  318.989019][T18237] Call Trace:
[  318.992305][T18237]  dump_stack+0x116/0x15d
[  318.996640][T18237]  should_fail+0x231/0x240
[  319.001049][T18237]  ? mempool_alloc_slab+0x16/0x20
[  319.006073][T18237]  __should_failslab+0x81/0x90
[  319.010825][T18237]  should_failslab+0x5/0x20
[  319.015390][T18237]  kmem_cache_alloc+0x36/0x2e0
[  319.020145][T18237]  ? __perf_event_task_sched_in+0x565/0x590
[  319.026030][T18237]  ? kvm_sched_clock_read+0x15/0x40
[  319.031228][T18237]  mempool_alloc_slab+0x16/0x20
[  319.036106][T18237]  ? mempool_free+0x130/0x130
[  319.040797][T18237]  mempool_alloc+0x64/0x320
[  319.045314][T18237]  ? _raw_spin_unlock_irq+0x22/0x40
[  319.050513][T18237]  ? finish_task_switch+0x90/0x3a0
16:56:43 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x500, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:43 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000003, 0x1c49000}])

[  319.055637][T18237]  ? find_next_zero_bit+0xca/0xf0
[  319.060685][T18237]  bio_alloc_bioset+0x138/0x3a0
[  319.065536][T18237]  bio_clone_fast+0x23/0x110
[  319.070185][T18237]  bio_split+0x80/0x180
[  319.074388][T18237]  __blk_queue_split+0xabb/0xc80
[  319.079321][T18237]  blk_mq_submit_bio+0xce/0x1000
[  319.084237][T18237]  submit_bio_noacct+0x75d/0x910
[  319.089192][T18237]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  319.094766][T18237]  submit_bio+0x1f3/0x350
[  319.099104][T18237]  ? iov_iter_npages+0x160/0x5e0
[  319.104032][T18237]  blkdev_direct_IO+0x4fa/0xf60
[  319.108869][T18237]  ? aio_prep_rw+0x3b0/0x3b0
[  319.113458][T18237]  ? current_time+0xdb/0x190
[  319.118042][T18237]  ? atime_needs_update+0x290/0x370
[  319.123218][T18237]  ? touch_atime+0x10e/0x2d0
[  319.127783][T18237]  generic_file_read_iter+0x2c4/0x3d0
[  319.133130][T18237]  blkdev_read_iter+0xb3/0xc0
[  319.137869][T18237]  aio_read+0x1be/0x280
[  319.142016][T18237]  ? __rcu_read_unlock+0x51/0x250
[  319.147032][T18237]  io_submit_one+0x62d/0x1230
[  319.151752][T18237]  ? asm_exc_page_fault+0x1e/0x30
[  319.156756][T18237]  __se_sys_io_submit+0xf5/0x270
[  319.161670][T18237]  ? ksys_write+0x157/0x180
[  319.166149][T18237]  ? fpregs_assert_state_consistent+0x7d/0x90
[  319.172264][T18237]  __x64_sys_io_submit+0x3f/0x50
[  319.177181][T18237]  do_syscall_64+0x39/0x80
[  319.181575][T18237]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  319.187455][T18237] RIP: 0033:0x45e149
[  319.191408][T18237] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  319.211144][T18237] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  319.219537][T18237] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  319.227508][T18237] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  319.235469][T18237] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  319.243417][T18237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000039
16:56:43 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10000000000000}])

[  319.251372][T18237] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:43 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:43 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffffff00000000}])

16:56:43 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000004, 0x1c49000}])

16:56:44 executing program 4 (fault-call:2 fault-nth:58):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:44 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x20000000000000}])

[  319.335899][T18251] loop5: detected capacity change from 264192 to 0
[  319.365991][T18256] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  319.447309][T18251] loop5: detected capacity change from 264192 to 0
[  319.465862][T18269] FAULT_INJECTION: forcing a failure.
[  319.465862][T18269] name failslab, interval 1, probability 0, space 0, times 0
[  319.481394][T18269] CPU: 1 PID: 18269 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  319.489835][T18269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  319.499940][T18269] Call Trace:
[  319.503209][T18269]  dump_stack+0x116/0x15d
[  319.508030][T18269]  should_fail+0x231/0x240
[  319.512441][T18269]  ? mempool_alloc_slab+0x16/0x20
[  319.517456][T18269]  __should_failslab+0x81/0x90
[  319.522534][T18269]  should_failslab+0x5/0x20
[  319.528109][T18269]  kmem_cache_alloc+0x36/0x2e0
[  319.535455][T18269]  ? mempool_alloc_slab+0x16/0x20
[  319.541143][T18269]  mempool_alloc_slab+0x16/0x20
[  319.546770][T18269]  ? mempool_free+0x130/0x130
[  319.552454][T18269]  mempool_alloc+0x64/0x320
[  319.557898][T18269]  ? submit_bio_checks+0x823/0xb20
[  319.563459][T18269]  ? find_next_zero_bit+0xca/0xf0
[  319.568801][T18269]  bio_alloc_bioset+0x138/0x3a0
[  319.574615][T18269]  bio_clone_fast+0x23/0x110
[  319.580308][T18269]  bio_split+0x80/0x180
[  319.584462][T18269]  __blk_queue_split+0xabb/0xc80
[  319.590995][T18269]  blk_mq_submit_bio+0xce/0x1000
[  319.596798][T18269]  submit_bio_noacct+0x75d/0x910
[  319.602728][T18269]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  319.608357][T18269]  ? prandom_u32_state+0x9/0x80
[  319.615014][T18269]  submit_bio+0x1f3/0x350
[  319.619887][T18269]  ? iov_iter_npages+0x160/0x5e0
[  319.625558][T18269]  blkdev_direct_IO+0x4fa/0xf60
[  319.631295][T18269]  ? aio_prep_rw+0x3b0/0x3b0
[  319.636812][T18269]  ? current_time+0xdb/0x190
[  319.641963][T18269]  ? atime_needs_update+0x290/0x370
[  319.647816][T18269]  ? touch_atime+0x10e/0x2d0
[  319.653446][T18269]  generic_file_read_iter+0x2c4/0x3d0
[  319.660424][T18269]  blkdev_read_iter+0xb3/0xc0
[  319.666030][T18269]  aio_read+0x1be/0x280
[  319.670183][T18269]  ? __rcu_read_unlock+0x51/0x250
[  319.675268][T18269]  io_submit_one+0x62d/0x1230
[  319.679964][T18269]  ? asm_exc_page_fault+0x1e/0x30
[  319.684986][T18269]  __se_sys_io_submit+0xf5/0x270
[  319.689906][T18269]  ? ksys_write+0x157/0x180
[  319.694492][T18269]  ? fpregs_assert_state_consistent+0x7d/0x90
[  319.700536][T18269]  __x64_sys_io_submit+0x3f/0x50
[  319.705500][T18269]  do_syscall_64+0x39/0x80
[  319.709911][T18269]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  319.715788][T18269] RIP: 0033:0x45e149
[  319.719723][T18269] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  319.739359][T18269] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:44 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffffffffffffef}])

16:56:44 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000005, 0x1c49000}])

[  319.747825][T18269] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  319.755796][T18269] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  319.763772][T18269] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  319.771717][T18269] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003a
[  319.779719][T18269] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:44 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x81010000000000}])

16:56:44 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x604, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:44 executing program 4 (fault-call:2 fault-nth:59):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  319.835400][T18274] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  319.857206][T18274] validate_nla: 1 callbacks suppressed
[  319.857217][T18274] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:44 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000007, 0x1c49000}])

16:56:44 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  319.975322][T18286] FAULT_INJECTION: forcing a failure.
[  319.975322][T18286] name failslab, interval 1, probability 0, space 0, times 0
[  319.988817][T18286] CPU: 0 PID: 18286 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  319.997244][T18286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.007289][T18286] Call Trace:
[  320.010561][T18286]  dump_stack+0x116/0x15d
[  320.014887][T18286]  should_fail+0x231/0x240
[  320.019307][T18286]  ? mempool_alloc_slab+0x16/0x20
[  320.024428][T18286]  __should_failslab+0x81/0x90
[  320.029186][T18286]  should_failslab+0x5/0x20
[  320.033752][T18286]  kmem_cache_alloc+0x36/0x2e0
[  320.038630][T18286]  ? mempool_alloc_slab+0x16/0x20
[  320.043666][T18286]  mempool_alloc_slab+0x16/0x20
[  320.048519][T18286]  ? mempool_free+0x130/0x130
[  320.053199][T18286]  mempool_alloc+0x64/0x320
[  320.057703][T18286]  ? submit_bio_checks+0x823/0xb20
[  320.058870][T18291] loop5: detected capacity change from 264192 to 0
[  320.062809][T18286]  ? find_next_zero_bit+0xca/0xf0
[  320.062830][T18286]  bio_alloc_bioset+0x138/0x3a0
[  320.080256][T18286]  bio_clone_fast+0x23/0x110
[  320.084867][T18286]  bio_split+0x80/0x180
[  320.089090][T18286]  __blk_queue_split+0xabb/0xc80
[  320.094115][T18286]  blk_mq_submit_bio+0xce/0x1000
[  320.099118][T18286]  submit_bio_noacct+0x75d/0x910
[  320.104073][T18286]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  320.109622][T18286]  submit_bio+0x1f3/0x350
[  320.113979][T18286]  ? iov_iter_npages+0x160/0x5e0
[  320.119713][T18286]  blkdev_direct_IO+0x4fa/0xf60
[  320.125688][T18286]  ? aio_prep_rw+0x3b0/0x3b0
[  320.130706][T18286]  ? current_time+0xdb/0x190
[  320.135284][T18286]  ? atime_needs_update+0x290/0x370
[  320.140471][T18286]  ? touch_atime+0x10e/0x2d0
[  320.145585][T18286]  generic_file_read_iter+0x2c4/0x3d0
[  320.151535][T18286]  blkdev_read_iter+0xb3/0xc0
[  320.156234][T18286]  aio_read+0x1be/0x280
[  320.160378][T18286]  ? __rcu_read_unlock+0x51/0x250
[  320.165470][T18286]  io_submit_one+0x62d/0x1230
[  320.170140][T18286]  ? asm_exc_page_fault+0x1e/0x30
[  320.175194][T18286]  __se_sys_io_submit+0xf5/0x270
[  320.180334][T18286]  ? ksys_write+0x157/0x180
[  320.184849][T18286]  ? fpregs_assert_state_consistent+0x7d/0x90
[  320.191446][T18286]  __x64_sys_io_submit+0x3f/0x50
[  320.196428][T18286]  do_syscall_64+0x39/0x80
[  320.201676][T18286]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  320.207578][T18286] RIP: 0033:0x45e149
[  320.211527][T18286] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  320.231129][T18286] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  320.240557][T18286] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  320.248533][T18286] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  320.256661][T18286] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  320.265271][T18286] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003b
16:56:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  320.273331][T18286] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:44 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x100000000000000}])

[  320.316521][T18303] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  320.333342][T18303] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2}])

16:56:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:45 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000008, 0x1c49000}])

[  320.386696][T18291] loop5: detected capacity change from 264192 to 0
16:56:45 executing program 4 (fault-call:2 fault-nth:60):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:45 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x700, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  320.501012][T18321] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  320.536275][T18322] FAULT_INJECTION: forcing a failure.
[  320.536275][T18322] name failslab, interval 1, probability 0, space 0, times 0
16:56:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x3}])

[  320.549121][T18322] CPU: 0 PID: 18322 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  320.557537][T18322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.567592][T18322] Call Trace:
[  320.569338][T18321] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  320.570927][T18322]  dump_stack+0x116/0x15d
[  320.570953][T18322]  should_fail+0x231/0x240
[  320.587684][T18322]  ? mempool_alloc_slab+0x16/0x20
[  320.592789][T18322]  __should_failslab+0x81/0x90
16:56:45 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x200000000000000}])

[  320.597572][T18322]  should_failslab+0x5/0x20
[  320.602090][T18322]  kmem_cache_alloc+0x36/0x2e0
[  320.606869][T18322]  ? mempool_alloc_slab+0x16/0x20
[  320.611893][T18322]  mempool_alloc_slab+0x16/0x20
[  320.616817][T18322]  ? mempool_free+0x130/0x130
[  320.621525][T18322]  mempool_alloc+0x64/0x320
[  320.626186][T18322]  ? submit_bio_checks+0x823/0xb20
[  320.631333][T18322]  ? find_next_zero_bit+0xca/0xf0
[  320.636362][T18322]  bio_alloc_bioset+0x138/0x3a0
[  320.641289][T18322]  bio_clone_fast+0x23/0x110
[  320.645876][T18322]  bio_split+0x80/0x180
[  320.650060][T18322]  __blk_queue_split+0xabb/0xc80
[  320.656004][T18322]  blk_mq_submit_bio+0xce/0x1000
[  320.662970][T18322]  submit_bio_noacct+0x75d/0x910
[  320.667901][T18322]  ? mempool_alloc+0x71/0x320
[  320.672574][T18322]  ? prandom_u32_state+0x9/0x80
[  320.677529][T18322]  submit_bio+0x1f3/0x350
[  320.681897][T18322]  ? iov_iter_npages+0x160/0x5e0
[  320.686978][T18322]  blkdev_direct_IO+0x4fa/0xf60
[  320.691888][T18322]  ? aio_prep_rw+0x3b0/0x3b0
[  320.696549][T18322]  ? current_time+0xdb/0x190
[  320.701145][T18322]  ? atime_needs_update+0x290/0x370
[  320.706327][T18322]  ? touch_atime+0x10e/0x2d0
[  320.710921][T18322]  generic_file_read_iter+0x2c4/0x3d0
[  320.716281][T18322]  blkdev_read_iter+0xb3/0xc0
[  320.720942][T18322]  aio_read+0x1be/0x280
[  320.725100][T18322]  ? __rcu_read_unlock+0x51/0x250
[  320.730130][T18322]  io_submit_one+0x62d/0x1230
[  320.734842][T18322]  ? asm_exc_page_fault+0x1e/0x30
[  320.739902][T18322]  __se_sys_io_submit+0xf5/0x270
[  320.744906][T18322]  ? ksys_write+0x157/0x180
[  320.749392][T18322]  ? fpregs_assert_state_consistent+0x7d/0x90
[  320.755440][T18322]  __x64_sys_io_submit+0x3f/0x50
[  320.760366][T18322]  do_syscall_64+0x39/0x80
[  320.764769][T18322]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  320.770648][T18322] RIP: 0033:0x45e149
[  320.774523][T18322] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  320.794112][T18322] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:45 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000000d, 0x1c49000}])

[  320.802572][T18322] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  320.810524][T18322] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  320.818498][T18322] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  320.826449][T18322] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003c
[  320.834402][T18322] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x4}])

[  320.901922][T18326] loop5: detected capacity change from 264192 to 0
16:56:45 executing program 4 (fault-call:2 fault-nth:61):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:45 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x204000000000000}])

16:56:45 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000000f, 0x1c49000}])

[  321.077786][T18326] loop5: detected capacity change from 264192 to 0
[  321.131408][T18352] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  321.155087][T18356] FAULT_INJECTION: forcing a failure.
[  321.155087][T18356] name failslab, interval 1, probability 0, space 0, times 0
[  321.169739][T18352] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:45 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x5}])

[  321.173500][T18356] CPU: 0 PID: 18356 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  321.186618][T18356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  321.196674][T18356] Call Trace:
[  321.199987][T18356]  dump_stack+0x116/0x15d
[  321.204434][T18356]  should_fail+0x231/0x240
[  321.209839][T18356]  ? mempool_alloc_slab+0x16/0x20
[  321.214866][T18356]  __should_failslab+0x81/0x90
[  321.219619][T18356]  should_failslab+0x5/0x20
[  321.224121][T18356]  kmem_cache_alloc+0x36/0x2e0
[  321.228887][T18356]  ? mempool_alloc_slab+0x16/0x20
[  321.233908][T18356]  mempool_alloc_slab+0x16/0x20
[  321.238751][T18356]  ? mempool_free+0x130/0x130
[  321.244921][T18356]  mempool_alloc+0x64/0x320
[  321.249416][T18356]  ? submit_bio_checks+0x823/0xb20
[  321.254518][T18356]  ? find_next_zero_bit+0xca/0xf0
[  321.260075][T18356]  bio_alloc_bioset+0x138/0x3a0
[  321.264939][T18356]  bio_clone_fast+0x23/0x110
[  321.269579][T18356]  bio_split+0x80/0x180
[  321.274653][T18356]  __blk_queue_split+0xabb/0xc80
[  321.280008][T18356]  blk_mq_submit_bio+0xce/0x1000
[  321.284949][T18356]  submit_bio_noacct+0x75d/0x910
[  321.289983][T18356]  ? mempool_alloc+0x71/0x320
[  321.294665][T18356]  ? prandom_u32_state+0x9/0x80
[  321.300359][T18356]  submit_bio+0x1f3/0x350
[  321.305413][T18356]  ? iov_iter_npages+0x160/0x5e0
[  321.311303][T18356]  blkdev_direct_IO+0x4fa/0xf60
[  321.316174][T18356]  ? aio_prep_rw+0x3b0/0x3b0
[  321.320763][T18356]  ? current_time+0xdb/0x190
[  321.325905][T18356]  ? atime_needs_update+0x290/0x370
[  321.331101][T18356]  ? touch_atime+0x10e/0x2d0
[  321.335693][T18356]  ? __sanitizer_cov_trace_switch+0x13/0x100
[  321.342182][T18356]  generic_file_read_iter+0x2c4/0x3d0
[  321.347552][T18356]  blkdev_read_iter+0xb3/0xc0
[  321.352228][T18356]  aio_read+0x1be/0x280
[  321.356371][T18356]  ? __rcu_read_unlock+0x51/0x250
[  321.361401][T18356]  io_submit_one+0x62d/0x1230
[  321.366932][T18356]  ? asm_exc_page_fault+0x1e/0x30
[  321.371961][T18356]  __se_sys_io_submit+0xf5/0x270
[  321.376950][T18356]  ? ksys_write+0x157/0x180
[  321.381481][T18356]  ? fpregs_assert_state_consistent+0x7d/0x90
[  321.387546][T18356]  __x64_sys_io_submit+0x3f/0x50
[  321.392485][T18356]  do_syscall_64+0x39/0x80
[  321.396894][T18356]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  321.402785][T18356] RIP: 0033:0x45e149
[  321.406675][T18356] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:46 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x300000000000000}])

[  321.426669][T18356] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  321.435121][T18356] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  321.443090][T18356] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  321.451344][T18356] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  321.459317][T18356] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003d
[  321.468113][T18356] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:46 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000010, 0x1c49000}])

16:56:46 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xd00, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:46 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x7}])

16:56:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:46 executing program 4 (fault-call:2 fault-nth:62):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:46 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e800000ef, 0x1c49000}])

16:56:46 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x400000000000000}])

16:56:46 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x8}])

[  321.680463][T18383] loop5: detected capacity change from 264192 to 0
[  321.717352][T18387] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:46 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xf00, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  321.777003][T18392] FAULT_INJECTION: forcing a failure.
[  321.777003][T18392] name failslab, interval 1, probability 0, space 0, times 0
16:56:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  321.864055][T18392] CPU: 0 PID: 18392 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  321.872505][T18392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  321.875517][T18405] loop5: detected capacity change from 264192 to 0
[  321.882605][T18392] Call Trace:
[  321.882614][T18392]  dump_stack+0x116/0x15d
[  321.882641][T18392]  should_fail+0x231/0x240
[  321.882658][T18392]  ? mempool_alloc_slab+0x16/0x20
[  321.906136][T18392]  __should_failslab+0x81/0x90
[  321.910901][T18392]  should_failslab+0x5/0x20
[  321.915407][T18392]  kmem_cache_alloc+0x36/0x2e0
[  321.920199][T18392]  ? mempool_alloc_slab+0x16/0x20
[  321.925218][T18392]  mempool_alloc_slab+0x16/0x20
[  321.930123][T18392]  ? mempool_free+0x130/0x130
[  321.934792][T18392]  mempool_alloc+0x64/0x320
[  321.939292][T18392]  ? submit_bio_checks+0x823/0xb20
[  321.944412][T18392]  ? find_next_zero_bit+0xca/0xf0
[  321.949441][T18392]  bio_alloc_bioset+0x138/0x3a0
[  321.954375][T18392]  bio_clone_fast+0x23/0x110
[  321.955297][T18409] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  321.958974][T18392]  bio_split+0x80/0x180
[  321.959002][T18392]  __blk_queue_split+0xabb/0xc80
[  321.977366][T18392]  blk_mq_submit_bio+0xce/0x1000
[  321.985031][T18392]  submit_bio_noacct+0x75d/0x910
[  321.990403][T18392]  ? prandom_u32_state+0x9/0x80
[  321.996039][T18392]  submit_bio+0x1f3/0x350
[  322.000369][T18392]  ? iov_iter_npages+0x160/0x5e0
[  322.005313][T18392]  blkdev_direct_IO+0x4fa/0xf60
[  322.012720][T18392]  ? aio_prep_rw+0x3b0/0x3b0
[  322.018431][T18392]  ? current_time+0xdb/0x190
[  322.023039][T18392]  ? atime_needs_update+0x290/0x370
[  322.029390][T18392]  ? touch_atime+0x10e/0x2d0
[  322.034676][T18392]  generic_file_read_iter+0x2c4/0x3d0
[  322.040276][T18392]  blkdev_read_iter+0xb3/0xc0
[  322.046108][T18392]  aio_read+0x1be/0x280
[  322.050531][T18392]  ? __rcu_read_unlock+0x51/0x250
[  322.056237][T18392]  io_submit_one+0x62d/0x1230
[  322.060976][T18392]  ? asm_exc_page_fault+0x1e/0x30
[  322.066011][T18392]  __se_sys_io_submit+0xf5/0x270
[  322.072143][T18392]  ? ksys_write+0x157/0x180
[  322.076732][T18392]  ? fpregs_assert_state_consistent+0x7d/0x90
[  322.082798][T18392]  __x64_sys_io_submit+0x3f/0x50
[  322.088029][T18392]  do_syscall_64+0x39/0x80
[  322.092451][T18392]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  322.100632][T18392] RIP: 0033:0x45e149
[  322.105269][T18392] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  322.124937][T18392] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  322.133329][T18392] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  322.141335][T18392] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  322.149289][T18392] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  322.157376][T18392] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003e
16:56:46 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x500000000000000}])

[  322.165426][T18392] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:46 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000124, 0x1c49000}])

16:56:46 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xd}])

16:56:46 executing program 4 (fault-call:2 fault-nth:63):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  322.273087][T18405] loop5: detected capacity change from 264192 to 0
[  322.325368][T18422] tbf_change: 2 callbacks suppressed
[  322.325379][T18422] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xf}])

16:56:47 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x604000000000000}])

16:56:47 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x2000, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  322.378026][T18429] FAULT_INJECTION: forcing a failure.
[  322.378026][T18429] name failslab, interval 1, probability 0, space 0, times 0
[  322.411203][T18422] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  322.453876][T18429] CPU: 1 PID: 18429 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  322.462906][T18429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  322.472968][T18429] Call Trace:
[  322.476244][T18429]  dump_stack+0x116/0x15d
[  322.480657][T18429]  should_fail+0x231/0x240
[  322.485065][T18429]  ? mempool_alloc_slab+0x16/0x20
[  322.490084][T18429]  __should_failslab+0x81/0x90
[  322.495522][T18429]  should_failslab+0x5/0x20
[  322.500006][T18429]  kmem_cache_alloc+0x36/0x2e0
[  322.504749][T18429]  ? mempool_alloc_slab+0x16/0x20
[  322.509795][T18429]  mempool_alloc_slab+0x16/0x20
[  322.514623][T18429]  ? mempool_free+0x130/0x130
[  322.519444][T18429]  mempool_alloc+0x64/0x320
[  322.524008][T18429]  ? submit_bio_checks+0x823/0xb20
[  322.529097][T18429]  ? find_next_zero_bit+0xca/0xf0
[  322.534120][T18429]  bio_alloc_bioset+0x138/0x3a0
[  322.538963][T18429]  bio_clone_fast+0x23/0x110
[  322.543532][T18429]  bio_split+0x80/0x180
[  322.547710][T18429]  __blk_queue_split+0xabb/0xc80
[  322.552629][T18429]  blk_mq_submit_bio+0xce/0x1000
[  322.557622][T18429]  submit_bio_noacct+0x75d/0x910
[  322.562536][T18429]  ? mempool_alloc+0x71/0x320
[  322.567286][T18429]  ? prandom_u32_state+0x9/0x80
[  322.572182][T18429]  submit_bio+0x1f3/0x350
[  322.576526][T18429]  ? iov_iter_npages+0x160/0x5e0
[  322.581452][T18429]  blkdev_direct_IO+0x4fa/0xf60
[  322.586288][T18429]  ? aio_prep_rw+0x3b0/0x3b0
[  322.590860][T18429]  ? current_time+0xdb/0x190
[  322.595507][T18429]  ? atime_needs_update+0x290/0x370
[  322.600699][T18429]  ? touch_atime+0x10e/0x2d0
[  322.605268][T18429]  generic_file_read_iter+0x2c4/0x3d0
[  322.610617][T18429]  blkdev_read_iter+0xb3/0xc0
[  322.615335][T18429]  aio_read+0x1be/0x280
[  322.619479][T18429]  ? __rcu_read_unlock+0x51/0x250
[  322.624490][T18429]  io_submit_one+0x62d/0x1230
[  322.629204][T18429]  ? asm_exc_page_fault+0x1e/0x30
[  322.634238][T18429]  __se_sys_io_submit+0xf5/0x270
[  322.639188][T18429]  ? ksys_write+0x157/0x180
[  322.643693][T18429]  ? fpregs_assert_state_consistent+0x7d/0x90
[  322.649787][T18429]  __x64_sys_io_submit+0x3f/0x50
[  322.654742][T18429]  do_syscall_64+0x39/0x80
[  322.659144][T18429]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  322.665049][T18429] RIP: 0033:0x45e149
[  322.668989][T18429] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  322.688571][T18429] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  322.696965][T18429] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:47 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000204, 0x1c49000}])

[  322.704914][T18429] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  322.712873][T18429] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  322.720964][T18429] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003f
[  322.728914][T18429] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:47 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:47 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x700000000000000}])

16:56:47 executing program 4 (fault-call:2 fault-nth:64):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x10}])

[  322.876289][T18447] loop5: detected capacity change from 264192 to 0
[  322.889143][T18445] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  322.929900][T18445] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  322.943532][T18456] FAULT_INJECTION: forcing a failure.
[  322.943532][T18456] name failslab, interval 1, probability 0, space 0, times 0
[  322.956941][T18456] CPU: 0 PID: 18456 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  322.965639][T18456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  322.975809][T18456] Call Trace:
[  322.979956][T18456]  dump_stack+0x116/0x15d
[  322.985527][T18456]  should_fail+0x231/0x240
[  322.990063][T18456]  ? mempool_alloc_slab+0x16/0x20
[  322.997240][T18456]  __should_failslab+0x81/0x90
[  323.002733][T18456]  should_failslab+0x5/0x20
[  323.008292][T18456]  kmem_cache_alloc+0x36/0x2e0
[  323.013081][T18456]  ? mempool_alloc_slab+0x16/0x20
[  323.018945][T18456]  mempool_alloc_slab+0x16/0x20
[  323.023799][T18456]  ? mempool_free+0x130/0x130
[  323.029312][T18456]  mempool_alloc+0x64/0x320
[  323.033854][T18456]  ? submit_bio_checks+0x823/0xb20
[  323.040017][T18456]  ? find_next_zero_bit+0xca/0xf0
[  323.045865][T18456]  bio_alloc_bioset+0x138/0x3a0
[  323.051689][T18456]  bio_clone_fast+0x23/0x110
[  323.057380][T18456]  bio_split+0x80/0x180
[  323.062912][T18456]  __blk_queue_split+0xabb/0xc80
[  323.068728][T18456]  blk_mq_submit_bio+0xce/0x1000
[  323.073670][T18456]  submit_bio_noacct+0x75d/0x910
[  323.078681][T18456]  ? irqentry_exit_cond_resched+0x30/0x40
[  323.084400][T18456]  ? irqentry_exit+0x2a/0x40
[  323.090095][T18456]  ? asm_sysvec_reschedule_ipi+0x12/0x20
[  323.095990][T18456]  submit_bio+0x1f3/0x350
[  323.100750][T18456]  ? iov_iter_npages+0x160/0x5e0
[  323.108019][T18456]  blkdev_direct_IO+0x4fa/0xf60
[  323.112872][T18456]  ? aio_prep_rw+0x3b0/0x3b0
[  323.117451][T18456]  ? current_time+0xdb/0x190
[  323.122035][T18456]  ? atime_needs_update+0x290/0x370
[  323.127214][T18456]  ? touch_atime+0x10e/0x2d0
[  323.131854][T18456]  generic_file_read_iter+0x2c4/0x3d0
[  323.137224][T18456]  blkdev_read_iter+0xb3/0xc0
[  323.141883][T18456]  aio_read+0x1be/0x280
[  323.146083][T18456]  ? __rcu_read_unlock+0x51/0x250
[  323.151088][T18456]  io_submit_one+0x62d/0x1230
[  323.155743][T18456]  ? asm_exc_page_fault+0x1e/0x30
[  323.160749][T18456]  __se_sys_io_submit+0xf5/0x270
[  323.165667][T18456]  ? ksys_write+0x157/0x180
[  323.170221][T18456]  ? fpregs_assert_state_consistent+0x7d/0x90
[  323.176342][T18456]  __x64_sys_io_submit+0x3f/0x50
[  323.181281][T18456]  do_syscall_64+0x39/0x80
[  323.185699][T18456]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  323.191572][T18456] RIP: 0033:0x45e149
[  323.195508][T18456] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  323.215131][T18456] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
16:56:47 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000300, 0x1c49000}])

16:56:47 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x800000000000000}])

16:56:47 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x72}])

[  323.223518][T18456] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  323.231481][T18456] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  323.239483][T18456] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  323.247442][T18456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040
[  323.255526][T18456] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:47 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b00"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:48 executing program 4 (fault-call:2 fault-nth:65):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:48 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x4000, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  323.390049][T18474] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  323.401970][T18474] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:48 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd00000000000000}])

[  323.460446][T18482] FAULT_INJECTION: forcing a failure.
[  323.460446][T18482] name failslab, interval 1, probability 0, space 0, times 0
[  323.479316][T18482] CPU: 1 PID: 18482 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  323.488548][T18482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  323.498602][T18482] Call Trace:
[  323.501874][T18482]  dump_stack+0x116/0x15d
[  323.506943][T18482]  should_fail+0x231/0x240
[  323.511747][T18482]  ? mempool_alloc_slab+0x16/0x20
[  323.517706][T18482]  __should_failslab+0x81/0x90
[  323.522738][T18482]  should_failslab+0x5/0x20
[  323.528607][T18482]  kmem_cache_alloc+0x36/0x2e0
[  323.533489][T18482]  ? mempool_alloc_slab+0x16/0x20
[  323.539495][T18482]  mempool_alloc_slab+0x16/0x20
[  323.544350][T18482]  ? mempool_free+0x130/0x130
[  323.549029][T18482]  mempool_alloc+0x64/0x320
[  323.553525][T18482]  ? submit_bio_checks+0x823/0xb20
[  323.559162][T18482]  ? find_next_zero_bit+0xca/0xf0
[  323.565155][T18482]  bio_alloc_bioset+0x138/0x3a0
[  323.570054][T18482]  bio_clone_fast+0x23/0x110
[  323.574638][T18482]  bio_split+0x80/0x180
[  323.578801][T18482]  __blk_queue_split+0xabb/0xc80
[  323.584912][T18482]  blk_mq_submit_bio+0xce/0x1000
[  323.590794][T18482]  submit_bio_noacct+0x75d/0x910
[  323.596058][T18482]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  323.601910][T18482]  ? prandom_u32_state+0x9/0x80
[  323.606944][T18482]  submit_bio+0x1f3/0x350
[  323.611278][T18482]  ? iov_iter_npages+0x160/0x5e0
[  323.617060][T18482]  blkdev_direct_IO+0x4fa/0xf60
[  323.621952][T18482]  ? aio_prep_rw+0x3b0/0x3b0
[  323.626535][T18482]  ? current_time+0xdb/0x190
[  323.632322][T18482]  ? atime_needs_update+0x290/0x370
[  323.637531][T18482]  ? touch_atime+0x10e/0x2d0
[  323.642120][T18482]  generic_file_read_iter+0x2c4/0x3d0
[  323.647511][T18482]  blkdev_read_iter+0xb3/0xc0
[  323.652192][T18482]  aio_read+0x1be/0x280
[  323.656336][T18482]  ? __rcu_read_unlock+0x51/0x250
[  323.662611][T18482]  io_submit_one+0x62d/0x1230
[  323.667283][T18482]  ? asm_exc_page_fault+0x1e/0x30
[  323.672304][T18482]  __se_sys_io_submit+0xf5/0x270
[  323.677246][T18482]  ? ksys_write+0x157/0x180
[  323.681767][T18482]  ? fpregs_assert_state_consistent+0x7d/0x90
[  323.687827][T18482]  __x64_sys_io_submit+0x3f/0x50
[  323.692834][T18482]  do_syscall_64+0x39/0x80
[  323.697255][T18482]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  323.703146][T18482] RIP: 0033:0x45e149
[  323.707708][T18482] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  323.728335][T18482] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  323.736755][T18482] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  323.745498][T18482] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  323.754318][T18482] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
16:56:48 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000402, 0x1c49000}])

16:56:48 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b00"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  323.762545][T18482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000041
[  323.770843][T18482] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:48 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xef}])

[  323.808112][T18485] loop5: detected capacity change from 264192 to 0
[  323.841447][T18497] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:48 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf00000000000000}])

[  323.856633][T18497] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:48 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000406, 0x1c49000}])

16:56:48 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b00"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:48 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x204}])

[  323.914855][T18485] loop5: detected capacity change from 264192 to 0
16:56:48 executing program 4 (fault-call:2 fault-nth:66):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:48 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8000000000000000}])

16:56:48 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x8a00, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  324.026957][T18518] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:48 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000500, 0x1c49000}])

[  324.085132][T18520] FAULT_INJECTION: forcing a failure.
[  324.085132][T18520] name failslab, interval 1, probability 0, space 0, times 0
[  324.097908][T18520] CPU: 0 PID: 18520 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  324.106321][T18520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  324.116440][T18520] Call Trace:
[  324.119702][T18520]  dump_stack+0x116/0x15d
[  324.124032][T18520]  should_fail+0x231/0x240
[  324.128425][T18520]  ? mempool_alloc_slab+0x16/0x20
[  324.133427][T18520]  __should_failslab+0x81/0x90
[  324.138167][T18520]  should_failslab+0x5/0x20
[  324.142656][T18520]  kmem_cache_alloc+0x36/0x2e0
[  324.147527][T18520]  ? mempool_alloc_slab+0x16/0x20
[  324.152590][T18520]  mempool_alloc_slab+0x16/0x20
[  324.157470][T18520]  ? mempool_free+0x130/0x130
[  324.162145][T18520]  mempool_alloc+0x64/0x320
[  324.166644][T18520]  ? submit_bio_checks+0x823/0xb20
[  324.171772][T18520]  ? find_next_zero_bit+0xca/0xf0
[  324.176796][T18520]  bio_alloc_bioset+0x138/0x3a0
[  324.181634][T18520]  bio_clone_fast+0x23/0x110
[  324.186216][T18520]  bio_split+0x80/0x180
[  324.190362][T18520]  __blk_queue_split+0xabb/0xc80
[  324.195396][T18520]  blk_mq_submit_bio+0xce/0x1000
[  324.200315][T18520]  submit_bio_noacct+0x75d/0x910
[  324.205260][T18520]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  324.210795][T18520]  ? prandom_u32_state+0x9/0x80
[  324.215705][T18520]  submit_bio+0x1f3/0x350
[  324.220030][T18520]  ? iov_iter_npages+0x160/0x5e0
[  324.224948][T18520]  blkdev_direct_IO+0x4fa/0xf60
[  324.229823][T18520]  ? aio_prep_rw+0x3b0/0x3b0
[  324.234415][T18520]  ? current_time+0xdb/0x190
[  324.238984][T18520]  ? atime_needs_update+0x290/0x370
[  324.244213][T18520]  ? touch_atime+0x10e/0x2d0
[  324.248781][T18520]  generic_file_read_iter+0x2c4/0x3d0
[  324.254131][T18520]  blkdev_read_iter+0xb3/0xc0
[  324.258790][T18520]  aio_read+0x1be/0x280
[  324.262925][T18520]  ? __rcu_read_unlock+0x51/0x250
[  324.268031][T18520]  io_submit_one+0x62d/0x1230
[  324.272739][T18520]  ? asm_exc_page_fault+0x1e/0x30
[  324.277764][T18520]  __se_sys_io_submit+0xf5/0x270
[  324.282686][T18520]  ? ksys_write+0x157/0x180
[  324.287189][T18520]  ? fpregs_assert_state_consistent+0x7d/0x90
[  324.293236][T18520]  __x64_sys_io_submit+0x3f/0x50
[  324.298156][T18520]  do_syscall_64+0x39/0x80
[  324.302556][T18520]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  324.308487][T18520] RIP: 0033:0x45e149
[  324.312358][T18520] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  324.332006][T18520] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  324.340396][T18520] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  324.348344][T18520] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  324.356298][T18520] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  324.364333][T18520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000042
[  324.372297][T18520] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:49 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x300}])

16:56:49 executing program 4 (fault-call:2 fault-nth:67):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:49 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e210020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  324.468281][T18533] loop5: detected capacity change from 264192 to 0
16:56:49 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000604, 0x1c49000}])

16:56:49 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xb901000000000000}])

[  324.544069][T18539] FAULT_INJECTION: forcing a failure.
[  324.544069][T18539] name failslab, interval 1, probability 0, space 0, times 0
[  324.568402][T18539] CPU: 1 PID: 18539 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  324.577298][T18539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  324.588320][T18539] Call Trace:
[  324.592572][T18539]  dump_stack+0x116/0x15d
[  324.597059][T18539]  should_fail+0x231/0x240
[  324.602967][T18539]  ? mempool_alloc_slab+0x16/0x20
[  324.609004][T18539]  __should_failslab+0x81/0x90
[  324.614769][T18539]  should_failslab+0x5/0x20
[  324.619282][T18539]  kmem_cache_alloc+0x36/0x2e0
[  324.624925][T18539]  ? mempool_alloc_slab+0x16/0x20
[  324.630435][T18539]  mempool_alloc_slab+0x16/0x20
[  324.635811][T18539]  ? mempool_free+0x130/0x130
[  324.641240][T18539]  mempool_alloc+0x64/0x320
[  324.646978][T18539]  ? submit_bio_checks+0x823/0xb20
[  324.653702][T18539]  ? find_next_zero_bit+0xca/0xf0
[  324.659668][T18539]  bio_alloc_bioset+0x138/0x3a0
[  324.665231][T18539]  ? prandom_u32_state+0x9/0x80
[  324.670635][T18539]  bio_clone_fast+0x23/0x110
[  324.675240][T18539]  bio_split+0x80/0x180
[  324.680572][T18539]  __blk_queue_split+0xabb/0xc80
[  324.686613][T18539]  blk_mq_submit_bio+0xce/0x1000
[  324.691558][T18539]  submit_bio_noacct+0x75d/0x910
[  324.696520][T18539]  ? mempool_alloc+0x71/0x320
[  324.701195][T18539]  ? prandom_u32_state+0x9/0x80
[  324.706119][T18539]  submit_bio+0x1f3/0x350
[  324.710502][T18539]  ? iov_iter_npages+0x160/0x5e0
[  324.715487][T18539]  blkdev_direct_IO+0x4fa/0xf60
[  324.720376][T18539]  ? aio_prep_rw+0x3b0/0x3b0
[  324.724963][T18539]  ? current_time+0xdb/0x190
[  324.729541][T18539]  ? atime_needs_update+0x290/0x370
[  324.734732][T18539]  ? touch_atime+0x10e/0x2d0
[  324.739321][T18539]  generic_file_read_iter+0x2c4/0x3d0
[  324.744772][T18539]  blkdev_read_iter+0xb3/0xc0
[  324.749445][T18539]  aio_read+0x1be/0x280
[  324.753595][T18539]  ? __rcu_read_unlock+0x51/0x250
[  324.758653][T18539]  io_submit_one+0x62d/0x1230
[  324.763416][T18539]  ? asm_exc_page_fault+0x1e/0x30
[  324.768446][T18539]  __se_sys_io_submit+0xf5/0x270
[  324.773449][T18539]  ? ksys_write+0x157/0x180
[  324.778071][T18539]  ? fpregs_assert_state_consistent+0x7d/0x90
[  324.784185][T18539]  __x64_sys_io_submit+0x3f/0x50
[  324.789134][T18539]  do_syscall_64+0x39/0x80
[  324.793546][T18539]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  324.799446][T18539] RIP: 0033:0x45e149
[  324.803323][T18539] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  324.822930][T18539] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  324.831344][T18539] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:49 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x402}])

[  324.839372][T18539] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  324.847377][T18539] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  324.855335][T18539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000043
[  324.863302][T18539] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:49 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xefff, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:49 executing program 4 (fault-call:2 fault-nth:68):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:49 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefffffffffffffff}])

16:56:49 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000700, 0x1c49000}])

[  324.961322][T18557] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  324.976035][T18559] loop5: detected capacity change from 264192 to 0
[  324.986779][T18557] validate_nla: 1 callbacks suppressed
[  324.986791][T18557] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:49 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x406}])

[  325.057715][T18566] FAULT_INJECTION: forcing a failure.
[  325.057715][T18566] name failslab, interval 1, probability 0, space 0, times 0
[  325.088369][T18559] loop5: detected capacity change from 264192 to 0
16:56:49 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e210020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  325.119692][T18566] CPU: 1 PID: 18566 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  325.128145][T18566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  325.138264][T18566] Call Trace:
[  325.141552][T18566]  dump_stack+0x116/0x15d
[  325.145922][T18566]  should_fail+0x231/0x240
[  325.150390][T18566]  ? mempool_alloc_slab+0x16/0x20
[  325.155470][T18566]  __should_failslab+0x81/0x90
[  325.160233][T18566]  should_failslab+0x5/0x20
[  325.164778][T18566]  kmem_cache_alloc+0x36/0x2e0
[  325.169561][T18566]  mempool_alloc_slab+0x16/0x20
[  325.174418][T18566]  ? mempool_free+0x130/0x130
[  325.179141][T18566]  mempool_alloc+0x64/0x320
[  325.183636][T18566]  ? preempt_schedule+0x54/0x80
[  325.188493][T18566]  bio_alloc_bioset+0x138/0x3a0
[  325.193351][T18566]  ? __blk_mq_delay_run_hw_queue+0x1c5/0x330
[  325.199343][T18566]  bio_clone_fast+0x23/0x110
[  325.203925][T18566]  bio_split+0x80/0x180
[  325.208080][T18566]  __blk_queue_split+0xabb/0xc80
[  325.213126][T18566]  blk_mq_submit_bio+0xce/0x1000
[  325.218164][T18566]  submit_bio_noacct+0x75d/0x910
[  325.223080][T18566]  ? mempool_alloc+0x71/0x320
[  325.227755][T18566]  ? prandom_u32_state+0x9/0x80
[  325.232617][T18566]  submit_bio+0x1f3/0x350
[  325.236948][T18566]  ? iov_iter_npages+0x160/0x5e0
[  325.241920][T18566]  blkdev_direct_IO+0x4fa/0xf60
[  325.246862][T18566]  ? aio_prep_rw+0x3b0/0x3b0
[  325.251444][T18566]  ? current_time+0xdb/0x190
[  325.256011][T18566]  ? atime_needs_update+0x290/0x370
[  325.261185][T18566]  ? touch_atime+0x10e/0x2d0
[  325.265788][T18566]  generic_file_read_iter+0x2c4/0x3d0
[  325.271137][T18566]  blkdev_read_iter+0xb3/0xc0
[  325.275810][T18566]  aio_read+0x1be/0x280
[  325.279942][T18566]  ? __rcu_read_unlock+0x51/0x250
[  325.284947][T18566]  io_submit_one+0x62d/0x1230
[  325.289600][T18566]  ? asm_exc_page_fault+0x1e/0x30
[  325.294657][T18566]  __se_sys_io_submit+0xf5/0x270
[  325.299604][T18566]  ? ksys_write+0x157/0x180
[  325.304088][T18566]  ? fpregs_assert_state_consistent+0x7d/0x90
[  325.310131][T18566]  __x64_sys_io_submit+0x3f/0x50
[  325.315114][T18566]  do_syscall_64+0x39/0x80
[  325.319508][T18566]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  325.325461][T18566] RIP: 0033:0x45e149
[  325.329334][T18566] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  325.348929][T18566] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  325.357354][T18566] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  325.365311][T18566] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  325.373346][T18566] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  325.381301][T18566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000044
[  325.389272][T18566] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:50 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xffef, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:50 executing program 4 (fault-call:2 fault-nth:69):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  325.454708][T18582] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:50 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000d00, 0x1c49000}])

16:56:50 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x500}])

16:56:50 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffefffff00000000}])

[  325.517638][T18582] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  325.571295][T18585] FAULT_INJECTION: forcing a failure.
[  325.571295][T18585] name failslab, interval 1, probability 0, space 0, times 0
16:56:50 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e210020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  325.622255][T18592] loop5: detected capacity change from 264192 to 0
[  325.651209][T18585] CPU: 1 PID: 18585 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  325.659642][T18585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  325.669687][T18585] Call Trace:
[  325.672958][T18585]  dump_stack+0x116/0x15d
[  325.677295][T18585]  should_fail+0x231/0x240
[  325.681819][T18585]  ? mempool_alloc_slab+0x16/0x20
[  325.686947][T18585]  __should_failslab+0x81/0x90
[  325.691696][T18585]  should_failslab+0x5/0x20
[  325.697173][T18585]  kmem_cache_alloc+0x36/0x2e0
[  325.703084][T18585]  ? mempool_alloc_slab+0x16/0x20
[  325.708671][T18585]  mempool_alloc_slab+0x16/0x20
[  325.714140][T18585]  ? mempool_free+0x130/0x130
[  325.719733][T18585]  mempool_alloc+0x64/0x320
[  325.724265][T18585]  ? submit_bio_checks+0x823/0xb20
[  325.729378][T18585]  ? find_next_zero_bit+0xca/0xf0
[  325.734880][T18585]  bio_alloc_bioset+0x138/0x3a0
[  325.739743][T18585]  bio_clone_fast+0x23/0x110
[  325.746711][T18585]  bio_split+0x80/0x180
[  325.752106][T18585]  __blk_queue_split+0xabb/0xc80
[  325.757744][T18585]  blk_mq_submit_bio+0xce/0x1000
[  325.763585][T18585]  submit_bio_noacct+0x75d/0x910
[  325.769424][T18585]  ? mempool_alloc+0x71/0x320
[  325.774880][T18585]  ? prandom_u32_state+0x9/0x80
[  325.780796][T18585]  submit_bio+0x1f3/0x350
[  325.785211][T18585]  ? iov_iter_npages+0x160/0x5e0
[  325.790151][T18585]  blkdev_direct_IO+0x4fa/0xf60
[  325.795066][T18585]  ? aio_prep_rw+0x3b0/0x3b0
[  325.799693][T18585]  ? current_time+0xdb/0x190
[  325.804260][T18585]  ? atime_needs_update+0x290/0x370
[  325.809511][T18585]  ? touch_atime+0x10e/0x2d0
[  325.814151][T18585]  generic_file_read_iter+0x2c4/0x3d0
[  325.819523][T18585]  blkdev_read_iter+0xb3/0xc0
[  325.824260][T18585]  aio_read+0x1be/0x280
[  325.828392][T18585]  ? __rcu_read_unlock+0x51/0x250
[  325.833404][T18585]  io_submit_one+0x62d/0x1230
[  325.838059][T18585]  ? asm_exc_page_fault+0x1e/0x30
[  325.843083][T18585]  __se_sys_io_submit+0xf5/0x270
[  325.848053][T18585]  ? ksys_write+0x157/0x180
[  325.852534][T18585]  ? fpregs_assert_state_consistent+0x7d/0x90
[  325.858612][T18585]  __x64_sys_io_submit+0x3f/0x50
[  325.863549][T18585]  do_syscall_64+0x39/0x80
[  325.867963][T18585]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  325.873836][T18585] RIP: 0033:0x45e149
[  325.877723][T18585] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  325.897401][T18585] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  325.905794][T18585] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  325.913743][T18585] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:56:50 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000f00, 0x1c49000}])

[  325.921689][T18585] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  325.929640][T18585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000045
[  325.937596][T18585] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:50 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x604}])

16:56:50 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffffff00000000}])

16:56:50 executing program 4 (fault-call:2 fault-nth:70):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  326.049934][T18592] loop5: detected capacity change from 264192 to 0
[  326.077331][T18605] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:50 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0xffff, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  326.129205][T18605] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:50 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x700}])

16:56:50 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xffffffffffffffef}])

[  326.177997][T18622] FAULT_INJECTION: forcing a failure.
[  326.177997][T18622] name failslab, interval 1, probability 0, space 0, times 0
[  326.208666][T18622] CPU: 0 PID: 18622 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  326.217095][T18622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
16:56:50 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  326.227149][T18622] Call Trace:
[  326.230429][T18622]  dump_stack+0x116/0x15d
[  326.234753][T18622]  should_fail+0x231/0x240
[  326.239159][T18622]  ? mempool_alloc_slab+0x16/0x20
[  326.244234][T18622]  __should_failslab+0x81/0x90
[  326.248975][T18622]  should_failslab+0x5/0x20
[  326.253495][T18622]  kmem_cache_alloc+0x36/0x2e0
[  326.258310][T18622]  ? mempool_alloc_slab+0x16/0x20
[  326.263314][T18622]  mempool_alloc_slab+0x16/0x20
[  326.268192][T18622]  ? mempool_free+0x130/0x130
[  326.272844][T18622]  mempool_alloc+0x64/0x320
[  326.277345][T18622]  ? submit_bio_checks+0x823/0xb20
[  326.282451][T18622]  ? find_next_zero_bit+0xca/0xf0
[  326.287502][T18622]  bio_alloc_bioset+0x138/0x3a0
[  326.292370][T18622]  bio_clone_fast+0x23/0x110
[  326.296946][T18622]  bio_split+0x80/0x180
[  326.301085][T18622]  __blk_queue_split+0xabb/0xc80
[  326.306016][T18622]  blk_mq_submit_bio+0xce/0x1000
[  326.311039][T18622]  submit_bio_noacct+0x75d/0x910
[  326.316077][T18622]  ? prandom_u32_state+0x9/0x80
[  326.320914][T18622]  submit_bio+0x1f3/0x350
[  326.325225][T18622]  ? iov_iter_npages+0x160/0x5e0
[  326.330145][T18622]  blkdev_direct_IO+0x4fa/0xf60
[  326.334988][T18622]  ? aio_prep_rw+0x3b0/0x3b0
[  326.339556][T18622]  ? current_time+0xdb/0x190
[  326.344124][T18622]  ? atime_needs_update+0x290/0x370
[  326.349298][T18622]  ? touch_atime+0x10e/0x2d0
[  326.353905][T18622]  generic_file_read_iter+0x2c4/0x3d0
[  326.359254][T18622]  blkdev_read_iter+0xb3/0xc0
[  326.363955][T18622]  aio_read+0x1be/0x280
[  326.368088][T18622]  ? __rcu_read_unlock+0x51/0x250
[  326.373093][T18622]  io_submit_one+0x62d/0x1230
[  326.377745][T18622]  ? asm_exc_page_fault+0x1e/0x30
[  326.382747][T18622]  __se_sys_io_submit+0xf5/0x270
[  326.387722][T18622]  ? ksys_write+0x157/0x180
[  326.392233][T18622]  ? fpregs_assert_state_consistent+0x7d/0x90
[  326.398370][T18622]  __x64_sys_io_submit+0x3f/0x50
[  326.403294][T18622]  do_syscall_64+0x39/0x80
[  326.407691][T18622]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  326.413642][T18622] RIP: 0033:0x45e149
[  326.417522][T18622] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  326.437109][T18622] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  326.445531][T18622] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  326.453488][T18622] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  326.461451][T18622] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  326.469411][T18622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000046
16:56:51 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80002000, 0x1c49000}])

[  326.477376][T18622] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:51 executing program 4 (fault-call:2 fault-nth:71):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  326.584158][T18633] loop5: detected capacity change from 264192 to 0
16:56:51 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  326.626683][T18637] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  326.639055][T18637] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:51 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xd00}])

16:56:51 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80002401, 0x1c49000}])

[  326.699194][T18633] loop5: detected capacity change from 264192 to 0
16:56:51 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:51 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:51 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xf00}])

[  326.840776][T18647] FAULT_INJECTION: forcing a failure.
[  326.840776][T18647] name failslab, interval 1, probability 0, space 0, times 0
[  326.870601][T18647] CPU: 0 PID: 18647 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  326.879027][T18647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
16:56:51 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2}])

[  326.889074][T18647] Call Trace:
[  326.892341][T18647]  dump_stack+0x116/0x15d
[  326.896672][T18647]  should_fail+0x231/0x240
[  326.901085][T18647]  ? mempool_alloc_slab+0x16/0x20
[  326.906107][T18647]  __should_failslab+0x81/0x90
[  326.910867][T18647]  should_failslab+0x5/0x20
[  326.914414][T18657] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  326.915372][T18647]  kmem_cache_alloc+0x36/0x2e0
[  326.927129][T18647]  ? mempool_alloc_slab+0x16/0x20
[  326.927308][T18657] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  326.932145][T18647]  mempool_alloc_slab+0x16/0x20
[  326.932166][T18647]  ? mempool_free+0x130/0x130
[  326.932184][T18647]  mempool_alloc+0x64/0x320
[  326.932201][T18647]  ? submit_bio_checks+0x823/0xb20
[  326.959412][T18647]  ? find_next_zero_bit+0xca/0xf0
[  326.964431][T18647]  bio_alloc_bioset+0x138/0x3a0
[  326.969499][T18647]  bio_clone_fast+0x23/0x110
[  326.974337][T18647]  bio_split+0x80/0x180
[  326.978535][T18647]  __blk_queue_split+0xabb/0xc80
[  326.984352][T18647]  blk_mq_submit_bio+0xce/0x1000
[  326.991255][T18647]  submit_bio_noacct+0x75d/0x910
[  326.997091][T18647]  ? prandom_u32_state+0x9/0x80
[  327.001940][T18647]  submit_bio+0x1f3/0x350
[  327.006795][T18647]  ? iov_iter_npages+0x160/0x5e0
[  327.012530][T18647]  blkdev_direct_IO+0x4fa/0xf60
[  327.018072][T18647]  ? aio_prep_rw+0x3b0/0x3b0
[  327.022667][T18647]  ? current_time+0xdb/0x190
[  327.028055][T18647]  ? atime_needs_update+0x290/0x370
[  327.033936][T18647]  ? touch_atime+0x10e/0x2d0
[  327.038633][T18647]  generic_file_read_iter+0x2c4/0x3d0
[  327.044672][T18647]  blkdev_read_iter+0xb3/0xc0
[  327.050363][T18647]  aio_read+0x1be/0x280
[  327.055006][T18647]  ? __rcu_read_unlock+0x51/0x250
[  327.060681][T18647]  io_submit_one+0x62d/0x1230
[  327.065672][T18647]  ? asm_exc_page_fault+0x1e/0x30
[  327.071324][T18647]  __se_sys_io_submit+0xf5/0x270
[  327.077337][T18647]  ? ksys_write+0x157/0x180
[  327.081907][T18647]  ? fpregs_assert_state_consistent+0x7d/0x90
[  327.088470][T18647]  __x64_sys_io_submit+0x3f/0x50
[  327.093982][T18647]  do_syscall_64+0x39/0x80
[  327.099568][T18647]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  327.105465][T18647] RIP: 0033:0x45e149
[  327.109335][T18647] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  327.128998][T18647] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  327.137419][T18647] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  327.145366][T18647] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  327.153368][T18647] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  327.161318][T18647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000047
[  327.169344][T18647] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:51 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000efff, 0x1c49000}])

[  327.195637][T18667] loop5: detected capacity change from 264192 to 0
16:56:51 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a020", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:51 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2000}])

16:56:51 executing program 4 (fault-call:2 fault-nth:72):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  327.336363][T18667] loop5: detected capacity change from 264192 to 0
16:56:52 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x3}])

16:56:52 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e8000ffef, 0x1c49000}])

[  327.418978][T18684] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  327.423486][T18685] FAULT_INJECTION: forcing a failure.
[  327.423486][T18685] name failslab, interval 1, probability 0, space 0, times 0
[  327.455317][T18684] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  327.474319][T18685] CPU: 0 PID: 18685 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  327.483234][T18685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  327.493289][T18685] Call Trace:
[  327.496574][T18685]  dump_stack+0x116/0x15d
[  327.500919][T18685]  should_fail+0x231/0x240
[  327.505334][T18685]  ? mempool_alloc_slab+0x16/0x20
[  327.510355][T18685]  __should_failslab+0x81/0x90
[  327.515109][T18685]  should_failslab+0x5/0x20
[  327.519617][T18685]  kmem_cache_alloc+0x36/0x2e0
[  327.524397][T18685]  mempool_alloc_slab+0x16/0x20
[  327.529240][T18685]  ? mempool_free+0x130/0x130
[  327.533907][T18685]  mempool_alloc+0x64/0x320
[  327.538468][T18685]  ? submit_bio_checks+0x823/0xb20
[  327.543585][T18685]  ? irqentry_exit+0x2a/0x40
[  327.548164][T18685]  ? find_next_zero_bit+0xca/0xf0
[  327.553238][T18685]  bio_alloc_bioset+0x138/0x3a0
[  327.558082][T18685]  bio_clone_fast+0x23/0x110
[  327.562663][T18685]  bio_split+0x80/0x180
[  327.566836][T18685]  __blk_queue_split+0xabb/0xc80
[  327.571780][T18685]  blk_mq_submit_bio+0xce/0x1000
[  327.576714][T18685]  submit_bio_noacct+0x75d/0x910
[  327.581640][T18685]  ? mempool_alloc+0x71/0x320
[  327.586311][T18685]  ? prandom_u32_state+0x9/0x80
[  327.591174][T18685]  submit_bio+0x1f3/0x350
[  327.595505][T18685]  ? iov_iter_npages+0x160/0x5e0
[  327.600449][T18685]  blkdev_direct_IO+0x4fa/0xf60
[  327.605484][T18685]  ? aio_prep_rw+0x3b0/0x3b0
[  327.610080][T18685]  ? current_time+0xdb/0x190
[  327.614667][T18685]  ? atime_needs_update+0x290/0x370
[  327.619858][T18685]  ? touch_atime+0x10e/0x2d0
[  327.624446][T18685]  generic_file_read_iter+0x2c4/0x3d0
[  327.629823][T18685]  blkdev_read_iter+0xb3/0xc0
[  327.634513][T18685]  aio_read+0x1be/0x280
[  327.638653][T18685]  ? __rcu_read_unlock+0x51/0x250
[  327.643675][T18685]  io_submit_one+0x62d/0x1230
[  327.648346][T18685]  ? asm_exc_page_fault+0x1e/0x30
[  327.653373][T18685]  __se_sys_io_submit+0xf5/0x270
[  327.658388][T18685]  ? ksys_write+0x157/0x180
[  327.663023][T18685]  ? fpregs_assert_state_consistent+0x7d/0x90
[  327.669082][T18685]  __x64_sys_io_submit+0x3f/0x50
[  327.674028][T18685]  do_syscall_64+0x39/0x80
[  327.678467][T18685]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  327.684361][T18685] RIP: 0033:0x45e149
[  327.688284][T18685] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  327.707886][T18685] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  327.716301][T18685] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
16:56:52 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x2, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:52 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x7200}])

[  327.724254][T18685] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  327.732218][T18685] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  327.740186][T18685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000048
[  327.748140][T18685] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:52 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0xffffffffffffffff, 0x1c49000}])

16:56:52 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:52 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x4}])

16:56:52 executing program 4 (fault-call:2 fault-nth:73):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:52 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xefff}])

[  327.919947][T18708] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  327.941509][T18709] loop5: detected capacity change from 264192 to 0
[  327.999693][T18717] FAULT_INJECTION: forcing a failure.
[  327.999693][T18717] name failslab, interval 1, probability 0, space 0, times 0
[  328.013439][T18717] CPU: 0 PID: 18717 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  328.021849][T18717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  328.031900][T18717] Call Trace:
[  328.035174][T18717]  dump_stack+0x116/0x15d
[  328.040023][T18717]  should_fail+0x231/0x240
[  328.045247][T18717]  ? mempool_alloc_slab+0x16/0x20
[  328.050357][T18717]  __should_failslab+0x81/0x90
[  328.055176][T18717]  should_failslab+0x5/0x20
[  328.060436][T18717]  kmem_cache_alloc+0x36/0x2e0
[  328.065305][T18717]  ? mempool_alloc_slab+0x16/0x20
[  328.070440][T18717]  mempool_alloc_slab+0x16/0x20
[  328.075288][T18717]  ? mempool_free+0x130/0x130
[  328.080958][T18717]  mempool_alloc+0x64/0x320
[  328.085461][T18717]  ? submit_bio_checks+0x823/0xb20
[  328.090570][T18717]  ? find_next_zero_bit+0xca/0xf0
[  328.095695][T18717]  bio_alloc_bioset+0x138/0x3a0
[  328.100545][T18717]  bio_clone_fast+0x23/0x110
[  328.105137][T18717]  bio_split+0x80/0x180
[  328.110587][T18717]  __blk_queue_split+0xabb/0xc80
[  328.116660][T18717]  blk_mq_submit_bio+0xce/0x1000
[  328.122810][T18717]  submit_bio_noacct+0x75d/0x910
[  328.128468][T18717]  ? mempool_alloc+0x71/0x320
[  328.133143][T18717]  ? prandom_u32_state+0x9/0x80
[  328.138106][T18717]  submit_bio+0x1f3/0x350
[  328.142434][T18717]  ? iov_iter_npages+0x160/0x5e0
[  328.148118][T18717]  blkdev_direct_IO+0x4fa/0xf60
[  328.152999][T18717]  ? aio_prep_rw+0x3b0/0x3b0
[  328.158377][T18717]  ? current_time+0xdb/0x190
[  328.162529][T18708] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  328.163004][T18717]  ? atime_needs_update+0x290/0x370
[  328.177189][T18717]  ? touch_atime+0x10e/0x2d0
[  328.181948][T18717]  generic_file_read_iter+0x2c4/0x3d0
[  328.187987][T18717]  blkdev_read_iter+0xb3/0xc0
[  328.192696][T18717]  aio_read+0x1be/0x280
[  328.196849][T18717]  ? __rcu_read_unlock+0x51/0x250
[  328.202625][T18717]  io_submit_one+0x62d/0x1230
[  328.208251][T18717]  ? asm_exc_page_fault+0x1e/0x30
[  328.214576][T18717]  __se_sys_io_submit+0xf5/0x270
[  328.220118][T18717]  ? ksys_write+0x157/0x180
[  328.224927][T18717]  ? fpregs_assert_state_consistent+0x7d/0x90
[  328.231205][T18717]  __x64_sys_io_submit+0x3f/0x50
[  328.237013][T18717]  do_syscall_64+0x39/0x80
[  328.241646][T18717]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  328.247582][T18717] RIP: 0033:0x45e149
[  328.251696][T18717] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  328.272129][T18717] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  328.281147][T18717] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  328.290233][T18717] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:56:52 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49002}])

[  328.298888][T18717] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  328.307804][T18717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000049
[  328.316343][T18717] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:53 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x5}])

16:56:53 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:53 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xffef}])

16:56:53 executing program 4 (fault-call:2 fault-nth:74):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  328.408907][T18709] loop5: detected capacity change from 264192 to 0
[  328.482976][T18733] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  328.494234][T18733] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:53 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x3, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:53 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x7}])

[  328.529455][T18743] FAULT_INJECTION: forcing a failure.
[  328.529455][T18743] name failslab, interval 1, probability 0, space 0, times 0
[  328.545163][T18743] CPU: 0 PID: 18743 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  328.553709][T18743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  328.563785][T18743] Call Trace:
[  328.567055][T18743]  dump_stack+0x116/0x15d
[  328.571432][T18743]  should_fail+0x231/0x240
[  328.575864][T18743]  ? mempool_alloc_slab+0x16/0x20
[  328.580910][T18743]  __should_failslab+0x81/0x90
[  328.585695][T18743]  should_failslab+0x5/0x20
[  328.590198][T18743]  kmem_cache_alloc+0x36/0x2e0
[  328.594974][T18743]  ? mempool_alloc_slab+0x16/0x20
[  328.600009][T18743]  mempool_alloc_slab+0x16/0x20
[  328.604959][T18743]  ? mempool_free+0x130/0x130
[  328.609697][T18743]  mempool_alloc+0x64/0x320
[  328.614192][T18743]  ? submit_bio_checks+0x823/0xb20
[  328.619365][T18743]  ? find_next_zero_bit+0xca/0xf0
[  328.624369][T18743]  bio_alloc_bioset+0x138/0x3a0
[  328.629204][T18743]  bio_clone_fast+0x23/0x110
[  328.633791][T18743]  bio_split+0x80/0x180
[  328.637941][T18743]  __blk_queue_split+0xabb/0xc80
[  328.642875][T18743]  blk_mq_submit_bio+0xce/0x1000
[  328.647795][T18743]  submit_bio_noacct+0x75d/0x910
[  328.652726][T18743]  ? mempool_alloc+0x71/0x320
[  328.657432][T18743]  ? prandom_u32_state+0x9/0x80
[  328.662310][T18743]  submit_bio+0x1f3/0x350
[  328.666644][T18743]  ? iov_iter_npages+0x160/0x5e0
[  328.671561][T18743]  blkdev_direct_IO+0x4fa/0xf60
[  328.676472][T18743]  ? aio_prep_rw+0x3b0/0x3b0
[  328.681037][T18743]  ? current_time+0xdb/0x190
[  328.685606][T18743]  ? atime_needs_update+0x290/0x370
[  328.690782][T18743]  ? touch_atime+0x10e/0x2d0
[  328.695347][T18743]  generic_file_read_iter+0x2c4/0x3d0
[  328.701308][T18743]  blkdev_read_iter+0xb3/0xc0
[  328.706044][T18743]  aio_read+0x1be/0x280
[  328.710186][T18743]  ? __rcu_read_unlock+0x51/0x250
[  328.715244][T18743]  io_submit_one+0x62d/0x1230
[  328.719896][T18743]  ? asm_exc_page_fault+0x1e/0x30
[  328.724954][T18743]  __se_sys_io_submit+0xf5/0x270
[  328.729868][T18743]  ? ksys_write+0x157/0x180
[  328.734392][T18743]  ? fpregs_assert_state_consistent+0x7d/0x90
[  328.740441][T18743]  __x64_sys_io_submit+0x3f/0x50
[  328.745362][T18743]  do_syscall_64+0x39/0x80
[  328.749757][T18743]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  328.755628][T18743] RIP: 0033:0x45e149
[  328.759510][T18743] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:53 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49003}])

[  328.779167][T18743] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  328.787579][T18743] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  328.795604][T18743] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  328.803550][T18743] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  328.811575][T18743] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004a
[  328.819617][T18743] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:53 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:53 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x8}])

16:56:53 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x18100}])

[  328.933833][T18752] loop5: detected capacity change from 264192 to 0
16:56:53 executing program 4 (fault-call:2 fault-nth:75):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:53 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49004}])

[  328.998989][T18756] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  329.029796][T18756] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:53 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xd}])

16:56:53 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x20000}])

[  329.101553][T18752] loop5: detected capacity change from 264192 to 0
16:56:53 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  329.200733][T18777] FAULT_INJECTION: forcing a failure.
[  329.200733][T18777] name failslab, interval 1, probability 0, space 0, times 0
[  329.213428][T18777] CPU: 0 PID: 18777 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  329.221842][T18777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  329.231892][T18777] Call Trace:
[  329.235156][T18777]  dump_stack+0x116/0x15d
[  329.239479][T18777]  should_fail+0x231/0x240
[  329.243884][T18777]  ? mempool_alloc_slab+0x16/0x20
[  329.248971][T18777]  __should_failslab+0x81/0x90
[  329.253721][T18777]  should_failslab+0x5/0x20
[  329.258237][T18777]  kmem_cache_alloc+0x36/0x2e0
[  329.263000][T18777]  ? mempool_alloc_slab+0x16/0x20
[  329.268023][T18777]  mempool_alloc_slab+0x16/0x20
[  329.272887][T18777]  ? mempool_free+0x130/0x130
[  329.277552][T18777]  mempool_alloc+0x64/0x320
[  329.282051][T18777]  ? submit_bio_checks+0x823/0xb20
[  329.287226][T18777]  ? find_next_zero_bit+0xca/0xf0
[  329.292233][T18777]  bio_alloc_bioset+0x138/0x3a0
[  329.297127][T18777]  bio_clone_fast+0x23/0x110
[  329.301702][T18777]  bio_split+0x80/0x180
[  329.305843][T18777]  __blk_queue_split+0xabb/0xc80
[  329.310768][T18777]  blk_mq_submit_bio+0xce/0x1000
[  329.315713][T18777]  submit_bio_noacct+0x75d/0x910
[  329.320720][T18777]  ? mempool_alloc+0x71/0x320
[  329.325393][T18777]  ? prandom_u32_state+0x9/0x80
[  329.330247][T18777]  submit_bio+0x1f3/0x350
[  329.334596][T18777]  ? iov_iter_npages+0x160/0x5e0
[  329.339531][T18777]  blkdev_direct_IO+0x4fa/0xf60
[  329.344368][T18777]  ? aio_prep_rw+0x3b0/0x3b0
[  329.348945][T18777]  ? current_time+0xdb/0x190
[  329.353534][T18777]  ? atime_needs_update+0x290/0x370
[  329.358732][T18777]  ? touch_atime+0x10e/0x2d0
[  329.363304][T18777]  generic_file_read_iter+0x2c4/0x3d0
[  329.368706][T18777]  blkdev_read_iter+0xb3/0xc0
[  329.373366][T18777]  aio_read+0x1be/0x280
[  329.377583][T18777]  ? __rcu_read_unlock+0x51/0x250
[  329.382642][T18777]  io_submit_one+0x62d/0x1230
[  329.387300][T18777]  ? asm_exc_page_fault+0x1e/0x30
[  329.392309][T18777]  __se_sys_io_submit+0xf5/0x270
[  329.397309][T18777]  ? ksys_write+0x157/0x180
[  329.401934][T18777]  ? fpregs_assert_state_consistent+0x7d/0x90
[  329.408000][T18777]  __x64_sys_io_submit+0x3f/0x50
[  329.412932][T18777]  do_syscall_64+0x39/0x80
[  329.417350][T18777]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  329.423248][T18777] RIP: 0033:0x45e149
[  329.427122][T18777] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  329.446738][T18777] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  329.455194][T18777] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  329.463141][T18777] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  329.471254][T18777] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  329.479287][T18777] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004b
[  329.487283][T18777] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:54 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x100000}])

16:56:54 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x4, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:54 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xf}])

16:56:54 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49005}])

[  329.563983][T18781] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  329.585520][T18781] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:54 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:54 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x200000}])

16:56:54 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x10}])

[  329.756932][T18796] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:54 executing program 4 (fault-call:2 fault-nth:76):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:54 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49007}])

16:56:54 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:54 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xef}])

16:56:54 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x810100}])

16:56:54 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49008}])

[  329.915392][T18812] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  329.957198][T18821] loop5: detected capacity change from 264192 to 0
[  330.033507][T18824] FAULT_INJECTION: forcing a failure.
[  330.033507][T18824] name failslab, interval 1, probability 0, space 0, times 0
[  330.046261][T18824] CPU: 0 PID: 18824 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  330.054720][T18824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  330.064751][T18824] Call Trace:
[  330.068017][T18824]  dump_stack+0x116/0x15d
[  330.072323][T18824]  should_fail+0x231/0x240
[  330.076729][T18824]  ? mempool_alloc_slab+0x16/0x20
[  330.081729][T18824]  __should_failslab+0x81/0x90
[  330.086533][T18824]  should_failslab+0x5/0x20
[  330.091014][T18824]  kmem_cache_alloc+0x36/0x2e0
[  330.095757][T18824]  ? mempool_alloc_slab+0x16/0x20
[  330.100779][T18824]  mempool_alloc_slab+0x16/0x20
[  330.105656][T18824]  ? mempool_free+0x130/0x130
[  330.110318][T18824]  mempool_alloc+0x64/0x320
[  330.114825][T18824]  ? submit_bio_checks+0x823/0xb20
[  330.119921][T18824]  ? find_next_zero_bit+0xca/0xf0
[  330.124931][T18824]  bio_alloc_bioset+0x138/0x3a0
[  330.129760][T18824]  bio_clone_fast+0x23/0x110
[  330.134342][T18824]  bio_split+0x80/0x180
[  330.138606][T18824]  __blk_queue_split+0xabb/0xc80
[  330.143563][T18824]  blk_mq_submit_bio+0xce/0x1000
[  330.148550][T18824]  submit_bio_noacct+0x75d/0x910
[  330.153466][T18824]  ? bio_set_pages_dirty+0x6b/0x1e0
[  330.158667][T18824]  submit_bio+0x1f3/0x350
[  330.162975][T18824]  ? iov_iter_npages+0x160/0x5e0
[  330.167892][T18824]  blkdev_direct_IO+0x4fa/0xf60
[  330.172753][T18824]  ? aio_prep_rw+0x3b0/0x3b0
[  330.177318][T18824]  ? current_time+0xdb/0x190
[  330.181931][T18824]  ? atime_needs_update+0x290/0x370
[  330.187104][T18824]  ? touch_atime+0x10e/0x2d0
[  330.191669][T18824]  generic_file_read_iter+0x2c4/0x3d0
[  330.197066][T18824]  blkdev_read_iter+0xb3/0xc0
[  330.201767][T18824]  aio_read+0x1be/0x280
[  330.205899][T18824]  ? prandom_u32_state+0x9/0x80
[  330.210727][T18824]  ? __rcu_read_unlock+0x51/0x250
[  330.215736][T18824]  io_submit_one+0x62d/0x1230
[  330.220386][T18824]  ? asm_exc_page_fault+0x1e/0x30
[  330.225388][T18824]  __se_sys_io_submit+0xf5/0x270
[  330.230303][T18824]  ? ksys_write+0x157/0x180
[  330.234787][T18824]  ? fpregs_assert_state_consistent+0x7d/0x90
[  330.240831][T18824]  __x64_sys_io_submit+0x3f/0x50
[  330.245778][T18824]  do_syscall_64+0x39/0x80
[  330.250217][T18824]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  330.256184][T18824] RIP: 0033:0x45e149
[  330.260053][T18824] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  330.279643][T18824] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  330.288052][T18824] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  330.296038][T18824] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  330.303984][T18824] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  330.311928][T18824] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004c
[  330.319894][T18824] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
[  330.383437][T18821] loop5: detected capacity change from 264192 to 0
16:56:55 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x5, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:55 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x0)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x1b9}])

16:56:55 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x1000000}])

16:56:55 executing program 4 (fault-call:2 fault-nth:77):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:55 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c4900d}])

[  330.583735][T18841] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  330.605741][T18841] validate_nla: 2 callbacks suppressed
[  330.605751][T18841] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:55 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c4900f}])

[  330.672767][T18845] FAULT_INJECTION: forcing a failure.
[  330.672767][T18845] name failslab, interval 1, probability 0, space 0, times 0
[  330.711502][T18845] CPU: 1 PID: 18845 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  330.719935][T18845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  330.729998][T18845] Call Trace:
[  330.733272][T18845]  dump_stack+0x116/0x15d
[  330.737600][T18845]  should_fail+0x231/0x240
[  330.742176][T18845]  ? mempool_alloc_slab+0x16/0x20
[  330.747190][T18845]  __should_failslab+0x81/0x90
[  330.751934][T18845]  should_failslab+0x5/0x20
[  330.756477][T18845]  kmem_cache_alloc+0x36/0x2e0
[  330.761227][T18845]  ? find_next_zero_bit+0xca/0xf0
[  330.766284][T18845]  mempool_alloc_slab+0x16/0x20
[  330.771213][T18845]  ? mempool_free+0x130/0x130
[  330.775913][T18845]  mempool_alloc+0x64/0x320
[  330.780397][T18845]  ? submit_bio_checks+0x823/0xb20
[  330.785506][T18845]  ? find_next_zero_bit+0xca/0xf0
[  330.790539][T18845]  bio_alloc_bioset+0x138/0x3a0
[  330.795471][T18845]  bio_clone_fast+0x23/0x110
[  330.800047][T18845]  bio_split+0x80/0x180
[  330.804189][T18845]  __blk_queue_split+0xabb/0xc80
[  330.809138][T18845]  blk_mq_submit_bio+0xce/0x1000
[  330.814078][T18845]  submit_bio_noacct+0x75d/0x910
[  330.819055][T18845]  ? mempool_alloc+0x71/0x320
[  330.823780][T18845]  ? prandom_u32_state+0x9/0x80
[  330.828677][T18845]  submit_bio+0x1f3/0x350
[  330.832996][T18845]  ? iov_iter_npages+0x160/0x5e0
[  330.837955][T18845]  blkdev_direct_IO+0x4fa/0xf60
[  330.842889][T18845]  ? aio_prep_rw+0x3b0/0x3b0
[  330.847478][T18845]  ? current_time+0xdb/0x190
[  330.852046][T18845]  ? atime_needs_update+0x290/0x370
[  330.857287][T18845]  ? touch_atime+0x10e/0x2d0
[  330.861880][T18845]  generic_file_read_iter+0x2c4/0x3d0
[  330.867243][T18845]  blkdev_read_iter+0xb3/0xc0
[  330.871962][T18845]  aio_read+0x1be/0x280
[  330.876099][T18845]  ? __rcu_read_unlock+0x51/0x250
[  330.881163][T18845]  io_submit_one+0x62d/0x1230
[  330.885825][T18845]  ? asm_exc_page_fault+0x1e/0x30
[  330.890833][T18845]  __se_sys_io_submit+0xf5/0x270
[  330.895828][T18845]  ? ksys_write+0x157/0x180
[  330.900412][T18845]  ? fpregs_assert_state_consistent+0x7d/0x90
[  330.906504][T18845]  __x64_sys_io_submit+0x3f/0x50
[  330.911429][T18845]  do_syscall_64+0x39/0x80
[  330.915831][T18845]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  330.921782][T18845] RIP: 0033:0x45e149
[  330.925655][T18845] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  330.945238][T18845] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  330.953627][T18845] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  330.961583][T18845] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:56:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x204}])

16:56:55 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x0)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  330.969567][T18845] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  330.977534][T18845] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004d
[  330.985487][T18845] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:55 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2000000}])

16:56:55 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x7, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:55 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c490ef}])

16:56:55 executing program 4 (fault-call:2 fault-nth:78):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x300}])

[  331.157161][T18865] loop5: detected capacity change from 264192 to 0
[  331.195147][T18870] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  331.248667][T18870] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  331.280510][T18871] FAULT_INJECTION: forcing a failure.
[  331.280510][T18871] name failslab, interval 1, probability 0, space 0, times 0
16:56:55 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2040000}])

16:56:55 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x81c47fff}])

16:56:55 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x402}])

[  331.304250][T18871] CPU: 1 PID: 18871 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  331.312694][T18871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  331.322740][T18871] Call Trace:
[  331.326082][T18871]  dump_stack+0x116/0x15d
[  331.330414][T18871]  should_fail+0x231/0x240
[  331.334950][T18871]  ? mempool_alloc_slab+0x16/0x20
[  331.339970][T18871]  __should_failslab+0x81/0x90
[  331.344711][T18871]  should_failslab+0x5/0x20
[  331.349227][T18871]  kmem_cache_alloc+0x36/0x2e0
[  331.354026][T18871]  ? mempool_alloc_slab+0x16/0x20
[  331.359113][T18871]  mempool_alloc_slab+0x16/0x20
[  331.364009][T18871]  ? mempool_free+0x130/0x130
[  331.368853][T18871]  mempool_alloc+0x64/0x320
[  331.373338][T18871]  ? submit_bio_checks+0x823/0xb20
[  331.378512][T18871]  ? find_next_zero_bit+0xca/0xf0
[  331.383530][T18871]  bio_alloc_bioset+0x138/0x3a0
[  331.388420][T18871]  bio_clone_fast+0x23/0x110
[  331.393029][T18871]  bio_split+0x80/0x180
[  331.397182][T18871]  __blk_queue_split+0xabb/0xc80
[  331.402141][T18871]  blk_mq_submit_bio+0xce/0x1000
[  331.407059][T18871]  submit_bio_noacct+0x75d/0x910
[  331.412030][T18871]  ? prandom_u32_state+0x9/0x80
[  331.416958][T18871]  submit_bio+0x1f3/0x350
[  331.421324][T18871]  ? iov_iter_npages+0x160/0x5e0
[  331.426261][T18871]  blkdev_direct_IO+0x4fa/0xf60
[  331.431171][T18871]  ? aio_prep_rw+0x3b0/0x3b0
[  331.435749][T18871]  ? current_time+0xdb/0x190
[  331.440441][T18871]  ? atime_needs_update+0x290/0x370
[  331.445618][T18871]  ? touch_atime+0x10e/0x2d0
[  331.450187][T18871]  generic_file_read_iter+0x2c4/0x3d0
[  331.455543][T18871]  blkdev_read_iter+0xb3/0xc0
[  331.460216][T18871]  aio_read+0x1be/0x280
[  331.464418][T18871]  ? __rcu_read_unlock+0x51/0x250
[  331.469423][T18871]  io_submit_one+0x62d/0x1230
[  331.474074][T18871]  ? asm_exc_page_fault+0x1e/0x30
[  331.479073][T18871]  __se_sys_io_submit+0xf5/0x270
[  331.484029][T18871]  ? ksys_write+0x157/0x180
[  331.488542][T18871]  ? fpregs_assert_state_consistent+0x7d/0x90
[  331.494585][T18871]  __x64_sys_io_submit+0x3f/0x50
[  331.499550][T18871]  do_syscall_64+0x39/0x80
[  331.503944][T18871]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  331.509882][T18871] RIP: 0033:0x45e149
[  331.513778][T18871] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  331.533397][T18871] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  331.541811][T18871] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  331.549775][T18871] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  331.557721][T18871] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  331.565682][T18871] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004e
[  331.573637][T18871] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x0)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:56 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x8, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:56 executing program 4 (fault-call:2 fault-nth:79):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:56 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x3e80000000}])

[  331.746448][T18890] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:56 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x3000000}])

16:56:56 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x406}])

[  331.813078][T18890] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  331.821393][T18893] loop5: detected capacity change from 264192 to 0
[  331.854285][T18894] FAULT_INJECTION: forcing a failure.
[  331.854285][T18894] name failslab, interval 1, probability 0, space 0, times 0
16:56:56 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0xffffffffffffffff}])

[  331.962251][T18894] CPU: 1 PID: 18894 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  331.970758][T18894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  331.980801][T18894] Call Trace:
[  331.984074][T18894]  dump_stack+0x116/0x15d
[  331.988511][T18894]  should_fail+0x231/0x240
[  331.994233][T18894]  ? mempool_alloc_slab+0x16/0x20
[  331.999789][T18894]  __should_failslab+0x81/0x90
[  332.005246][T18894]  should_failslab+0x5/0x20
[  332.010493][T18894]  kmem_cache_alloc+0x36/0x2e0
[  332.016140][T18894]  ? mempool_alloc_slab+0x16/0x20
[  332.021856][T18894]  mempool_alloc_slab+0x16/0x20
[  332.029235][T18894]  ? mempool_free+0x130/0x130
[  332.034973][T18894]  mempool_alloc+0x64/0x320
[  332.039795][T18894]  ? submit_bio_checks+0x823/0xb20
[  332.047088][T18894]  ? asm_sysvec_reschedule_ipi+0x12/0x20
[  332.052723][T18894]  ? find_next_zero_bit+0xca/0xf0
[  332.057740][T18894]  bio_alloc_bioset+0x138/0x3a0
[  332.062583][T18894]  bio_clone_fast+0x23/0x110
[  332.067163][T18894]  bio_split+0x80/0x180
[  332.071316][T18894]  __blk_queue_split+0xabb/0xc80
[  332.077172][T18894]  blk_mq_submit_bio+0xce/0x1000
[  332.083176][T18894]  submit_bio_noacct+0x75d/0x910
[  332.088727][T18894]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  332.095247][T18894]  ? prandom_u32_state+0x9/0x80
[  332.100146][T18894]  submit_bio+0x1f3/0x350
[  332.104542][T18894]  ? iov_iter_npages+0x160/0x5e0
[  332.110383][T18894]  blkdev_direct_IO+0x4fa/0xf60
[  332.116460][T18894]  ? aio_prep_rw+0x3b0/0x3b0
[  332.121043][T18894]  ? current_time+0xdb/0x190
[  332.125623][T18894]  ? atime_needs_update+0x290/0x370
[  332.130861][T18894]  ? touch_atime+0x10e/0x2d0
[  332.135451][T18894]  generic_file_read_iter+0x2c4/0x3d0
[  332.140948][T18894]  blkdev_read_iter+0xb3/0xc0
[  332.145726][T18894]  aio_read+0x1be/0x280
[  332.149870][T18894]  ? __rcu_read_unlock+0x51/0x250
[  332.154892][T18894]  io_submit_one+0x62d/0x1230
[  332.159563][T18894]  ? asm_exc_page_fault+0x1e/0x30
[  332.164581][T18894]  __se_sys_io_submit+0xf5/0x270
[  332.169539][T18894]  ? ksys_write+0x157/0x180
[  332.174094][T18894]  ? fpregs_assert_state_consistent+0x7d/0x90
[  332.180144][T18894]  __x64_sys_io_submit+0x3f/0x50
[  332.185065][T18894]  do_syscall_64+0x39/0x80
[  332.189510][T18894]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  332.195383][T18894] RIP: 0033:0x45e149
[  332.199353][T18894] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  332.218936][T18894] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  332.227352][T18894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  332.235300][T18894] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  332.243289][T18894] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  332.251238][T18894] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004f
16:56:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(0x0, r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  332.259235][T18894] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:56 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xd, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:57 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x500}])

16:56:57 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2}])

16:56:57 executing program 4 (fault-call:2 fault-nth:80):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  332.351181][T18915] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:57 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x4000000}])

[  332.398343][T18916] loop5: detected capacity change from 264192 to 0
[  332.501312][T18931] FAULT_INJECTION: forcing a failure.
[  332.501312][T18931] name failslab, interval 1, probability 0, space 0, times 0
[  332.513942][T18931] CPU: 1 PID: 18931 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  332.522353][T18931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  332.532412][T18931] Call Trace:
[  332.535692][T18931]  dump_stack+0x116/0x15d
[  332.540025][T18931]  should_fail+0x231/0x240
[  332.544474][T18931]  ? mempool_alloc_slab+0x16/0x20
[  332.549482][T18931]  __should_failslab+0x81/0x90
[  332.554236][T18931]  should_failslab+0x5/0x20
[  332.558783][T18931]  kmem_cache_alloc+0x36/0x2e0
[  332.563531][T18931]  ? mempool_alloc_slab+0x16/0x20
[  332.568626][T18931]  mempool_alloc_slab+0x16/0x20
[  332.573458][T18931]  ? mempool_free+0x130/0x130
[  332.578222][T18931]  mempool_alloc+0x64/0x320
[  332.582724][T18931]  ? submit_bio_checks+0x823/0xb20
[  332.587823][T18931]  ? find_next_zero_bit+0xca/0xf0
[  332.592885][T18931]  bio_alloc_bioset+0x138/0x3a0
[  332.597786][T18931]  bio_clone_fast+0x23/0x110
[  332.602782][T18931]  bio_split+0x80/0x180
[  332.606933][T18931]  __blk_queue_split+0xabb/0xc80
[  332.611858][T18931]  blk_mq_submit_bio+0xce/0x1000
[  332.616797][T18931]  submit_bio_noacct+0x75d/0x910
[  332.621725][T18931]  ? mempool_alloc+0x71/0x320
[  332.626385][T18931]  ? prandom_u32_state+0x9/0x80
[  332.631293][T18931]  submit_bio+0x1f3/0x350
[  332.635611][T18931]  ? iov_iter_npages+0x160/0x5e0
[  332.640536][T18931]  blkdev_direct_IO+0x4fa/0xf60
[  332.645430][T18931]  ? aio_prep_rw+0x3b0/0x3b0
[  332.650025][T18931]  ? current_time+0xdb/0x190
[  332.654595][T18931]  ? atime_needs_update+0x290/0x370
[  332.659772][T18931]  ? touch_atime+0x10e/0x2d0
[  332.664338][T18931]  generic_file_read_iter+0x2c4/0x3d0
[  332.669716][T18931]  blkdev_read_iter+0xb3/0xc0
[  332.674433][T18931]  aio_read+0x1be/0x280
[  332.678568][T18931]  ? __rcu_read_unlock+0x51/0x250
[  332.683639][T18931]  io_submit_one+0x62d/0x1230
[  332.688298][T18931]  ? asm_exc_page_fault+0x1e/0x30
[  332.693307][T18931]  __se_sys_io_submit+0xf5/0x270
[  332.698345][T18931]  ? ksys_write+0x157/0x180
[  332.702826][T18931]  ? fpregs_assert_state_consistent+0x7d/0x90
[  332.708873][T18931]  __x64_sys_io_submit+0x3f/0x50
[  332.713838][T18931]  do_syscall_64+0x39/0x80
[  332.718239][T18931]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  332.724116][T18931] RIP: 0033:0x45e149
[  332.727992][T18931] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:57 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x604}])

16:56:57 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(0x0, r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  332.747606][T18931] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  332.755999][T18931] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  332.763952][T18931] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  332.771907][T18931] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  332.779862][T18931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000050
[  332.787813][T18931] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:57 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x3}])

[  332.855736][T18916] loop5: detected capacity change from 264192 to 0
16:56:57 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x5000000}])

16:56:57 executing program 4 (fault-call:2 fault-nth:81):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  332.964383][T18943] tbf_change: 1 callbacks suppressed
[  332.964393][T18943] sch_tbf: burst 0 is lower than device lo mtu (65550) !
16:56:57 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x4}])

16:56:57 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x700}])

16:56:57 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xf, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  333.044129][T18943] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  333.061924][T18946] FAULT_INJECTION: forcing a failure.
[  333.061924][T18946] name failslab, interval 1, probability 0, space 0, times 0
[  333.080637][T18946] CPU: 0 PID: 18946 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  333.089848][T18946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.100919][T18946] Call Trace:
[  333.104200][T18946]  dump_stack+0x116/0x15d
[  333.109466][T18946]  should_fail+0x231/0x240
[  333.114108][T18946]  ? mempool_alloc_slab+0x16/0x20
[  333.120247][T18946]  __should_failslab+0x81/0x90
[  333.125031][T18946]  should_failslab+0x5/0x20
[  333.129587][T18946]  kmem_cache_alloc+0x36/0x2e0
[  333.135278][T18946]  ? mempool_alloc_slab+0x16/0x20
[  333.141415][T18946]  mempool_alloc_slab+0x16/0x20
[  333.147157][T18946]  ? mempool_free+0x130/0x130
[  333.151834][T18946]  mempool_alloc+0x64/0x320
[  333.157324][T18946]  ? submit_bio_checks+0x823/0xb20
[  333.162435][T18946]  ? find_next_zero_bit+0xca/0xf0
[  333.167507][T18946]  bio_alloc_bioset+0x138/0x3a0
[  333.173206][T18946]  bio_clone_fast+0x23/0x110
[  333.177880][T18946]  bio_split+0x80/0x180
[  333.182149][T18946]  __blk_queue_split+0xabb/0xc80
[  333.188086][T18946]  blk_mq_submit_bio+0xce/0x1000
[  333.194607][T18946]  submit_bio_noacct+0x75d/0x910
[  333.200478][T18946]  ? mempool_alloc+0x71/0x320
[  333.206248][T18946]  ? prandom_u32_state+0x9/0x80
[  333.211106][T18946]  submit_bio+0x1f3/0x350
[  333.215429][T18946]  ? iov_iter_npages+0x160/0x5e0
[  333.220381][T18946]  blkdev_direct_IO+0x4fa/0xf60
[  333.225234][T18946]  ? aio_prep_rw+0x3b0/0x3b0
[  333.229808][T18946]  ? current_time+0xdb/0x190
[  333.234446][T18946]  ? atime_needs_update+0x290/0x370
[  333.239755][T18946]  ? touch_atime+0x10e/0x2d0
[  333.246778][T18946]  generic_file_read_iter+0x2c4/0x3d0
[  333.252152][T18946]  blkdev_read_iter+0xb3/0xc0
[  333.257763][T18946]  aio_read+0x1be/0x280
[  333.261906][T18946]  ? __rcu_read_unlock+0x51/0x250
[  333.267314][T18946]  io_submit_one+0x62d/0x1230
[  333.272703][T18946]  ? asm_exc_page_fault+0x1e/0x30
[  333.277808][T18946]  __se_sys_io_submit+0xf5/0x270
[  333.282725][T18946]  ? ksys_write+0x157/0x180
[  333.287248][T18946]  ? fpregs_assert_state_consistent+0x7d/0x90
[  333.293289][T18946]  __x64_sys_io_submit+0x3f/0x50
[  333.298206][T18946]  do_syscall_64+0x39/0x80
[  333.302604][T18946]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  333.308525][T18946] RIP: 0033:0x45e149
[  333.312481][T18946] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  333.332113][T18946] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  333.340510][T18946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  333.348480][T18946] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  333.356440][T18946] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  333.364595][T18946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000051
[  333.372603][T18946] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:58 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(0x0, r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:58 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x6040000}])

16:56:58 executing program 4 (fault-call:2 fault-nth:82):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:58 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x5}])

16:56:58 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xd00}])

[  333.514253][T18964] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  333.542673][T18967] loop5: detected capacity change from 264192 to 0
[  333.546928][T18964] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:56:58 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x7000000}])

16:56:58 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x800000003, 0x0)
bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r6 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r7 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f00000018c0)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x48}}, 0x0)

16:56:58 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x7}])

[  333.684647][T18972] FAULT_INJECTION: forcing a failure.
[  333.684647][T18972] name failslab, interval 1, probability 0, space 0, times 0
[  333.704611][T18967] loop5: detected capacity change from 264192 to 0
16:56:58 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xf00}])

[  333.756234][T18972] CPU: 0 PID: 18972 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  333.764702][T18972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  333.774908][T18972] Call Trace:
[  333.776854][T18992] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  333.778171][T18972]  dump_stack+0x116/0x15d
[  333.789500][T18972]  should_fail+0x231/0x240
[  333.793914][T18972]  ? mempool_alloc_slab+0x16/0x20
[  333.798019][T18992] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  333.798934][T18972]  __should_failslab+0x81/0x90
[  333.811715][T18972]  should_failslab+0x5/0x20
[  333.816225][T18972]  kmem_cache_alloc+0x36/0x2e0
[  333.822084][T18972]  ? mempool_alloc_slab+0x16/0x20
[  333.827160][T18972]  mempool_alloc_slab+0x16/0x20
[  333.833281][T18972]  ? mempool_free+0x130/0x130
[  333.838507][T18972]  mempool_alloc+0x64/0x320
[  333.843080][T18972]  ? submit_bio_checks+0x823/0xb20
[  333.848772][T18972]  ? find_next_zero_bit+0xca/0xf0
[  333.854338][T18972]  bio_alloc_bioset+0x138/0x3a0
[  333.860436][T18972]  bio_clone_fast+0x23/0x110
[  333.865664][T18972]  bio_split+0x80/0x180
[  333.869994][T18972]  __blk_queue_split+0xabb/0xc80
[  333.875793][T18972]  blk_mq_submit_bio+0xce/0x1000
[  333.881273][T18972]  submit_bio_noacct+0x75d/0x910
[  333.887258][T18972]  ? preempt_schedule_irq+0x43/0x80
[  333.892531][T18972]  ? prandom_u32_state+0x9/0x80
[  333.897382][T18972]  submit_bio+0x1f3/0x350
[  333.901734][T18972]  ? iov_iter_npages+0x160/0x5e0
[  333.906668][T18972]  blkdev_direct_IO+0x4fa/0xf60
[  333.911515][T18972]  ? aio_prep_rw+0x3b0/0x3b0
[  333.916125][T18972]  ? current_time+0xdb/0x190
[  333.920702][T18972]  ? atime_needs_update+0x290/0x370
[  333.925885][T18972]  ? touch_atime+0x10e/0x2d0
[  333.930456][T18972]  generic_file_read_iter+0x2c4/0x3d0
[  333.935901][T18972]  blkdev_read_iter+0xb3/0xc0
[  333.940564][T18972]  aio_read+0x1be/0x280
[  333.944699][T18972]  ? __rcu_read_unlock+0x51/0x250
[  333.949705][T18972]  io_submit_one+0x62d/0x1230
[  333.954361][T18972]  ? asm_exc_page_fault+0x1e/0x30
[  333.959521][T18972]  __se_sys_io_submit+0xf5/0x270
[  333.964440][T18972]  ? ksys_write+0x157/0x180
[  333.968923][T18972]  ? fpregs_assert_state_consistent+0x7d/0x90
[  333.974966][T18972]  __x64_sys_io_submit+0x3f/0x50
[  333.979886][T18972]  do_syscall_64+0x39/0x80
[  333.984444][T18972]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  333.990319][T18972] RIP: 0033:0x45e149
[  333.994207][T18972] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  334.013791][T18972] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  334.022181][T18972] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  334.030238][T18972] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  334.038206][T18972] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  334.046157][T18972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000052
[  334.054106][T18972] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:58 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x8000000}])

16:56:58 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x8}])

16:56:58 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x10, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:58 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x800000003, 0x0)
bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r6 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r7 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f00000018c0)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x48}}, 0x0)

16:56:58 executing program 4 (fault-call:2 fault-nth:83):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:56:58 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2000}])

[  334.284474][T19007] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  334.293969][T19008] loop5: detected capacity change from 264192 to 0
[  334.352737][T19014] FAULT_INJECTION: forcing a failure.
[  334.352737][T19014] name failslab, interval 1, probability 0, space 0, times 0
[  334.369714][T19007] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  334.381961][T19014] CPU: 0 PID: 19014 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  334.390394][T19014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  334.400448][T19014] Call Trace:
[  334.403845][T19014]  dump_stack+0x116/0x15d
[  334.408942][T19014]  should_fail+0x231/0x240
[  334.413363][T19014]  ? mempool_alloc_slab+0x16/0x20
[  334.419296][T19014]  __should_failslab+0x81/0x90
[  334.424092][T19014]  should_failslab+0x5/0x20
[  334.428577][T19014]  kmem_cache_alloc+0x36/0x2e0
[  334.433358][T19014]  ? mempool_alloc_slab+0x16/0x20
[  334.438373][T19014]  mempool_alloc_slab+0x16/0x20
[  334.443205][T19014]  ? mempool_free+0x130/0x130
[  334.447865][T19014]  mempool_alloc+0x64/0x320
[  334.452390][T19014]  ? submit_bio_checks+0x823/0xb20
[  334.457484][T19014]  ? find_next_zero_bit+0xca/0xf0
[  334.462486][T19014]  bio_alloc_bioset+0x138/0x3a0
[  334.467392][T19014]  bio_clone_fast+0x23/0x110
[  334.472034][T19014]  bio_split+0x80/0x180
[  334.476244][T19014]  __blk_queue_split+0xabb/0xc80
[  334.481166][T19014]  blk_mq_submit_bio+0xce/0x1000
[  334.486215][T19014]  submit_bio_noacct+0x75d/0x910
[  334.491184][T19014]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  334.496725][T19014]  ? prandom_u32_state+0x9/0x80
[  334.501568][T19014]  submit_bio+0x1f3/0x350
[  334.505894][T19014]  ? iov_iter_npages+0x160/0x5e0
[  334.510838][T19014]  blkdev_direct_IO+0x4fa/0xf60
[  334.515690][T19014]  ? aio_prep_rw+0x3b0/0x3b0
[  334.520295][T19014]  ? current_time+0xdb/0x190
[  334.524864][T19014]  ? atime_needs_update+0x290/0x370
[  334.530114][T19014]  ? touch_atime+0x10e/0x2d0
[  334.534685][T19014]  generic_file_read_iter+0x2c4/0x3d0
[  334.540160][T19014]  blkdev_read_iter+0xb3/0xc0
[  334.544885][T19014]  aio_read+0x1be/0x280
[  334.549020][T19014]  ? __rcu_read_unlock+0x51/0x250
[  334.554104][T19014]  io_submit_one+0x62d/0x1230
[  334.558757][T19014]  ? asm_exc_page_fault+0x1e/0x30
[  334.563758][T19014]  __se_sys_io_submit+0xf5/0x270
[  334.568747][T19014]  ? ksys_write+0x157/0x180
[  334.573232][T19014]  ? fpregs_assert_state_consistent+0x7d/0x90
[  334.579293][T19014]  __x64_sys_io_submit+0x3f/0x50
[  334.584218][T19014]  do_syscall_64+0x39/0x80
[  334.588622][T19014]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  334.594544][T19014] RIP: 0033:0x45e149
[  334.598415][T19014] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  334.618116][T19014] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  334.626554][T19014] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  334.634505][T19014] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  334.642585][T19014] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
16:56:59 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xd000000}])

[  334.650548][T19014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000053
[  334.658496][T19014] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:59 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd}])

16:56:59 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xb901}])

16:56:59 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x800000003, 0x0)
bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r6 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r7 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f00000018c0)={'team0\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x48}}, 0x0)

16:56:59 executing program 4 (fault-call:2 fault-nth:84):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  334.766233][T19008] loop5: detected capacity change from 264192 to 0
16:56:59 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xf000000}])

16:56:59 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x8a, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  334.880195][T19034] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  334.898959][T19036] FAULT_INJECTION: forcing a failure.
[  334.898959][T19036] name failslab, interval 1, probability 0, space 0, times 0
[  334.918189][T19036] CPU: 0 PID: 19036 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
16:56:59 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf}])

[  334.926617][T19036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  334.936728][T19036] Call Trace:
[  334.940003][T19036]  dump_stack+0x116/0x15d
[  334.944354][T19036]  should_fail+0x231/0x240
[  334.948769][T19036]  ? mempool_alloc_slab+0x16/0x20
[  334.953789][T19036]  __should_failslab+0x81/0x90
[  334.958556][T19036]  should_failslab+0x5/0x20
[  334.963360][T19036]  kmem_cache_alloc+0x36/0x2e0
[  334.968326][T19036]  mempool_alloc_slab+0x16/0x20
[  334.972944][T19034] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  334.973244][T19036]  ? mempool_free+0x130/0x130
[  334.986006][T19036]  mempool_alloc+0x64/0x320
[  334.990750][T19036]  ? preempt_schedule+0x54/0x80
[  334.996839][T19036]  bio_alloc_bioset+0x138/0x3a0
[  335.001715][T19036]  ? __blk_mq_delay_run_hw_queue+0x1c5/0x330
[  335.008423][T19036]  bio_clone_fast+0x23/0x110
[  335.013813][T19036]  bio_split+0x80/0x180
[  335.018109][T19036]  __blk_queue_split+0xabb/0xc80
[  335.023962][T19036]  blk_mq_submit_bio+0xce/0x1000
[  335.029732][T19036]  submit_bio_noacct+0x75d/0x910
[  335.035765][T19036]  ? mempool_alloc+0x71/0x320
[  335.041728][T19036]  ? prandom_u32_state+0x9/0x80
[  335.046786][T19036]  submit_bio+0x1f3/0x350
[  335.051155][T19036]  ? iov_iter_npages+0x160/0x5e0
[  335.056764][T19036]  blkdev_direct_IO+0x4fa/0xf60
[  335.062425][T19036]  ? aio_prep_rw+0x3b0/0x3b0
[  335.067610][T19036]  ? current_time+0xdb/0x190
[  335.073362][T19036]  ? atime_needs_update+0x290/0x370
[  335.079289][T19036]  ? touch_atime+0x10e/0x2d0
[  335.083889][T19036]  generic_file_read_iter+0x2c4/0x3d0
[  335.089376][T19036]  blkdev_read_iter+0xb3/0xc0
[  335.096643][T19036]  aio_read+0x1be/0x280
[  335.100803][T19036]  ? __rcu_read_unlock+0x51/0x250
[  335.106334][T19036]  io_submit_one+0x62d/0x1230
[  335.112150][T19036]  ? asm_exc_page_fault+0x1e/0x30
[  335.118431][T19036]  __se_sys_io_submit+0xf5/0x270
[  335.124273][T19036]  ? ksys_write+0x157/0x180
[  335.129936][T19036]  ? fpregs_assert_state_consistent+0x7d/0x90
[  335.136507][T19036]  __x64_sys_io_submit+0x3f/0x50
[  335.142543][T19036]  do_syscall_64+0x39/0x80
[  335.146965][T19036]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  335.153141][T19036] RIP: 0033:0x45e149
[  335.157097][T19036] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:56:59 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xefff}])

[  335.176702][T19036] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  335.185127][T19036] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  335.193111][T19036] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  335.201063][T19036] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  335.209018][T19036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054
[  335.217018][T19036] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:56:59 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, 0x0)
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:56:59 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x72000000}])

[  335.311099][T19049] loop5: detected capacity change from 264192 to 0
16:57:00 executing program 4 (fault-call:2 fault-nth:85):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:00 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x10}])

16:57:00 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xffef}])

[  335.437765][T19059] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  335.449826][T19059] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  335.469255][T19049] loop5: detected capacity change from 264192 to 0
16:57:00 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xefffffff}])

[  335.527897][T19072] FAULT_INJECTION: forcing a failure.
[  335.527897][T19072] name failslab, interval 1, probability 0, space 0, times 0
[  335.541972][T19072] CPU: 0 PID: 19072 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  335.550472][T19072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  335.560517][T19072] Call Trace:
[  335.563779][T19072]  dump_stack+0x116/0x15d
[  335.568102][T19072]  should_fail+0x231/0x240
[  335.572493][T19072]  ? mempool_alloc_slab+0x16/0x20
[  335.577505][T19072]  __should_failslab+0x81/0x90
[  335.582250][T19072]  should_failslab+0x5/0x20
[  335.586814][T19072]  kmem_cache_alloc+0x36/0x2e0
[  335.591616][T19072]  ? mempool_alloc_slab+0x16/0x20
[  335.596623][T19072]  mempool_alloc_slab+0x16/0x20
[  335.601852][T19072]  ? mempool_free+0x130/0x130
[  335.606538][T19072]  mempool_alloc+0x64/0x320
[  335.611018][T19072]  ? submit_bio_checks+0x823/0xb20
[  335.616238][T19072]  ? find_next_zero_bit+0xca/0xf0
[  335.621292][T19072]  bio_alloc_bioset+0x138/0x3a0
[  335.626145][T19072]  bio_clone_fast+0x23/0x110
[  335.630811][T19072]  bio_split+0x80/0x180
[  335.634947][T19072]  __blk_queue_split+0xabb/0xc80
[  335.639874][T19072]  blk_mq_submit_bio+0xce/0x1000
[  335.644831][T19072]  submit_bio_noacct+0x75d/0x910
[  335.649744][T19072]  ? mempool_alloc+0x71/0x320
[  335.654485][T19072]  ? prandom_u32_state+0x9/0x80
[  335.659315][T19072]  submit_bio+0x1f3/0x350
[  335.663633][T19072]  ? iov_iter_npages+0x160/0x5e0
[  335.668633][T19072]  blkdev_direct_IO+0x4fa/0xf60
[  335.673464][T19072]  ? aio_prep_rw+0x3b0/0x3b0
[  335.678166][T19072]  ? current_time+0xdb/0x190
[  335.682734][T19072]  ? atime_needs_update+0x290/0x370
[  335.687909][T19072]  ? touch_atime+0x10e/0x2d0
[  335.692473][T19072]  generic_file_read_iter+0x2c4/0x3d0
[  335.697821][T19072]  blkdev_read_iter+0xb3/0xc0
[  335.702488][T19072]  aio_read+0x1be/0x280
[  335.706667][T19072]  ? __rcu_read_unlock+0x51/0x250
[  335.711690][T19072]  io_submit_one+0x62d/0x1230
[  335.716342][T19072]  ? asm_exc_page_fault+0x1e/0x30
[  335.721349][T19072]  __se_sys_io_submit+0xf5/0x270
[  335.726274][T19072]  ? ksys_write+0x157/0x180
[  335.730755][T19072]  ? fpregs_assert_state_consistent+0x7d/0x90
[  335.736799][T19072]  __x64_sys_io_submit+0x3f/0x50
[  335.741728][T19072]  do_syscall_64+0x39/0x80
[  335.746231][T19072]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  335.752110][T19072] RIP: 0033:0x45e149
[  335.755985][T19072] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  335.775612][T19072] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  335.784204][T19072] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  335.792292][T19072] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  335.800242][T19072] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  335.808190][T19072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000055
[  335.816152][T19072] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:00 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xef}])

16:57:00 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, 0x0)
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:00 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0xef, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:00 executing program 4 (fault-call:2 fault-nth:86):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  335.947108][T19080] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  335.964249][T19080] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:57:00 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x18100}])

16:57:00 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x124}])

16:57:00 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xffefffff}])

[  336.063331][T19088] loop5: detected capacity change from 264192 to 0
[  336.086945][T19085] FAULT_INJECTION: forcing a failure.
[  336.086945][T19085] name failslab, interval 1, probability 0, space 0, times 0
[  336.113093][T19085] CPU: 0 PID: 19085 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  336.121596][T19085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  336.131649][T19085] Call Trace:
[  336.134926][T19085]  dump_stack+0x116/0x15d
[  336.139256][T19085]  should_fail+0x231/0x240
[  336.143665][T19085]  ? mempool_alloc_slab+0x16/0x20
[  336.148707][T19085]  __should_failslab+0x81/0x90
[  336.153492][T19085]  should_failslab+0x5/0x20
[  336.158017][T19085]  kmem_cache_alloc+0x36/0x2e0
[  336.162836][T19085]  ? mempool_alloc_slab+0x16/0x20
[  336.167858][T19085]  mempool_alloc_slab+0x16/0x20
[  336.172709][T19085]  ? mempool_free+0x130/0x130
[  336.177509][T19085]  mempool_alloc+0x64/0x320
[  336.182058][T19085]  ? submit_bio_checks+0x823/0xb20
[  336.187228][T19085]  ? find_next_zero_bit+0xca/0xf0
[  336.192312][T19085]  bio_alloc_bioset+0x138/0x3a0
[  336.197201][T19085]  bio_clone_fast+0x23/0x110
[  336.201804][T19085]  bio_split+0x80/0x180
[  336.205982][T19085]  __blk_queue_split+0xabb/0xc80
[  336.211599][T19085]  blk_mq_submit_bio+0xce/0x1000
[  336.216992][T19085]  submit_bio_noacct+0x75d/0x910
[  336.222009][T19085]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  336.227935][T19085]  ? prandom_u32_state+0x9/0x80
[  336.233719][T19085]  submit_bio+0x1f3/0x350
[  336.238392][T19085]  ? iov_iter_npages+0x160/0x5e0
[  336.244124][T19085]  blkdev_direct_IO+0x4fa/0xf60
[  336.250353][T19085]  ? aio_prep_rw+0x3b0/0x3b0
[  336.255900][T19085]  ? current_time+0xdb/0x190
[  336.261266][T19085]  ? atime_needs_update+0x290/0x370
[  336.267078][T19085]  ? touch_atime+0x10e/0x2d0
[  336.273758][T19085]  generic_file_read_iter+0x2c4/0x3d0
[  336.279942][T19085]  blkdev_read_iter+0xb3/0xc0
[  336.285615][T19085]  aio_read+0x1be/0x280
[  336.289928][T19085]  ? __rcu_read_unlock+0x51/0x250
[  336.295788][T19085]  io_submit_one+0x62d/0x1230
[  336.301265][T19085]  ? asm_exc_page_fault+0x1e/0x30
[  336.306751][T19085]  __se_sys_io_submit+0xf5/0x270
[  336.312495][T19085]  ? ksys_write+0x157/0x180
[  336.318208][T19085]  ? fpregs_assert_state_consistent+0x7d/0x90
[  336.324411][T19085]  __x64_sys_io_submit+0x3f/0x50
[  336.330041][T19085]  do_syscall_64+0x39/0x80
[  336.334530][T19085]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  336.341161][T19085] RIP: 0033:0x45e149
[  336.345203][T19085] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:57:01 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, 0x0)
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  336.365373][T19085] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  336.373819][T19085] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  336.381791][T19085] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  336.389832][T19085] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  336.397834][T19085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000056
[  336.406585][T19085] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:01 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x20000}])

16:57:01 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x204}])

16:57:01 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xffffefff}])

16:57:01 executing program 4 (fault-call:2 fault-nth:87):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  336.529589][T19088] loop5: detected capacity change from 264192 to 0
[  336.616288][T19112] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  336.616686][T19111] FAULT_INJECTION: forcing a failure.
[  336.616686][T19111] name failslab, interval 1, probability 0, space 0, times 0
[  336.637033][T19112] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  336.638125][T19111] CPU: 0 PID: 19111 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  336.654140][T19111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  336.664296][T19111] Call Trace:
[  336.667556][T19111]  dump_stack+0x116/0x15d
[  336.671872][T19111]  should_fail+0x231/0x240
[  336.676514][T19111]  ? mempool_alloc_slab+0x16/0x20
[  336.683587][T19111]  __should_failslab+0x81/0x90
[  336.688348][T19111]  should_failslab+0x5/0x20
[  336.692940][T19111]  kmem_cache_alloc+0x36/0x2e0
[  336.697702][T19111]  ? mempool_alloc_slab+0x16/0x20
[  336.702900][T19111]  mempool_alloc_slab+0x16/0x20
[  336.707734][T19111]  ? mempool_free+0x130/0x130
[  336.712487][T19111]  mempool_alloc+0x64/0x320
[  336.716967][T19111]  ? submit_bio_checks+0x823/0xb20
[  336.722082][T19111]  ? find_next_zero_bit+0xca/0xf0
[  336.727097][T19111]  bio_alloc_bioset+0x138/0x3a0
[  336.731941][T19111]  bio_clone_fast+0x23/0x110
[  336.736595][T19111]  bio_split+0x80/0x180
[  336.740745][T19111]  __blk_queue_split+0xabb/0xc80
[  336.745741][T19111]  blk_mq_submit_bio+0xce/0x1000
[  336.750692][T19111]  submit_bio_noacct+0x75d/0x910
[  336.755632][T19111]  ? prandom_u32_state+0x9/0x80
[  336.760497][T19111]  submit_bio+0x1f3/0x350
[  336.764803][T19111]  ? iov_iter_npages+0x160/0x5e0
[  336.769803][T19111]  blkdev_direct_IO+0x4fa/0xf60
[  336.774748][T19111]  ? aio_prep_rw+0x3b0/0x3b0
[  336.779316][T19111]  ? current_time+0xdb/0x190
[  336.783955][T19111]  ? atime_needs_update+0x290/0x370
[  336.789251][T19111]  ? touch_atime+0x10e/0x2d0
[  336.793818][T19111]  generic_file_read_iter+0x2c4/0x3d0
[  336.799170][T19111]  blkdev_read_iter+0xb3/0xc0
[  336.803895][T19111]  aio_read+0x1be/0x280
[  336.808051][T19111]  ? __rcu_read_unlock+0x51/0x250
[  336.813057][T19111]  io_submit_one+0x62d/0x1230
[  336.817755][T19111]  ? asm_exc_page_fault+0x1e/0x30
[  336.822818][T19111]  __se_sys_io_submit+0xf5/0x270
[  336.827803][T19111]  ? ksys_write+0x157/0x180
[  336.832290][T19111]  ? fpregs_assert_state_consistent+0x7d/0x90
[  336.838334][T19111]  __x64_sys_io_submit+0x3f/0x50
[  336.843251][T19111]  do_syscall_64+0x39/0x80
[  336.847650][T19111]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  336.853587][T19111] RIP: 0033:0x45e149
[  336.857457][T19111] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  336.877112][T19111] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  336.885529][T19111] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  336.893477][T19111] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  336.901426][T19111] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  336.909423][T19111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000057
[  336.917370][T19111] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:01 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xffffffef}])

16:57:01 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:01 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x204, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:01 executing program 4 (fault-call:2 fault-nth:88):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:01 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x100000}])

16:57:01 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x300}])

[  337.157853][T19131] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  337.181057][T19130] loop5: detected capacity change from 264192 to 0
[  337.183418][T19129] FAULT_INJECTION: forcing a failure.
[  337.183418][T19129] name failslab, interval 1, probability 0, space 0, times 0
16:57:01 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0xffffffff}])

16:57:01 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x200000}])

[  337.256666][T19131] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  337.301058][T19129] CPU: 1 PID: 19129 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  337.309491][T19129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.319546][T19129] Call Trace:
[  337.322817][T19129]  dump_stack+0x116/0x15d
[  337.327180][T19129]  should_fail+0x231/0x240
[  337.331578][T19129]  ? mempool_alloc_slab+0x16/0x20
[  337.336585][T19129]  __should_failslab+0x81/0x90
[  337.341333][T19129]  should_failslab+0x5/0x20
[  337.345865][T19129]  kmem_cache_alloc+0x36/0x2e0
[  337.350690][T19129]  ? mempool_alloc_slab+0x16/0x20
[  337.355695][T19129]  mempool_alloc_slab+0x16/0x20
[  337.360525][T19129]  ? mempool_free+0x130/0x130
[  337.365220][T19129]  mempool_alloc+0x64/0x320
[  337.369736][T19129]  ? submit_bio_checks+0x823/0xb20
[  337.374830][T19129]  ? find_next_zero_bit+0xca/0xf0
[  337.379834][T19129]  bio_alloc_bioset+0x138/0x3a0
[  337.384767][T19129]  ? prandom_u32_state+0x9/0x80
[  337.389620][T19129]  bio_clone_fast+0x23/0x110
[  337.394196][T19129]  bio_split+0x80/0x180
[  337.398344][T19129]  __blk_queue_split+0xabb/0xc80
[  337.403272][T19129]  blk_mq_submit_bio+0xce/0x1000
[  337.408193][T19129]  submit_bio_noacct+0x75d/0x910
[  337.413124][T19129]  ? kcsan_setup_watchpoint+0x1fc/0x4e0
[  337.418667][T19129]  ? prandom_u32_state+0x9/0x80
[  337.423502][T19129]  submit_bio+0x1f3/0x350
[  337.427819][T19129]  ? iov_iter_npages+0x160/0x5e0
[  337.432742][T19129]  blkdev_direct_IO+0x4fa/0xf60
[  337.437597][T19129]  ? aio_prep_rw+0x3b0/0x3b0
[  337.442169][T19129]  ? current_time+0xdb/0x190
[  337.446741][T19129]  ? atime_needs_update+0x290/0x370
[  337.451923][T19129]  ? touch_atime+0x10e/0x2d0
[  337.456494][T19129]  generic_file_read_iter+0x2c4/0x3d0
[  337.461850][T19129]  blkdev_read_iter+0xb3/0xc0
[  337.466600][T19129]  aio_read+0x1be/0x280
[  337.470736][T19129]  ? __rcu_read_unlock+0x51/0x250
[  337.475749][T19129]  io_submit_one+0x62d/0x1230
[  337.480406][T19129]  ? asm_exc_page_fault+0x1e/0x30
[  337.485415][T19129]  __se_sys_io_submit+0xf5/0x270
[  337.490472][T19129]  ? ksys_write+0x157/0x180
[  337.494959][T19129]  ? fpregs_assert_state_consistent+0x7d/0x90
[  337.501039][T19129]  __x64_sys_io_submit+0x3f/0x50
[  337.505961][T19129]  do_syscall_64+0x39/0x80
[  337.510435][T19129]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  337.516356][T19129] RIP: 0033:0x45e149
[  337.520231][T19129] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  337.539819][T19129] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  337.548213][T19129] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  337.556187][T19129] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  337.564140][T19129] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  337.572097][T19129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000058
[  337.580048][T19129] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:02 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x402}])

16:57:02 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:02 executing program 4 (fault-call:2 fault-nth:89):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:02 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x0, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x800}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  337.727887][T19159] FAULT_INJECTION: forcing a failure.
[  337.727887][T19159] name failslab, interval 1, probability 0, space 0, times 0
[  337.736212][T19156] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  337.741167][T19159] CPU: 0 PID: 19159 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  337.757358][T19159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.758004][T19156] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  337.767412][T19159] Call Trace:
[  337.767422][T19159]  dump_stack+0x116/0x15d
[  337.767446][T19159]  should_fail+0x231/0x240
[  337.789992][T19159]  ? mempool_alloc_slab+0x16/0x20
[  337.795857][T19159]  __should_failslab+0x81/0x90
[  337.802290][T19159]  should_failslab+0x5/0x20
[  337.808234][T19159]  kmem_cache_alloc+0x36/0x2e0
[  337.813000][T19159]  ? mempool_alloc_slab+0x16/0x20
[  337.818835][T19159]  mempool_alloc_slab+0x16/0x20
[  337.824558][T19159]  ? mempool_free+0x130/0x130
[  337.829749][T19159]  mempool_alloc+0x64/0x320
[  337.835363][T19159]  ? submit_bio_checks+0x823/0xb20
[  337.840972][T19159]  ? find_next_zero_bit+0xca/0xf0
[  337.846354][T19159]  bio_alloc_bioset+0x138/0x3a0
[  337.853536][T19159]  bio_clone_fast+0x23/0x110
[  337.858131][T19159]  bio_split+0x80/0x180
[  337.862398][T19159]  __blk_queue_split+0xabb/0xc80
[  337.867974][T19159]  blk_mq_submit_bio+0xce/0x1000
[  337.873821][T19159]  submit_bio_noacct+0x75d/0x910
[  337.879795][T19159]  ? mempool_alloc+0x71/0x320
[  337.885698][T19159]  ? prandom_u32_state+0x9/0x80
[  337.891485][T19159]  submit_bio+0x1f3/0x350
[  337.896415][T19159]  ? iov_iter_npages+0x160/0x5e0
[  337.902002][T19159]  blkdev_direct_IO+0x4fa/0xf60
[  337.907815][T19159]  ? aio_prep_rw+0x3b0/0x3b0
[  337.913586][T19159]  ? current_time+0xdb/0x190
[  337.919014][T19159]  ? atime_needs_update+0x290/0x370
[  337.924900][T19159]  ? touch_atime+0x10e/0x2d0
[  337.930362][T19159]  generic_file_read_iter+0x2c4/0x3d0
[  337.936989][T19159]  blkdev_read_iter+0xb3/0xc0
[  337.942355][T19159]  aio_read+0x1be/0x280
[  337.946660][T19159]  ? __rcu_read_unlock+0x51/0x250
[  337.952082][T19159]  io_submit_one+0x62d/0x1230
[  337.957486][T19159]  ? asm_exc_page_fault+0x1e/0x30
[  337.963303][T19159]  __se_sys_io_submit+0xf5/0x270
[  337.970137][T19159]  ? ksys_write+0x157/0x180
[  337.974670][T19159]  ? fpregs_assert_state_consistent+0x7d/0x90
[  337.980842][T19159]  __x64_sys_io_submit+0x3f/0x50
[  337.986425][T19159]  do_syscall_64+0x39/0x80
[  337.990859][T19159]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  337.997814][T19159] RIP: 0033:0x45e149
[  338.002080][T19159] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  338.021758][T19159] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  338.030207][T19159] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  338.038158][T19159] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  338.046124][T19159] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  338.054073][T19159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000059
[  338.062086][T19159] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
[  338.087150][T19130] loop5: detected capacity change from 264192 to 0
16:57:02 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x406}])

16:57:02 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x810100}])

16:57:02 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x300, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:02 executing program 4 (fault-call:2 fault-nth:90):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:02 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file0/file0\x00', r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  338.275186][T19181] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  338.284693][T19181] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:57:02 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x500}])

16:57:02 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x1000000}])

[  338.321823][T19184] loop5: detected capacity change from 264192 to 0
[  338.328397][T19182] FAULT_INJECTION: forcing a failure.
[  338.328397][T19182] name failslab, interval 1, probability 0, space 0, times 0
[  338.345838][T19182] CPU: 0 PID: 19182 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  338.354267][T19182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  338.364575][T19182] Call Trace:
[  338.367856][T19182]  dump_stack+0x116/0x15d
[  338.372192][T19182]  should_fail+0x231/0x240
[  338.376610][T19182]  ? mempool_alloc_slab+0x16/0x20
[  338.381699][T19182]  __should_failslab+0x81/0x90
[  338.386451][T19182]  should_failslab+0x5/0x20
[  338.390957][T19182]  kmem_cache_alloc+0x36/0x2e0
[  338.395753][T19182]  ? mempool_alloc_slab+0x16/0x20
[  338.400776][T19182]  mempool_alloc_slab+0x16/0x20
[  338.405638][T19182]  ? mempool_free+0x130/0x130
[  338.410314][T19182]  mempool_alloc+0x64/0x320
[  338.414818][T19182]  ? submit_bio_checks+0x823/0xb20
[  338.419928][T19182]  ? find_next_zero_bit+0xca/0xf0
[  338.425116][T19182]  bio_alloc_bioset+0x138/0x3a0
[  338.429969][T19182]  bio_clone_fast+0x23/0x110
[  338.434562][T19182]  bio_split+0x80/0x180
[  338.438719][T19182]  __blk_queue_split+0xabb/0xc80
[  338.443668][T19182]  blk_mq_submit_bio+0xce/0x1000
[  338.448616][T19182]  submit_bio_noacct+0x75d/0x910
[  338.454150][T19182]  ? mempool_alloc+0x71/0x320
[  338.459568][T19182]  ? prandom_u32_state+0x9/0x80
[  338.465467][T19182]  submit_bio+0x1f3/0x350
[  338.470999][T19182]  ? iov_iter_npages+0x160/0x5e0
[  338.476011][T19182]  blkdev_direct_IO+0x4fa/0xf60
[  338.481688][T19182]  ? aio_prep_rw+0x3b0/0x3b0
[  338.487510][T19182]  ? current_time+0xdb/0x190
[  338.493531][T19182]  ? atime_needs_update+0x290/0x370
[  338.499335][T19182]  ? touch_atime+0x10e/0x2d0
[  338.504117][T19182]  generic_file_read_iter+0x2c4/0x3d0
[  338.509950][T19182]  blkdev_read_iter+0xb3/0xc0
[  338.514736][T19182]  aio_read+0x1be/0x280
[  338.520564][T19182]  ? __rcu_read_unlock+0x51/0x250
[  338.525720][T19182]  io_submit_one+0x62d/0x1230
[  338.530827][T19182]  ? asm_exc_page_fault+0x1e/0x30
[  338.536721][T19182]  __se_sys_io_submit+0xf5/0x270
[  338.541839][T19182]  ? ksys_write+0x157/0x180
[  338.546630][T19182]  ? fpregs_assert_state_consistent+0x7d/0x90
[  338.553814][T19182]  __x64_sys_io_submit+0x3f/0x50
[  338.559550][T19182]  do_syscall_64+0x39/0x80
[  338.563981][T19182]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  338.570003][T19182] RIP: 0033:0x45e149
[  338.574562][T19182] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  338.594170][T19182] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  338.602617][T19182] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  338.610616][T19182] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:57:03 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, 0x0, r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  338.618568][T19182] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  338.626518][T19182] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005a
[  338.634491][T19182] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:03 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x1, 0x0, 0x0, {{}, {0x0, 0x3}, {0x8}}}, 0x24}}, 0x0)
io_setup(0x4, &(0x7f00000004c0))
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r3=>0x0)
io_submit(r3, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r2, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])
io_submit(0x0, 0x0, &(0x7f00000000c0))

16:57:03 executing program 4 (fault-call:2 fault-nth:91):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:03 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x604}])

[  338.743150][T19184] loop5: detected capacity change from 264192 to 0
[  338.789579][T19204] FAULT_INJECTION: forcing a failure.
[  338.789579][T19204] name failslab, interval 1, probability 0, space 0, times 0
[  338.810059][T19204] CPU: 1 PID: 19204 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  338.818489][T19204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  338.828536][T19204] Call Trace:
[  338.831813][T19204]  dump_stack+0x116/0x15d
[  338.832704][T19207] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  338.836188][T19204]  should_fail+0x231/0x240
[  338.836210][T19204]  ? mempool_alloc_slab+0x16/0x20
[  338.848130][T19207] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  338.852594][T19204]  __should_failslab+0x81/0x90
[  338.852658][T19204]  should_failslab+0x5/0x20
[  338.852678][T19204]  kmem_cache_alloc+0x36/0x2e0
[  338.876189][T19204]  ? mempool_alloc_slab+0x16/0x20
[  338.882321][T19204]  mempool_alloc_slab+0x16/0x20
[  338.888192][T19204]  ? mempool_free+0x130/0x130
[  338.893156][T19204]  mempool_alloc+0x64/0x320
[  338.897659][T19204]  ? submit_bio_checks+0x823/0xb20
[  338.903459][T19204]  ? find_next_zero_bit+0xca/0xf0
[  338.908965][T19204]  bio_alloc_bioset+0x138/0x3a0
[  338.914880][T19204]  bio_clone_fast+0x23/0x110
[  338.920211][T19204]  bio_split+0x80/0x180
[  338.924404][T19204]  __blk_queue_split+0xabb/0xc80
[  338.929332][T19204]  blk_mq_submit_bio+0xce/0x1000
[  338.934320][T19204]  submit_bio_noacct+0x75d/0x910
[  338.939239][T19204]  ? irqentry_exit+0x2a/0x40
[  338.943812][T19204]  ? sysvec_apic_timer_interrupt+0x80/0x90
[  338.949660][T19204]  ? prandom_u32_state+0x9/0x80
[  338.954549][T19204]  submit_bio+0x1f3/0x350
[  338.958920][T19204]  ? iov_iter_npages+0x160/0x5e0
[  338.963882][T19204]  blkdev_direct_IO+0x4fa/0xf60
[  338.968716][T19204]  ? aio_prep_rw+0x3b0/0x3b0
[  338.973389][T19204]  ? current_time+0xdb/0x190
[  338.978001][T19204]  ? atime_needs_update+0x290/0x370
[  338.983235][T19204]  ? touch_atime+0x10e/0x2d0
[  338.987801][T19204]  generic_file_read_iter+0x2c4/0x3d0
[  338.993260][T19204]  blkdev_read_iter+0xb3/0xc0
[  338.997916][T19204]  aio_read+0x1be/0x280
[  339.002071][T19204]  ? __rcu_read_unlock+0x51/0x250
[  339.007150][T19204]  io_submit_one+0x62d/0x1230
[  339.011802][T19204]  ? asm_exc_page_fault+0x1e/0x30
[  339.016806][T19204]  __se_sys_io_submit+0xf5/0x270
[  339.021748][T19204]  ? ksys_write+0x157/0x180
[  339.026272][T19204]  ? fpregs_assert_state_consistent+0x7d/0x90
[  339.032365][T19204]  __x64_sys_io_submit+0x3f/0x50
[  339.037328][T19204]  do_syscall_64+0x39/0x80
[  339.041722][T19204]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  339.047660][T19204] RIP: 0033:0x45e149
[  339.051551][T19204] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  339.071174][T19204] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  339.079583][T19204] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  339.087546][T19204] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  339.095495][T19204] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  339.103462][T19204] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005b
[  339.111416][T19204] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:03 executing program 1:
prlimit64(0xffffffffffffffff, 0x2, &(0x7f0000000040)={0x200000800011, 0x1000}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000180)={'mangle\x00', 0x3, [{}, {}, {}]}, 0x58)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0)
io_submit(0x0, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:03 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, 0x0, r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:03 executing program 4 (fault-call:2 fault-nth:92):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:03 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x402, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:03 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2000000}])

16:57:03 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
ioperm(0x3, 0x3c, 0x9)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:03 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x700}])

[  339.325915][T19227] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  339.333494][T19221] FAULT_INJECTION: forcing a failure.
[  339.333494][T19221] name failslab, interval 1, probability 0, space 0, times 0
[  339.379830][T19231] loop5: detected capacity change from 264192 to 0
[  339.381878][T19221] CPU: 0 PID: 19221 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  339.388884][T19227] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  339.394742][T19221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  339.394755][T19221] Call Trace:
[  339.394762][T19221]  dump_stack+0x116/0x15d
[  339.394787][T19221]  should_fail+0x231/0x240
[  339.424947][T19221]  ? mempool_alloc_slab+0x16/0x20
[  339.429980][T19221]  __should_failslab+0x81/0x90
[  339.434743][T19221]  should_failslab+0x5/0x20
[  339.439271][T19221]  kmem_cache_alloc+0x36/0x2e0
[  339.444108][T19221]  ? mempool_alloc_slab+0x16/0x20
[  339.449125][T19221]  mempool_alloc_slab+0x16/0x20
[  339.453969][T19221]  ? mempool_free+0x130/0x130
[  339.458640][T19221]  mempool_alloc+0x64/0x320
[  339.463137][T19221]  ? submit_bio_checks+0x823/0xb20
[  339.468268][T19221]  ? find_next_zero_bit+0xca/0xf0
[  339.473286][T19221]  bio_alloc_bioset+0x138/0x3a0
[  339.478247][T19221]  bio_clone_fast+0x23/0x110
[  339.482983][T19221]  bio_split+0x80/0x180
[  339.487734][T19221]  __blk_queue_split+0xabb/0xc80
[  339.492728][T19221]  blk_mq_submit_bio+0xce/0x1000
[  339.498045][T19221]  submit_bio_noacct+0x75d/0x910
[  339.503030][T19221]  ? irqentry_exit+0x2a/0x40
[  339.507668][T19221]  ? sysvec_apic_timer_interrupt+0x80/0x90
[  339.514056][T19221]  ? prandom_u32_state+0x9/0x80
[  339.519080][T19221]  submit_bio+0x1f3/0x350
[  339.523637][T19221]  ? iov_iter_npages+0x160/0x5e0
[  339.529645][T19221]  blkdev_direct_IO+0x4fa/0xf60
[  339.534676][T19221]  ? aio_prep_rw+0x3b0/0x3b0
[  339.539266][T19221]  ? current_time+0xdb/0x190
[  339.544514][T19221]  ? atime_needs_update+0x290/0x370
[  339.550428][T19221]  ? touch_atime+0x10e/0x2d0
[  339.555932][T19221]  generic_file_read_iter+0x2c4/0x3d0
[  339.562716][T19221]  blkdev_read_iter+0xb3/0xc0
[  339.568467][T19221]  aio_read+0x1be/0x280
[  339.572797][T19221]  ? __rcu_read_unlock+0x51/0x250
[  339.578180][T19221]  io_submit_one+0x62d/0x1230
[  339.582856][T19221]  ? asm_exc_page_fault+0x1e/0x30
[  339.588371][T19221]  __se_sys_io_submit+0xf5/0x270
[  339.595561][T19221]  ? ksys_write+0x157/0x180
[  339.600936][T19221]  ? fpregs_assert_state_consistent+0x7d/0x90
[  339.607918][T19221]  __x64_sys_io_submit+0x3f/0x50
[  339.613591][T19221]  do_syscall_64+0x39/0x80
[  339.618042][T19221]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  339.624673][T19221] RIP: 0033:0x45e149
[  339.628561][T19221] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  339.648280][T19221] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  339.657034][T19221] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  339.665385][T19221] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
16:57:04 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x2040000}])

[  339.673771][T19221] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  339.681737][T19221] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005c
[  339.689710][T19221] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:04 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xd00}])

16:57:04 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x6, 0x711709dd}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:04 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, 0x0, r2, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:04 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x406, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:04 executing program 4 (fault-call:2 fault-nth:93):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  339.881891][T19250] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  339.898862][T19250] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  339.924561][T19256] loop5: detected capacity change from 264192 to 0
[  339.926050][T19255] FAULT_INJECTION: forcing a failure.
[  339.926050][T19255] name failslab, interval 1, probability 0, space 0, times 0
[  339.945412][T19255] CPU: 0 PID: 19255 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  339.953826][T19255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  339.963882][T19255] Call Trace:
[  339.967168][T19255]  dump_stack+0x116/0x15d
[  339.971499][T19255]  should_fail+0x231/0x240
[  339.975922][T19255]  ? mempool_alloc_slab+0x16/0x20
[  339.980941][T19255]  __should_failslab+0x81/0x90
[  339.985702][T19255]  should_failslab+0x5/0x20
[  339.990201][T19255]  kmem_cache_alloc+0x36/0x2e0
[  339.994958][T19255]  ? mempool_alloc_slab+0x16/0x20
[  340.000029][T19255]  mempool_alloc_slab+0x16/0x20
[  340.004877][T19255]  ? mempool_free+0x130/0x130
[  340.010438][T19255]  mempool_alloc+0x64/0x320
[  340.015028][T19255]  ? submit_bio_checks+0x823/0xb20
[  340.020347][T19255]  ? find_next_zero_bit+0xca/0xf0
[  340.025435][T19255]  bio_alloc_bioset+0x138/0x3a0
[  340.031450][T19255]  bio_clone_fast+0x23/0x110
[  340.037456][T19255]  bio_split+0x80/0x180
[  340.041619][T19255]  __blk_queue_split+0xabb/0xc80
[  340.047333][T19255]  blk_mq_submit_bio+0xce/0x1000
[  340.053246][T19255]  submit_bio_noacct+0x75d/0x910
[  340.060423][T19255]  ? prandom_u32_state+0x9/0x80
[  340.066079][T19255]  submit_bio+0x1f3/0x350
[  340.072366][T19255]  ? iov_iter_npages+0x160/0x5e0
[  340.078381][T19255]  blkdev_direct_IO+0x4fa/0xf60
[  340.084537][T19255]  ? aio_prep_rw+0x3b0/0x3b0
[  340.089195][T19255]  ? current_time+0xdb/0x190
[  340.094515][T19255]  ? atime_needs_update+0x290/0x370
[  340.100453][T19255]  ? touch_atime+0x10e/0x2d0
[  340.105044][T19255]  generic_file_read_iter+0x2c4/0x3d0
[  340.110442][T19255]  blkdev_read_iter+0xb3/0xc0
[  340.115103][T19255]  aio_read+0x1be/0x280
[  340.119233][T19255]  ? __rcu_read_unlock+0x51/0x250
[  340.124253][T19255]  io_submit_one+0x62d/0x1230
[  340.129009][T19255]  ? asm_exc_page_fault+0x1e/0x30
[  340.134013][T19255]  __se_sys_io_submit+0xf5/0x270
[  340.139007][T19255]  ? ksys_write+0x157/0x180
[  340.143522][T19255]  ? fpregs_assert_state_consistent+0x7d/0x90
[  340.149567][T19255]  __x64_sys_io_submit+0x3f/0x50
[  340.154490][T19255]  do_syscall_64+0x39/0x80
[  340.158902][T19255]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  340.164774][T19255] RIP: 0033:0x45e149
[  340.168718][T19255] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  340.188303][T19255] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  340.196700][T19255] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  340.204830][T19255] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  340.212781][T19255] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
16:57:04 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x3000000}])

16:57:04 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000040), &(0x7f0000000100)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r2=>0x0)
io_submit(r2, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r1, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:04 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xf00}])

16:57:04 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

[  340.220733][T19255] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005d
[  340.228721][T19255] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:05 executing program 4 (fault-call:2 fault-nth:94):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  340.306988][T19256] loop5: detected capacity change from 264192 to 0
[  340.364796][T19274] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  340.375580][T19274] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
16:57:05 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2000}])

16:57:05 executing program 5:
syz_mount_image$msdos(0x0, &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="04000509000000", 0x7}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x500, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

16:57:05 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:05 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, &(0x7f0000000040)=0x8)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  340.454331][T19280] FAULT_INJECTION: forcing a failure.
[  340.454331][T19280] name failslab, interval 1, probability 0, space 0, times 0
[  340.467572][T19280] CPU: 1 PID: 19280 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0
[  340.475987][T19280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  340.486036][T19280] Call Trace:
[  340.489303][T19280]  dump_stack+0x116/0x15d
[  340.493626][T19280]  should_fail+0x231/0x240
[  340.498037][T19280]  ? mempool_alloc_slab+0x16/0x20
[  340.503127][T19280]  __should_failslab+0x81/0x90
[  340.507955][T19280]  should_failslab+0x5/0x20
[  340.512494][T19280]  kmem_cache_alloc+0x36/0x2e0
[  340.517253][T19280]  ? mempool_alloc_slab+0x16/0x20
[  340.522290][T19280]  mempool_alloc_slab+0x16/0x20
[  340.527131][T19280]  ? mempool_free+0x130/0x130
[  340.531870][T19280]  mempool_alloc+0x64/0x320
[  340.536440][T19280]  ? submit_bio_checks+0x823/0xb20
[  340.541550][T19280]  ? find_next_zero_bit+0xca/0xf0
[  340.546568][T19280]  bio_alloc_bioset+0x138/0x3a0
[  340.551416][T19280]  bio_clone_fast+0x23/0x110
[  340.556005][T19280]  bio_split+0x80/0x180
[  340.560155][T19280]  __blk_queue_split+0xabb/0xc80
[  340.565132][T19280]  blk_mq_submit_bio+0xce/0x1000
[  340.570142][T19280]  submit_bio_noacct+0x75d/0x910
[  340.575092][T19280]  ? mempool_alloc+0x71/0x320
[  340.579774][T19280]  ? prandom_u32_state+0x9/0x80
[  340.584682][T19280]  submit_bio+0x1f3/0x350
[  340.589081][T19280]  ? iov_iter_npages+0x160/0x5e0
[  340.594028][T19280]  blkdev_direct_IO+0x4fa/0xf60
[  340.598913][T19280]  ? aio_prep_rw+0x3b0/0x3b0
[  340.603583][T19280]  ? current_time+0xdb/0x190
[  340.608182][T19280]  ? atime_needs_update+0x290/0x370
[  340.613437][T19280]  ? touch_atime+0x10e/0x2d0
[  340.618013][T19280]  generic_file_read_iter+0x2c4/0x3d0
[  340.623437][T19280]  blkdev_read_iter+0xb3/0xc0
[  340.628110][T19280]  aio_read+0x1be/0x280
[  340.632272][T19280]  ? __rcu_read_unlock+0x51/0x250
[  340.637323][T19280]  io_submit_one+0x62d/0x1230
[  340.641993][T19280]  ? asm_exc_page_fault+0x1e/0x30
[  340.647013][T19280]  __se_sys_io_submit+0xf5/0x270
[  340.651973][T19280]  ? ksys_write+0x157/0x180
[  340.656487][T19280]  ? fpregs_assert_state_consistent+0x7d/0x90
[  340.662547][T19280]  __x64_sys_io_submit+0x3f/0x50
[  340.667488][T19280]  do_syscall_64+0x39/0x80
[  340.671914][T19280]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  340.677820][T19280] RIP: 0033:0x45e149
[  340.681708][T19280] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
16:57:05 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x4000000}])

[  340.701322][T19280] RSP: 002b:00007fa007b18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  340.709867][T19280] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e149
[  340.717828][T19280] RDX: 00000000200000c0 RSI: 0000000000000002 RDI: 00007fa007af8000
[  340.725795][T19280] RBP: 00007fa007b18ca0 R08: 0000000000000000 R09: 0000000000000000
[  340.733788][T19280] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005e
[  340.741786][T19280] R13: 00007fff8f93861f R14: 00007fa007b199c0 R15: 000000000119bf8c
16:57:05 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x2401}])

[  340.823346][T19296] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  340.845189][T19296] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  340.877183][T19298] loop5: detected capacity change from 264192 to 0
16:57:05 executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])
r2 = socket$netlink(0x10, 0x3, 0xc)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000fb6000)="1f00000002031900000007000000e3800802bb0509000100010100493ffe58", 0x1f}], 0x1)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380)='devlink\x00')
init_module(&(0x7f0000000240)='/dev/nullb0\x00', 0xc, &(0x7f00000002c0)='][\x00')
sendmsg$DEVLINK_CMD_SB_GET(r2, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r3, 0x0, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x100}}]}, 0x3c}}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x50, r3, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4c004}, 0x4004000)

16:57:05 executing program 4 (fault-call:2 fault-nth:95):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000}])

[  341.011202][T19298] loop5: detected capacity change from 264192 to 0
[  341.040716][    C0] ==================================================================
[  341.048805][    C0] BUG: KCSAN: data-race in blk_mq_free_request / blk_mq_free_request
[  341.056868][    C0] 
16:57:05 executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0x0, 0x5000000}])

16:57:05 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00')
socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
signalfd4(r2, &(0x7f0000000140)={[0x40]}, 0x8, 0x80000)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x6fc0}}}]}}]}, 0x58}}, 0x0)
r7 = geteuid()
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB="a40300002100000829bd7000fbdbdf25ac141412000000000000000400000000ac14140b0000000000000000000000004e2400004e2100200200a0202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b86b6e00000000000c001c00", @ANYRES32=0x0, @ANYBLOB="000000002c001300fc010000000000000000000000000001e0000002000000000000000000000000000000000200000008000c00ff000000e400060000000000000000000000ffff0a010101fe8000000000000000000000000000bb4e2100094e2000010a0000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb000004d43c000000ac1414aa000000000000000000000000c40000000000000008000000000000006c0000000000000000000800000000000900000000000000ffff00000000000007000000000000000100000000000000ff0f0000000000005f6c00000000000001000000000000000000000000000070000000009f0000000000010025bd7000013500000a00003f0000000000000000c400050064010100000000000000000000000000000004d53c0000000a000000ffffffff000000000000000000000000000000000100fd00050000000800000009000000fe8000000000000000000000000000bb000004d43c0000000a000000ac1e0101000000000000000000000000000000000200ff00fdffffff090000000000000064010100000000000000000000000000000004d43c00000002000000ac1e0101000000000000000000000000000000000201030007000000050000000200000075000100736861332d32323400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006801000042f93f2f2067bf8cb19477a2b49ad7aebbd67847e4c13e97a448211dd82ffcd5a26181bdf201016169c17be24a00000008001f00", @ANYRES32=0x0, @ANYBLOB="e400000000200000000000000000e00000010000000000000000000000004e2100004e2400040a00208062000000304eaa8b6e30e348", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="20010000000000000000000000000002000004d23c00000000000000000000000000000000000000f7ffffffffffffffffff000000000000060000000000000009000000000000000100000000000000010000800000000000000000000000000400000000000000070000000000000002000000000000000500000000000000ff01000000000000200000003e0900004000000025bd70000735000002000305080000000000000008000c0003000000"], 0x3a4}}, 0x4000000)
symlinkat(&(0x7f00000002c0)='./file0\x00', r3, &(0x7f0000000180)='./file0/file0\x00')
renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x4)
r8 = socket$netlink(0x10, 0x3, 0x8)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000018c0)={'team0\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb, 0x1, 'macsec\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x14]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x48}}, 0x0)

16:57:05 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x2008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000, 0x1c49000, 0xefff}])

[  341.059176][    C0] read-write to 0xffffe8ffffc35408 of 8 bytes by interrupt on cpu 1:
[  341.067229][    C0]  blk_mq_free_request+0x172/0x330
[  341.072344][    C0]  __blk_mq_end_request+0x214/0x230
[  341.077539][    C0]  blk_mq_end_request+0x37/0x50
[  341.082379][    C0]  end_cmd+0x80/0x140
[  341.086370][    C0]  null_complete_rq+0x18/0x20
[  341.091043][    C0]  blk_done_softirq+0x145/0x190
[  341.095889][    C0]  __do_softirq+0x13c/0x2c3
[  341.100369][    C0]  run_ksoftirqd+0x13/0x20
[  341.104763][    C0]  smpboot_thread_fn+0x34f/0x520
[  341.109678][    C0]  kthread+0x1fd/0x220
[  341.113720][    C0]  ret_from_fork+0x1f/0x30
[  341.118111][    C0] 
[  341.120410][    C0] read-write to 0xffffe8ffffc35408 of 8 bytes by interrupt on cpu 0:
[  341.128463][    C0]  blk_mq_free_request+0x172/0x330
[  341.133549][    C0]  __blk_mq_end_request+0x214/0x230
[  341.138720][    C0]  blk_mq_end_request+0x37/0x50
[  341.143547][    C0]  end_cmd+0x80/0x140
[  341.147505][    C0]  null_complete_rq+0x18/0x20
[  341.152161][    C0]  blk_done_softirq+0x145/0x190
[  341.156989][    C0]  __do_softirq+0x13c/0x2c3
[  341.161469][    C0]  run_ksoftirqd+0x13/0x20
[  341.165864][    C0]  smpboot_thread_fn+0x34f/0x520
[  341.170779][    C0]  kthread+0x1fd/0x220
[  341.174829][    C0]  ret_from_fork+0x1f/0x30
[  341.179218][    C0] 
[  341.181522][    C0] Reported by Kernel Concurrency Sanitizer on:
[  341.187659][    C0] CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.10.0-syzkaller #0
[  341.195521][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  341.205551][    C0] ==================================================================
[  341.213581][    C0] Kernel panic - not syncing: panic_on_warn set ...
[  341.220136][    C0] CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.10.0-syzkaller #0
[  341.228110][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  341.238140][    C0] Call Trace:
[  341.241397][    C0]  dump_stack+0x116/0x15d
[  341.245723][    C0]  panic+0x1e7/0x5fa
[  341.249592][    C0]  ? vprintk_emit+0x2e2/0x360
[  341.254249][    C0]  kcsan_report+0x67b/0x680
[  341.258732][    C0]  ? kcsan_setup_watchpoint+0x47b/0x4e0
[  341.264254][    C0]  ? blk_mq_free_request+0x172/0x330
[  341.269514][    C0]  ? __blk_mq_end_request+0x214/0x230
[  341.274859][    C0]  ? blk_mq_end_request+0x37/0x50
[  341.279858][    C0]  ? end_cmd+0x80/0x140
[  341.284001][    C0]  ? null_complete_rq+0x18/0x20
[  341.288825][    C0]  ? blk_done_softirq+0x145/0x190
[  341.293819][    C0]  ? __do_softirq+0x13c/0x2c3
[  341.298476][    C0]  ? run_ksoftirqd+0x13/0x20
[  341.303044][    C0]  ? smpboot_thread_fn+0x34f/0x520
[  341.308131][    C0]  ? kthread+0x1fd/0x220
[  341.312358][    C0]  ? ret_from_fork+0x1f/0x30
[  341.316926][    C0]  kcsan_setup_watchpoint+0x47b/0x4e0
[  341.322273][    C0]  ? dd_finish_request+0x9d/0x100
[  341.327272][    C0]  blk_mq_free_request+0x172/0x330
[  341.332357][    C0]  __blk_mq_end_request+0x214/0x230
[  341.337529][    C0]  blk_mq_end_request+0x37/0x50
[  341.342354][    C0]  end_cmd+0x80/0x140
[  341.346317][    C0]  null_complete_rq+0x18/0x20
[  341.350974][    C0]  blk_done_softirq+0x145/0x190
[  341.355819][    C0]  __do_softirq+0x13c/0x2c3
[  341.360317][    C0]  ? ksoftirqd_should_run+0x10/0x10
[  341.365491][    C0]  run_ksoftirqd+0x13/0x20
[  341.369883][    C0]  smpboot_thread_fn+0x34f/0x520
[  341.374826][    C0]  ? cpu_report_death+0x80/0x80
[  341.379651][    C0]  kthread+0x1fd/0x220
[  341.383695][    C0]  ? cpu_report_death+0x80/0x80
[  341.388521][    C0]  ? kthread_blkcg+0x80/0x80
[  341.393105][    C0]  ret_from_fork+0x1f/0x30
[  341.398117][    C0] Kernel Offset: disabled
[  341.402427][    C0] Rebooting in 86400 seconds..