k\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:26 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500090001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[]) 12:56:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, 0x0, 0x0, 0x0) 12:56:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(0xffffffffffffffff, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, 0x0, 0x0, 0x0) [ 720.386517][ T3422] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 720.397766][ T3422] loop4: partition table partially beyond EOD, truncated [ 720.404840][ T3430] FAT-fs (loop5): bogus number of reserved sectors [ 720.415292][ T3430] FAT-fs (loop5): Can't find a valid FAT filesystem [ 720.426510][ T3422] loop4: p1 start 1 is beyond EOD, truncated 12:56:26 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x0, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 720.439473][ T3422] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 720.498544][ T3422] loop4: p3 size 2 extends beyond EOD, truncated [ 720.526632][ T3422] loop4: p4 size 32768 extends beyond EOD, truncated 12:56:26 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000a0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(0xffffffffffffffff, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[]) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, 0x0, 0x0, 0x0) 12:56:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 720.546013][ T3422] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 720.558900][ T3422] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(0xffffffffffffffff, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x0) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:26 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[]) 12:56:26 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:26 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x0, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 720.647094][ T3464] FAT-fs (loop5): bogus number of reserved sectors [ 720.655824][ T3464] FAT-fs (loop5): Can't find a valid FAT filesystem [ 720.765265][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 720.771989][ T154] loop4: partition table partially beyond EOD, truncated [ 720.786306][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 720.792745][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 720.795213][ T3492] FAT-fs (loop5): bogus number of reserved sectors [ 720.803590][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 720.813774][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 720.822321][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 720.825367][ T3492] FAT-fs (loop5): Can't find a valid FAT filesystem [ 720.830709][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 720.848413][ T3474] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 720.857103][ T3474] loop4: partition table partially beyond EOD, truncated [ 720.874834][ T3474] loop4: p1 start 1 is beyond EOD, truncated [ 720.890087][ T3474] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 720.898911][ T3474] loop4: p3 size 2 extends beyond EOD, truncated [ 720.907215][ T3474] loop4: p4 size 32768 extends beyond EOD, truncated [ 720.914601][ T3474] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 720.923130][ T3474] loop4: p6 size 32768 extends beyond EOD, truncated [ 721.085878][ T3474] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 721.097713][ T3474] loop4: partition table partially beyond EOD, truncated [ 721.112590][ T3474] loop4: p1 start 1 is beyond EOD, truncated [ 721.125168][ T3474] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 721.143234][ T3474] loop4: p3 size 2 extends beyond EOD, truncated [ 721.173623][ T3474] loop4: p4 size 32768 extends beyond EOD, truncated [ 721.197336][ T3474] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 722.064485][ T19] kdevtmpfs invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 722.087022][ T19] CPU: 1 PID: 19 Comm: kdevtmpfs Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 722.096488][ T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.106526][ T19] Call Trace: [ 722.109907][ T19] dump_stack+0x14a/0x1ce [ 722.114204][ T19] ? devkmsg_release+0x11c/0x11c [ 722.119121][ T19] ? show_regs_print_info+0x12/0x12 [ 722.124284][ T19] ? radix_tree_cpu_dead+0x160/0x160 [ 722.129542][ T19] ? _raw_spin_lock+0xa1/0x170 [ 722.134272][ T19] ? _raw_spin_trylock_bh+0x190/0x190 [ 722.139620][ T19] dump_header+0xdb/0x700 [ 722.143919][ T19] oom_kill_process+0xd3/0x280 [ 722.148656][ T19] out_of_memory+0x5b6/0x890 [ 722.153391][ T19] ? unregister_oom_notifier+0x20/0x20 [ 722.159164][ T19] __alloc_pages_slowpath+0x16c2/0x1e50 [ 722.164697][ T19] ? get_page_from_freelist+0x7c0/0x7c0 [ 722.170240][ T19] ? __zone_watermark_ok+0x91/0x280 [ 722.175409][ T19] __alloc_pages_nodemask+0x5cb/0x7c0 [ 722.180748][ T19] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 722.186267][ T19] ? __perf_event_task_sched_in+0x4f7/0x560 [ 722.192135][ T19] ? perf_pmu_sched_task+0x370/0x370 [ 722.197407][ T19] ? switch_mm_irqs_off+0x30a/0x9a0 [ 722.202577][ T19] alloc_slab_page+0x3a/0x3a0 [ 722.207225][ T19] new_slab+0x408/0x450 [ 722.211462][ T19] ? getname_kernel+0x55/0x2f0 [ 722.216298][ T19] ___slab_alloc+0x2e0/0x450 [ 722.221042][ T19] ? getname_kernel+0x55/0x2f0 [ 722.225792][ T19] ? getname_kernel+0x55/0x2f0 [ 722.230556][ T19] kmem_cache_alloc+0x23f/0x260 [ 722.235391][ T19] ? _raw_spin_lock+0xa1/0x170 [ 722.240123][ T19] getname_kernel+0x55/0x2f0 [ 722.244681][ T19] kern_path_create+0x1e/0x40 [ 722.249432][ T19] devtmpfsd+0x482/0x13f0 [ 722.253728][ T19] ? devtmpfs_mount+0xa0/0xa0 [ 722.258370][ T19] ? newidle_balance+0x7a3/0x9a0 [ 722.263345][ T19] ? __rcu_read_lock+0x50/0x50 [ 722.268075][ T19] ? find_next_bit+0xf7/0x120 [ 722.272850][ T19] ? _raw_spin_unlock_irq+0x5/0x20 [ 722.277933][ T19] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 722.283361][ T19] ? _raw_spin_lock+0x170/0x170 [ 722.288183][ T19] ? __wake_up_locked+0xc2/0x120 [ 722.293098][ T19] ? __kthread_parkme+0xb1/0x180 [ 722.298006][ T19] kthread+0x2df/0x300 [ 722.302045][ T19] ? devtmpfs_mount+0xa0/0xa0 [ 722.306698][ T19] ? kthread_destroy_worker+0x280/0x280 [ 722.312419][ T19] ret_from_fork+0x1f/0x30 [ 722.320117][ T19] Mem-Info: [ 722.323307][ T19] active_anon:1400669 inactive_anon:8838 isolated_anon:0 [ 722.323307][ T19] active_file:0 inactive_file:32 isolated_file:0 [ 722.323307][ T19] unevictable:0 dirty:0 writeback:0 unstable:0 [ 722.323307][ T19] slab_reclaimable:6619 slab_unreclaimable:93209 [ 722.323307][ T19] mapped:57740 shmem:8903 pagetables:39494 bounce:0 [ 722.323307][ T19] free:10399 free_pcp:21 free_cma:0 [ 722.361540][ T19] Node 0 active_anon:5602876kB inactive_anon:35352kB active_file:0kB inactive_file:228kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:230960kB dirty:0kB writeback:0kB shmem:35612kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 722.385780][ T19] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 722.412319][ T19] lowmem_reserve[]: 0 2912 6416 6416 [ 722.417647][ T19] DMA32 free:18172kB min:4644kB low:7624kB high:10604kB active_anon:2727572kB inactive_anon:12732kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:21952kB pagetables:53812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 722.448678][ T19] lowmem_reserve[]: 0 0 3504 3504 [ 722.453769][ T19] Normal free:7552kB min:24744kB low:28332kB high:31920kB active_anon:2875388kB inactive_anon:22620kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24192kB pagetables:104164kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 722.483343][ T19] lowmem_reserve[]: 0 0 0 0 [ 722.487864][ T19] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 722.501176][ T19] DMA32: 250*4kB (UME) 231*8kB (UME) 396*16kB (UME) 5*32kB (UME) 80*64kB (UM) 23*128kB (UM) 2*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 18432kB [ 722.516687][ T19] Normal: 140*4kB (UMEH) 111*8kB (UMEH) 43*16kB (UEH) 142*32kB (UMEH) 8*64kB (UEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7320kB [ 722.531942][ T19] 8992 total pagecache pages [ 722.536681][ T19] 0 pages in swap cache [ 722.540915][ T19] Swap cache stats: add 0, delete 0, find 0/0 [ 722.546985][ T19] Free swap = 0kB [ 722.550688][ T19] Total swap = 0kB [ 722.554649][ T19] 1965979 pages RAM [ 722.558460][ T19] 0 pages HighMem/MovableOnly [ 722.563114][ T19] 318829 pages reserved [ 722.567365][ T19] 0 pages cma reserved [ 722.571423][ T19] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=17504,uid=0 [ 722.585556][ T19] Out of memory: Killed process 17504 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 722.606598][ T3474] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:29 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000b0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:29 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x0, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB]) 12:56:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x0) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x0) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:29 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 723.411393][ T3505] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 723.417795][ T3515] FAT-fs (loop5): bogus number of reserved sectors [ 723.425752][ T3515] FAT-fs (loop5): Can't find a valid FAT filesystem [ 723.428891][ T3505] loop4: partition table partially beyond EOD, truncated 12:56:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB]) [ 723.457754][ T3505] loop4: p1 start 1 is beyond EOD, truncated [ 723.470726][ T3505] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 723.479439][ T3505] loop4: p3 size 2 extends beyond EOD, truncated [ 723.489146][ T3505] loop4: p4 size 32768 extends beyond EOD, truncated 12:56:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 723.519689][ T3505] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 723.537663][ T3505] loop4: p6 size 32768 extends beyond EOD, truncated [ 723.545569][ T3535] FAT-fs (loop5): bogus number of reserved sectors [ 723.556525][ T3535] FAT-fs (loop5): Can't find a valid FAT filesystem 12:56:29 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB]) [ 723.732141][ T3505] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 723.735933][ T3553] FAT-fs (loop5): bogus number of reserved sectors [ 723.740523][ T3505] loop4: partition table partially beyond EOD, truncated [ 723.754641][ T3553] FAT-fs (loop5): Can't find a valid FAT filesystem [ 723.792803][ T3505] loop4: p1 start 1 is beyond EOD, truncated [ 723.811236][ T3505] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 723.820366][ T3505] loop4: p3 size 2 extends beyond EOD, truncated [ 723.827440][ T3505] loop4: p4 size 32768 extends beyond EOD, truncated [ 723.851725][ T3505] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 723.867826][ T3505] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:29 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000c0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 724.068456][ T3571] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 724.073892][ T3571] loop4: partition table partially beyond EOD, truncated [ 724.095741][ T3571] loop4: p1 start 1 is beyond EOD, truncated [ 724.102761][ T3571] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 724.126229][ T3571] loop4: p3 size 2 extends beyond EOD, truncated [ 724.136282][ T3571] loop4: p4 size 32768 extends beyond EOD, truncated [ 724.155938][ T3571] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 724.168321][ T3571] loop4: p6 size 32768 extends beyond EOD, truncated [ 724.182888][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 724.189415][ T154] loop4: partition table partially beyond EOD, truncated [ 724.201542][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 724.208322][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 724.219448][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 724.226604][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 724.233904][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 724.241616][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 724.329035][ T3571] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 724.334262][ T3571] loop4: partition table partially beyond EOD, truncated [ 724.349191][ T3571] loop4: p1 start 1 is beyond EOD, truncated [ 724.361777][ T3571] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 724.377527][ T3571] loop4: p3 size 2 extends beyond EOD, truncated [ 724.392175][ T3571] loop4: p4 size 32768 extends beyond EOD, truncated [ 724.407214][ T3571] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 724.423214][ T3571] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x0) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=m']) 12:56:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:32 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:32 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:32 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000d0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x0) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 726.824650][ T3599] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 726.830018][ T3599] loop4: partition table partially beyond EOD, truncated [ 726.833640][ T3608] FAT-fs (loop5): Unrecognized mount option "shortname=m" or missing value 12:56:32 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=m']) [ 726.881327][ T3599] loop4: p1 start 1 is beyond EOD, truncated [ 726.898214][ T3599] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x0) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:32 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 726.924422][ T3599] loop4: p3 size 2 extends beyond EOD, truncated [ 726.953045][ T3599] loop4: p4 size 32768 extends beyond EOD, truncated [ 726.983302][ T3617] FAT-fs (loop5): Unrecognized mount option "shortname=m" or missing value [ 726.987419][ T3599] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 727.028743][ T3599] loop4: p6 size 32768 extends beyond EOD, truncated [ 727.186258][ T3599] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 727.197640][ T3599] loop4: partition table partially beyond EOD, truncated [ 727.229556][ T3599] loop4: p1 start 1 is beyond EOD, truncated [ 727.257178][ T3599] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 727.286303][ T3599] loop4: p3 size 2 extends beyond EOD, truncated [ 727.447293][ T3599] loop4: p4 size 32768 extends beyond EOD, truncated [ 727.465557][ T3599] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 727.475716][ T3599] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:35 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=m']) 12:56:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(0xffffffffffffffff, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:35 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000e0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(0xffffffffffffffff, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:35 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,u']) [ 729.809537][ T3645] FAT-fs (loop5): Unrecognized mount option "shortname=m" or missing value [ 729.825768][ T3641] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 729.840308][ T3641] loop4: partition table partially beyond EOD, truncated 12:56:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(0xffffffffffffffff, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) [ 729.869231][ T3641] loop4: p1 start 1 is beyond EOD, truncated [ 729.901869][ T3641] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:35 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 729.924073][ T3665] FAT-fs (loop5): Unrecognized mount option "u" or missing value [ 729.933397][ T3641] loop4: p3 size 2 extends beyond EOD, truncated 12:56:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,u']) 12:56:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 729.965744][ T3641] loop4: p4 size 32768 extends beyond EOD, truncated [ 730.002474][ T3641] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:56:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) [ 730.047749][ T3641] loop4: p6 size 32768 extends beyond EOD, truncated [ 730.092759][ T3673] FAT-fs (loop5): Unrecognized mount option "u" or missing value 12:56:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,u']) 12:56:36 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500100001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:36 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 730.266143][ T3688] FAT-fs (loop5): Unrecognized mount option "u" or missing value 12:56:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,utf8']) 12:56:36 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 730.326171][ T3689] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 730.333235][ T3689] loop4: partition table partially beyond EOD, truncated [ 730.350303][ T3689] loop4: p1 start 1 is beyond EOD, truncated 12:56:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) [ 730.373046][ T3689] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000), 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:36 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 730.399636][ T3689] loop4: p3 size 2 extends beyond EOD, truncated [ 730.414610][ T3710] FAT-fs (loop5): bogus number of reserved sectors [ 730.421550][ T3710] FAT-fs (loop5): Can't find a valid FAT filesystem [ 730.424319][ T3689] loop4: p4 size 32768 extends beyond EOD, truncated [ 730.439571][ T3689] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:56:36 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,ut']) [ 730.453473][ T3689] loop4: p6 size 32768 extends beyond EOD, truncated [ 730.484201][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 730.489738][ T154] loop4: partition table partially beyond EOD, truncated [ 730.501984][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 730.521685][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 730.528172][ T3730] FAT-fs (loop5): Unrecognized mount option "ut" or missing value [ 730.545073][ T154] loop4: p3 size 2 extends beyond EOD, truncated 12:56:36 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500110001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:36 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000), 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) [ 730.564151][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 730.576712][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 730.584399][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 731.345681][ T3736] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 731.351339][ T3736] loop4: partition table partially beyond EOD, truncated [ 731.381753][ T3736] loop4: p1 start 1 is beyond EOD, truncated [ 731.393136][ T3736] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 731.694522][ T3736] loop4: p3 size 2 extends beyond EOD, truncated [ 731.702081][ T3736] loop4: p4 size 32768 extends beyond EOD, truncated [ 731.709903][ T3736] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 731.718027][ T3736] loop4: p6 size 32768 extends beyond EOD, truncated [ 731.917456][ T3746] FAT-fs (loop5): Unrecognized mount option "ut" or missing value [ 731.956043][ T359] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 732.017912][ T359] CPU: 1 PID: 359 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 732.027902][ T359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.037954][ T359] Call Trace: [ 732.041241][ T359] dump_stack+0x14a/0x1ce [ 732.045565][ T359] ? devkmsg_release+0x11c/0x11c [ 732.050616][ T359] ? show_regs_print_info+0x12/0x12 [ 732.055793][ T359] ? radix_tree_cpu_dead+0x160/0x160 [ 732.061083][ T359] ? _raw_spin_lock+0xa1/0x170 [ 732.065983][ T359] ? _raw_spin_trylock_bh+0x190/0x190 [ 732.071547][ T359] dump_header+0xdb/0x700 [ 732.076130][ T359] oom_kill_process+0xd3/0x280 [ 732.082073][ T359] out_of_memory+0x5b6/0x890 [ 732.086775][ T359] ? unregister_oom_notifier+0x20/0x20 [ 732.092215][ T359] __alloc_pages_slowpath+0x16c2/0x1e50 [ 732.097739][ T359] ? get_page_from_freelist+0x7c0/0x7c0 [ 732.103344][ T359] ? __zone_watermark_ok+0x91/0x280 [ 732.108519][ T359] __alloc_pages_nodemask+0x5cb/0x7c0 [ 732.113883][ T359] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 732.119411][ T359] ? copy_process+0x5a4/0x5110 [ 732.124146][ T359] ? kmem_cache_alloc+0x1d5/0x260 [ 732.129329][ T359] copy_process+0x5f3/0x5110 [ 732.134001][ T359] ? _raw_spin_unlock+0x5/0x20 [ 732.138840][ T359] ? do_swap_page+0x1560/0x1560 [ 732.143661][ T359] ? fork_idle+0x290/0x290 [ 732.148055][ T359] _do_fork+0x196/0x920 [ 732.152218][ T359] ? finish_fault+0x230/0x230 [ 732.156896][ T359] ? dup_mm+0x300/0x300 [ 732.161134][ T359] ? ktime_get_raw+0x130/0x130 [ 732.166317][ T359] __x64_sys_clone+0x25e/0x2c0 [ 732.171117][ T359] ? __ia32_sys_vfork+0x110/0x110 [ 732.176179][ T359] ? __x64_sys_clock_gettime+0x20d/0x260 [ 732.181789][ T359] ? do_user_addr_fault+0x55c/0x9f0 [ 732.186960][ T359] do_syscall_64+0xcb/0x150 [ 732.191716][ T359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 732.197588][ T359] RIP: 0033:0x45b80a [ 732.201468][ T359] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 732.222176][ T359] RSP: 002b:00007ffc3e8a8050 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 732.230572][ T359] RAX: ffffffffffffffda RBX: 00007ffc3e8a8050 RCX: 000000000045b80a [ 732.238525][ T359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 732.246468][ T359] RBP: 00007ffc3e8a8090 R08: 0000000000000001 R09: 0000000001e1a940 [ 732.254409][ T359] R10: 0000000001e1ac10 R11: 0000000000000246 R12: 0000000000000001 [ 732.262348][ T359] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc3e8a80e0 [ 732.272033][ T359] Mem-Info: [ 732.285316][ T359] active_anon:1399349 inactive_anon:8948 isolated_anon:0 [ 732.285316][ T359] active_file:272 inactive_file:227 isolated_file:41 [ 732.285316][ T359] unevictable:0 dirty:39 writeback:0 unstable:0 [ 732.285316][ T359] slab_reclaimable:6669 slab_unreclaimable:91758 [ 732.285316][ T359] mapped:58511 shmem:9013 pagetables:40022 bounce:0 [ 732.285316][ T359] free:11622 free_pcp:72 free_cma:0 [ 732.323336][ T359] Node 0 active_anon:5597396kB inactive_anon:35792kB active_file:972kB inactive_file:900kB unevictable:0kB isolated(anon):0kB isolated(file):36kB mapped:233880kB dirty:160kB writeback:0kB shmem:36052kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 732.347810][ T359] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 732.373936][ T359] lowmem_reserve[]: 0 2912 6416 6416 [ 732.379462][ T359] DMA32 free:19300kB min:8740kB low:11720kB high:14700kB active_anon:2728308kB inactive_anon:12736kB active_file:124kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:22400kB pagetables:54232kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 732.409058][ T359] lowmem_reserve[]: 0 0 3504 3504 [ 732.414443][ T359] Normal free:11716kB min:24744kB low:28332kB high:31920kB active_anon:2869088kB inactive_anon:23056kB active_file:920kB inactive_file:972kB unevictable:0kB writepending:140kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24320kB pagetables:105856kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 732.444373][ T359] lowmem_reserve[]: 0 0 0 0 [ 732.449156][ T359] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 732.462668][ T359] DMA32: 145*4kB (UME) 220*8kB (UME) 443*16kB (UME) 81*32kB (UME) 69*64kB (UM) 23*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19380kB [ 732.477659][ T359] Normal: 643*4kB (UMEH) 251*8kB (UMEH) 107*16kB (UMEH) 174*32kB (UMEH) 11*64kB (UMEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12692kB [ 732.493949][ T359] 9255 total pagecache pages [ 732.498771][ T359] 0 pages in swap cache [ 732.503086][ T359] Swap cache stats: add 0, delete 0, find 0/0 [ 732.509345][ T359] Free swap = 0kB [ 732.513229][ T359] Total swap = 0kB [ 732.517109][ T359] 1965979 pages RAM [ 732.521132][ T359] 0 pages HighMem/MovableOnly [ 732.526170][ T359] 318829 pages reserved [ 732.530466][ T359] 0 pages cma reserved [ 732.537676][ T359] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=17385,uid=0 [ 732.551947][ T359] Out of memory: Killed process 17385 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 732.568939][ T3736] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 732.574886][ T3736] loop4: partition table partially beyond EOD, truncated [ 732.582881][ T23] oom_reaper: reaped process 17385 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 732.594391][ T3736] loop4: p1 start 1 is beyond EOD, truncated [ 732.600575][ T3736] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 732.609297][ T3736] loop4: p3 size 2 extends beyond EOD, truncated [ 732.616833][ T3736] loop4: p4 size 32768 extends beyond EOD, truncated [ 732.624629][ T3736] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 732.632676][ T3736] loop4: p6 size 32768 extends beyond EOD, truncated [ 732.800641][ T3761] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 732.810702][ T3761] loop4: partition table partially beyond EOD, truncated [ 732.835127][ T3761] loop4: p1 start 1 is beyond EOD, truncated [ 732.886253][ T3761] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 732.911730][ T3761] loop4: p3 size 2 extends beyond EOD, truncated [ 732.920602][ T3761] loop4: p4 size 32768 extends beyond EOD, truncated [ 732.931641][ T3761] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 732.939544][ T3761] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:37 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000), 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:56:37 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)) 12:56:37 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,ut']) 12:56:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:38 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500120001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,ut']) 12:56:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)) 12:56:39 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 733.076139][ T3761] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 733.087193][ T3761] loop4: partition table partially beyond EOD, truncated [ 733.095932][ T3782] FAT-fs (loop5): Unrecognized mount option "ut" or missing value 12:56:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,utf']) [ 733.135465][ T3761] loop4: p1 start 1 is beyond EOD, truncated [ 733.141562][ T3761] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 733.157065][ T3761] loop4: p3 size 2 extends beyond EOD, truncated [ 733.174141][ T3761] loop4: p4 size 32768 extends beyond EOD, truncated 12:56:39 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500130001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 733.182480][ T3761] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 733.198609][ T3761] loop4: p6 size 32768 extends beyond EOD, truncated [ 733.218143][ T3797] FAT-fs (loop5): Unrecognized mount option "utf" or missing value 12:56:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,utf']) 12:56:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 733.405118][ T3805] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 733.410830][ T3805] loop4: partition table partially beyond EOD, truncated [ 733.420997][ T3812] FAT-fs (loop5): Unrecognized mount option "utf" or missing value 12:56:39 executing program 5: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='shortname=mixed,utf']) [ 733.449240][ T3805] loop4: p1 start 1 is beyond EOD, truncated [ 733.464998][ T3805] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 733.485113][ T3805] loop4: p3 size 2 extends beyond EOD, truncated [ 733.492090][ T3805] loop4: p4 size 32768 extends beyond EOD, truncated 12:56:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 733.646714][ T3805] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 733.679715][ T3805] loop4: p6 size 32768 extends beyond EOD, truncated [ 733.785107][ T3825] FAT-fs (loop5): Unrecognized mount option "utf" or missing value [ 733.794049][ T3805] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 733.800731][ T3805] loop4: partition table partially beyond EOD, truncated [ 733.815078][ T3805] loop4: p1 start 1 is beyond EOD, truncated [ 733.821301][ T3805] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 733.829761][ T3805] loop4: p3 size 2 extends beyond EOD, truncated [ 733.849236][ T3805] loop4: p4 size 32768 extends beyond EOD, truncated [ 733.875129][ T3805] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:56:39 executing program 5: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201fc0009003c0800240042ef42000000010902"], 0x0) syz_usb_disconnect(r0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)) r1 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000f90000082505a8a40700000000010902240001010000000904000012070103000905010200ffe100000905820255"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_disconnect(r0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) [ 734.028589][ T3835] syz-executor.3 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 734.046782][ T3835] CPU: 0 PID: 3835 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 734.056856][ T3835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 734.066901][ T3835] Call Trace: [ 734.070218][ T3835] dump_stack+0x14a/0x1ce [ 734.074540][ T3835] ? devkmsg_release+0x11c/0x11c [ 734.079472][ T3835] ? show_regs_print_info+0x12/0x12 [ 734.084662][ T3835] ? radix_tree_cpu_dead+0x160/0x160 [ 734.089932][ T3835] ? _raw_spin_lock+0xa1/0x170 [ 734.094671][ T3835] ? _raw_spin_trylock_bh+0x190/0x190 [ 734.100016][ T3835] dump_header+0xdb/0x700 [ 734.104329][ T3835] oom_kill_process+0xd3/0x280 [ 734.109065][ T3835] out_of_memory+0x5b6/0x890 [ 734.113647][ T3835] ? unregister_oom_notifier+0x20/0x20 [ 734.119107][ T3835] __alloc_pages_slowpath+0x16c2/0x1e50 [ 734.124629][ T3835] ? get_page_from_freelist+0x7c0/0x7c0 [ 734.130145][ T3835] ? flush_tlb_func_common+0x45/0x580 [ 734.135489][ T3835] __alloc_pages_nodemask+0x5cb/0x7c0 [ 734.140834][ T3835] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 734.146349][ T3835] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 734.152056][ T3835] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 734.157851][ T3835] ? __lru_cache_add+0x1a1/0x1f0 [ 734.162765][ T3835] wp_page_copy+0x1cb/0x1120 [ 734.167329][ T3835] ? add_mm_rss_vec+0x270/0x270 [ 734.172150][ T3835] ? vm_normal_page+0x1c9/0x1d0 [ 734.176972][ T3835] do_wp_page+0x4c1/0x1530 [ 734.181361][ T3835] ? _raw_spin_lock+0xa1/0x170 [ 734.186098][ T3835] ? do_swap_page+0x1560/0x1560 [ 734.190922][ T3835] handle_mm_fault+0xfa5/0x41e0 [ 734.195755][ T3835] ? finish_fault+0x230/0x230 [ 734.200403][ T3835] ? down_read_trylock+0x17a/0x1d0 [ 734.206021][ T3835] ? vmacache_find+0x3a2/0x4b0 [ 734.210773][ T3835] do_user_addr_fault+0x48a/0x9f0 [ 734.215792][ T3835] page_fault+0x2f/0x40 [ 734.219926][ T3835] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 734.226515][ T3835] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 734.246285][ T3835] RSP: 0018:ffff888197ed7888 EFLAGS: 00010206 [ 734.252322][ T3835] RAX: ffffffff81f86901 RBX: 000000002049a500 RCX: 0000000000000500 [ 734.260353][ T3835] RDX: 0000000000001000 RSI: ffff8881c64e8b00 RDI: 000000002049a000 [ 734.268311][ T3835] RBP: ffff888197ed7da8 R08: dffffc0000000000 R09: ffffed1038c9d200 [ 734.276257][ T3835] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 734.284200][ T3835] R13: 0000000000001000 R14: ffff8881c64e8000 R15: 0000000020499500 [ 734.292154][ T3835] ? copyout+0x51/0xb0 [ 734.296216][ T3835] copyout+0x8e/0xb0 [ 734.300087][ T3835] copy_page_to_iter+0x393/0xbd0 [ 734.305018][ T3835] pipe_to_user+0xa3/0x130 [ 734.309425][ T3835] __splice_from_pipe+0x2d3/0x870 [ 734.314419][ T3835] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 734.319934][ T3835] do_vmsplice+0x252/0xee0 [ 734.324326][ T3835] ? futex_exit_release+0xc0/0xc0 [ 734.329323][ T3835] ? avc_ss_reset+0x3a0/0x3a0 [ 734.333971][ T3835] ? write_pipe_buf+0x1d0/0x1d0 [ 734.338808][ T3835] ? __rcu_read_lock+0x50/0x50 [ 734.343567][ T3835] ? check_stack_object+0x5a/0x90 [ 734.348567][ T3835] ? _copy_from_user+0xa4/0xe0 [ 734.353306][ T3835] ? rw_copy_check_uvector+0x2b3/0x310 [ 734.358736][ T3835] ? import_iovec+0x1c2/0x380 [ 734.363398][ T3835] ? dup_iter+0x110/0x110 [ 734.367744][ T3835] ? do_vfs_ioctl+0x780/0x1750 [ 734.372496][ T3835] __se_sys_vmsplice+0x1fb/0x300 [ 734.377418][ T3835] ? __x64_sys_vmsplice+0xa0/0xa0 [ 734.382422][ T3835] ? put_timespec64+0x109/0x150 [ 734.387441][ T3835] ? __x64_sys_clock_gettime+0x20d/0x260 [ 734.393049][ T3835] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 734.398741][ T3835] ? __fdget+0x187/0x200 [ 734.402956][ T3835] do_syscall_64+0xcb/0x150 [ 734.407435][ T3835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 734.413299][ T3835] RIP: 0033:0x45d239 [ 734.417168][ T3835] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 734.436835][ T3835] RSP: 002b:00007f85e433ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 734.445233][ T3835] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 734.453194][ T3835] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 734.461138][ T3835] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 734.469081][ T3835] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 734.477547][ T3835] R13: 00007ffc3e8a7e5f R14: 00007f85e433b9c0 R15: 000000000118d08c [ 734.512006][ T3835] Mem-Info: [ 734.524962][ T3835] active_anon:1398772 inactive_anon:8969 isolated_anon:0 [ 734.524962][ T3835] active_file:901 inactive_file:675 isolated_file:67 [ 734.524962][ T3835] unevictable:0 dirty:47 writeback:0 unstable:0 [ 734.524962][ T3835] slab_reclaimable:6683 slab_unreclaimable:90578 [ 734.524962][ T3835] mapped:59505 shmem:9035 pagetables:40053 bounce:0 [ 734.524962][ T3835] free:12205 free_pcp:26 free_cma:0 [ 734.581178][ T3835] Node 0 active_anon:5595088kB inactive_anon:35876kB active_file:2860kB inactive_file:2432kB unevictable:0kB isolated(anon):0kB isolated(file):388kB mapped:237320kB dirty:188kB writeback:0kB shmem:36140kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 734.621671][ T3835] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 734.648637][ T3835] lowmem_reserve[]: 0 2912 6416 6416 [ 734.654554][ T3835] DMA32 free:21560kB min:4644kB low:7624kB high:10604kB active_anon:2728280kB inactive_anon:12768kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:22336kB pagetables:54040kB bounce:0kB free_pcp:480kB local_pcp:472kB free_cma:0kB [ 734.684318][ T3835] lowmem_reserve[]: 0 0 3504 3504 [ 734.689940][ T3835] Normal free:11700kB min:24744kB low:28332kB high:31920kB active_anon:2866520kB inactive_anon:23108kB active_file:1792kB inactive_file:1548kB unevictable:0kB writepending:176kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24480kB pagetables:106172kB bounce:0kB free_pcp:1732kB local_pcp:260kB free_cma:0kB [ 734.720599][ T3835] lowmem_reserve[]: 0 0 0 0 [ 734.725622][ T3835] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 734.744601][ T3835] DMA32: 122*4kB (UE) 213*8kB (UME) 439*16kB (UE) 140*32kB (UME) 71*64kB (UME) 26*128kB (UME) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21824kB [ 734.760541][ T3835] Normal: 511*4kB (UMEH) 218*8kB (UMEH) 87*16kB (UMEH) 185*32kB (UMEH) 16*64kB (UMEH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12380kB [ 734.776352][ T3835] 9864 total pagecache pages [ 734.781428][ T3835] 0 pages in swap cache [ 734.786085][ T3835] Swap cache stats: add 0, delete 0, find 0/0 [ 734.792611][ T3835] Free swap = 0kB [ 734.796811][ T3835] Total swap = 0kB [ 734.800974][ T3835] 1965979 pages RAM [ 734.805222][ T3835] 0 pages HighMem/MovableOnly [ 734.810290][ T3835] 318829 pages reserved [ 734.814853][ T3835] 0 pages cma reserved [ 734.819343][ T3835] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=16572,uid=0 [ 734.834273][ T3835] Out of memory: Killed process 16572 (syz-executor.5) total-vm:85476kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 735.035979][ T3805] loop4: p6 size 32768 extends beyond EOD, truncated [ 735.274909][ T4304] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 735.534847][ T4304] usb 6-1: Using ep0 maxpacket: 8 [ 735.654948][ T4304] usb 6-1: config 0 has no interfaces? [ 735.665204][ T4304] usb 6-1: New USB device found, idVendor=2400, idProduct=4200, bcdDevice=42.ef [ 735.677646][ T4304] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 735.698491][ T4304] usb 6-1: config 0 descriptor?? [ 735.953630][ T1968] usb 6-1: USB disconnect, device number 8 12:56:42 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:42 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)) 12:56:42 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500250001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 736.309547][ T3852] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 736.314791][ T3852] loop4: partition table partially beyond EOD, truncated [ 736.325313][ T3852] loop4: p1 start 1 is beyond EOD, truncated [ 736.331312][ T3852] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 736.399078][ T3852] loop4: p3 size 2 extends beyond EOD, truncated [ 736.434568][ T3852] loop4: p4 size 32768 extends beyond EOD, truncated [ 736.475397][ T3852] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 736.504782][ T1968] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 736.535742][ T3852] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:42 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 736.715846][ T3852] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 736.734760][ T3852] loop4: partition table partially beyond EOD, truncated [ 736.741908][ T3852] loop4: p1 start 1 is beyond EOD, truncated [ 736.748082][ T1968] usb 6-1: Using ep0 maxpacket: 8 [ 736.788953][ T3852] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 736.816680][ T3852] loop4: p3 size 2 extends beyond EOD, truncated [ 736.836155][ T3852] loop4: p4 size 32768 extends beyond EOD, truncated [ 736.857309][ T3852] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 736.864939][ T1968] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 12:56:42 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 736.889290][ T1968] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 736.902532][ T3852] loop4: p6 size 32768 extends beyond EOD, truncated [ 736.926986][ T1968] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 85 12:56:42 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 736.963993][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 737.014413][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 737.034889][ T1968] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.064186][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 737.069491][ T3842] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 737.069508][ T3842] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 737.101892][ T154] loop4: partition table partially beyond EOD, truncated 12:56:43 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 737.119977][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 737.132971][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 737.142424][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 737.149841][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 737.161329][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 737.171299][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 737.184773][ T1968] usblp: can't set desired altsetting 0 on interface 0 [ 737.195253][ T1968] usb 6-1: USB disconnect, device number 9 [ 737.565785][ T1968] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 737.964729][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 738.044810][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 738.214814][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 738.223883][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.253839][ T1968] usb 6-1: Product: syz [ 738.266096][ T1968] usb 6-1: Manufacturer: syz [ 738.270720][ T1968] usb 6-1: SerialNumber: syz [ 738.535689][ T1968] usb 6-1: USB disconnect, device number 10 12:56:45 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:45 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500280001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, 0x0) 12:56:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:56:45 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 739.389566][ T3916] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 739.418455][ T3916] loop4: partition table partially beyond EOD, truncated 12:56:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 739.538384][ T3916] loop4: p1 start 1 is beyond EOD, truncated [ 739.560984][ T3916] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 739.584643][ T1968] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 739.595963][ T3916] loop4: p3 size 2 extends beyond EOD, truncated [ 739.612685][ T3916] loop4: p4 size 32768 extends beyond EOD, truncated [ 739.633942][ T3916] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 739.669185][ T3916] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 739.777758][ T3916] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 739.783073][ T3916] loop4: partition table partially beyond EOD, truncated 12:56:45 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 739.831393][ T3916] loop4: p1 start 1 is beyond EOD, truncated [ 739.840492][ T3916] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 739.888532][ T3916] loop4: p3 size 2 extends beyond EOD, truncated [ 739.911695][ T3916] loop4: p4 size 32768 extends beyond EOD, truncated [ 739.932269][ T3916] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 739.950027][ T3916] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:45 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:45 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500480001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 739.984650][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short 12:56:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, 0x0) [ 740.027556][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 740.033041][ T154] loop4: partition table partially beyond EOD, truncated [ 740.055128][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 740.061893][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 740.074691][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 740.095641][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 740.112596][ T154] loop4: p4 size 32768 extends beyond EOD, truncated 12:56:46 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 740.136976][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 740.170324][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 740.254609][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 740.265561][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 740.284235][ T1968] usb 6-1: Product: syz [ 740.289404][ T1968] usb 6-1: Manufacturer: syz [ 740.295997][ T1968] usb 6-1: SerialNumber: syz [ 740.563869][ T4304] usb 6-1: USB disconnect, device number 11 [ 740.700538][ T3989] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 740.706902][ T3989] loop4: partition table partially beyond EOD, truncated [ 740.748557][ T3989] loop4: p1 start 1 is beyond EOD, truncated [ 740.780672][ T3989] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 740.827440][ T3989] loop4: p3 size 2 extends beyond EOD, truncated [ 740.843320][ T3989] loop4: p4 size 32768 extends beyond EOD, truncated [ 740.859861][ T3989] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 740.876994][ T3989] loop4: p6 size 32768 extends beyond EOD, truncated [ 741.045058][ T3989] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 741.050624][ T3989] loop4: partition table partially beyond EOD, truncated [ 741.068246][ T3989] loop4: p1 start 1 is beyond EOD, truncated [ 741.079871][ T3989] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 741.117511][ T3989] loop4: p3 size 2 extends beyond EOD, truncated [ 741.138638][ T3989] loop4: p4 size 32768 extends beyond EOD, truncated [ 741.156410][ T3989] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:56:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 741.168932][ T3989] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:48 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:56:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, 0x0) 12:56:48 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:48 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105004c0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 742.656614][ T4007] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 742.664998][ T4007] loop4: partition table partially beyond EOD, truncated [ 742.781723][ T4007] loop4: p1 start 1 is beyond EOD, truncated [ 742.794566][ T4007] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 742.826005][ T4007] loop4: p3 size 2 extends beyond EOD, truncated [ 742.864233][ T4007] loop4: p4 size 32768 extends beyond EOD, truncated [ 742.884038][ T4007] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 742.894395][ T1968] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 742.935906][ T4007] loop4: p6 size 32768 extends beyond EOD, truncated [ 743.334369][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 743.444408][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 743.654477][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 743.672476][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 743.697098][ T1968] usb 6-1: Product: syz [ 743.714015][ T1968] usb 6-1: Manufacturer: syz [ 743.761245][ T1968] usb 6-1: SerialNumber: syz [ 743.818443][ T4007] syz-executor.4 (4007) used greatest stack depth: 18864 bytes left [ 744.051292][ T4304] usb 6-1: USB disconnect, device number 12 12:56:49 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:50 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500600001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:49 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x7c, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x7c}}, 0x0) 12:56:50 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:56:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x7c, 0x0, 0x1, 0x409, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x7c}}, 0x0) [ 745.133324][ T4034] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 745.151265][ T4034] loop4: partition table partially beyond EOD, truncated [ 745.190023][ T4034] loop4: p1 start 1 is beyond EOD, truncated [ 745.205845][ T4034] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 745.224476][ T4034] loop4: p3 size 2 extends beyond EOD, truncated [ 745.240444][ T4034] loop4: p4 size 32768 extends beyond EOD, truncated [ 745.259311][ T4034] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 745.280139][ T4034] loop4: p6 size 32768 extends beyond EOD, truncated [ 745.324259][ T1968] usb 6-1: new high-speed USB device number 13 using dummy_hcd 12:56:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:51 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f00000000c0)={@void, @val, @mpls={[], @ipv4=@icmp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @dev, {[@timestamp_addr={0x44, 0x14, 0x7, 0x1, 0x0, [{@multicast1}, {@loopback}]}]}}, @timestamp}}}, 0x46) 12:56:51 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 745.724198][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 745.804239][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 12:56:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 745.994262][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 746.008045][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.019148][ T1968] usb 6-1: Product: syz [ 746.023955][ T1968] usb 6-1: Manufacturer: syz [ 746.030229][ T1968] usb 6-1: SerialNumber: syz [ 746.306188][ T154] systemd-udevd invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=-1000 [ 746.319869][ T154] CPU: 0 PID: 154 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 746.331247][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.341564][ T154] Call Trace: [ 746.344849][ T154] dump_stack+0x14a/0x1ce [ 746.349170][ T154] ? devkmsg_release+0x11c/0x11c [ 746.354357][ T154] ? show_regs_print_info+0x12/0x12 [ 746.359564][ T154] ? radix_tree_cpu_dead+0x160/0x160 [ 746.364842][ T154] ? _raw_spin_lock+0xa1/0x170 [ 746.369598][ T154] ? _raw_spin_trylock_bh+0x190/0x190 [ 746.374964][ T154] dump_header+0xdb/0x700 [ 746.379292][ T154] oom_kill_process+0xd3/0x280 [ 746.384055][ T154] out_of_memory+0x5b6/0x890 [ 746.388645][ T154] ? unregister_oom_notifier+0x20/0x20 [ 746.394105][ T154] __alloc_pages_slowpath+0x16c2/0x1e50 [ 746.399743][ T154] ? get_page_from_freelist+0x7c0/0x7c0 [ 746.405298][ T154] ? __zone_watermark_ok+0x91/0x280 [ 746.410495][ T154] __alloc_pages_nodemask+0x5cb/0x7c0 [ 746.415880][ T154] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 746.421414][ T154] ? lockref_get+0x1c2/0x2b0 [ 746.425996][ T154] ? blk_crypto_keyslot_evict+0x160/0x160 [ 746.431703][ T154] ? find_inode_fast+0x3f9/0x4b0 [ 746.436630][ T154] __get_free_pages+0xa/0x30 [ 746.441213][ T154] inode_doinit_with_dentry+0x950/0x10e0 [ 746.447103][ T154] ? __wake_up_bit+0x180/0x180 [ 746.451946][ T154] ? sb_finish_set_opts+0x7e0/0x7e0 [ 746.457140][ T154] ? current_time+0x1be/0x2f0 [ 746.461805][ T154] ? atime_needs_update+0x570/0x570 [ 746.466992][ T154] security_d_instantiate+0x90/0xf0 [ 746.472181][ T154] d_splice_alias+0x71/0x590 [ 746.477281][ T154] kernfs_iop_lookup+0x17a/0x1f0 [ 746.482211][ T154] __lookup_slow+0x312/0x490 [ 746.486791][ T154] ? lookup_one_len2+0x2d0/0x2d0 [ 746.491750][ T154] walk_component+0x3ee/0x970 [ 746.496420][ T154] ? follow_managed+0x950/0x950 [ 746.501258][ T154] ? generic_permission+0x13a/0x4a0 [ 746.506444][ T154] ? security_inode_permission+0xda/0x110 [ 746.512161][ T154] link_path_walk+0x72b/0x1500 [ 746.516925][ T154] ? path_init+0x887/0x1220 [ 746.521417][ T154] ? path_init+0x1220/0x1220 [ 746.525993][ T154] ? path_init+0x962/0x1220 [ 746.530483][ T154] path_lookupat+0xd2/0xa60 [ 746.534983][ T154] ? kmem_cache_alloc+0x1d5/0x260 [ 746.539993][ T154] ? getname_flags+0xb8/0x610 [ 746.544657][ T154] ? user_path_at_empty+0x28/0x50 [ 746.549690][ T154] ? do_readlinkat+0x119/0x3c0 [ 746.554451][ T154] ? __x64_sys_readlinkat+0x96/0xb0 [ 746.559646][ T154] ? do_syscall_64+0xcb/0x150 [ 746.564323][ T154] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 746.570392][ T154] ? filename_lookup+0x6e0/0x6e0 [ 746.575353][ T154] filename_lookup+0x254/0x6e0 [ 746.580112][ T154] ? hashlen_string+0x120/0x120 [ 746.584988][ T154] ? getname_flags+0x20d/0x610 [ 746.589831][ T154] do_readlinkat+0x119/0x3c0 [ 746.594414][ T154] ? cp_old_stat+0x8a0/0x8a0 [ 746.599029][ T154] ? do_syscall_64+0x150/0x150 [ 746.603789][ T154] __x64_sys_readlinkat+0x96/0xb0 [ 746.608806][ T154] do_syscall_64+0xcb/0x150 [ 746.613303][ T154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 746.619185][ T154] RIP: 0033:0x7f106ca370ba [ 746.623602][ T154] Code: Bad RIP value. [ 746.627657][ T154] RSP: 002b:00007ffc17d85318 EFLAGS: 00000202 ORIG_RAX: 000000000000010b [ 746.636062][ T154] RAX: ffffffffffffffda RBX: 00005629cab6d280 RCX: 00007f106ca370ba [ 746.644025][ T154] RDX: 00005629cab6d280 RSI: 00007ffc17d853e0 RDI: 00000000ffffff9c [ 746.652028][ T154] RBP: 0000000000000064 R08: 00005629c84f9670 R09: 0000000000000070 [ 746.659994][ T154] R10: 0000000000000063 R11: 0000000000000202 R12: 00007ffc17d853e0 [ 746.667956][ T154] R13: 00000000ffffff9c R14: 00007ffc17d85370 R15: 0000000000000063 [ 746.683391][ T154] Mem-Info: [ 746.687276][ T154] active_anon:1401596 inactive_anon:8837 isolated_anon:0 [ 746.687276][ T154] active_file:11 inactive_file:312 isolated_file:33 [ 746.687276][ T154] unevictable:0 dirty:21 writeback:0 unstable:0 [ 746.687276][ T154] slab_reclaimable:6623 slab_unreclaimable:88913 [ 746.687276][ T154] mapped:58403 shmem:8903 pagetables:40376 bounce:0 [ 746.687276][ T154] free:11690 free_pcp:538 free_cma:0 [ 746.725690][ T154] Node 0 active_anon:5606384kB inactive_anon:35348kB active_file:840kB inactive_file:852kB unevictable:0kB isolated(anon):0kB isolated(file):116kB mapped:234512kB dirty:84kB writeback:0kB shmem:35612kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 746.750297][ T154] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 746.776613][ T154] lowmem_reserve[]: 0 2912 6416 6416 [ 746.782271][ T154] DMA32 free:19860kB min:4644kB low:7624kB high:10604kB active_anon:2733092kB inactive_anon:12732kB active_file:876kB inactive_file:48kB unevictable:0kB writepending:48kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:22624kB pagetables:54368kB bounce:0kB free_pcp:1364kB local_pcp:0kB free_cma:0kB [ 746.823100][ T154] lowmem_reserve[]: 0 0 3504 3504 [ 746.830591][ T154] Normal free:11312kB min:5592kB low:9180kB high:12768kB active_anon:2872820kB inactive_anon:22616kB active_file:68kB inactive_file:0kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24640kB pagetables:107136kB bounce:0kB free_pcp:496kB local_pcp:8kB free_cma:0kB [ 746.874074][ T154] lowmem_reserve[]: 0 0 0 0 [ 746.879506][ T154] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 746.893477][ T154] DMA32: 189*4kB (UME) 255*8kB (UME) 487*16kB (UME) 173*32kB (UME) 54*64kB (UME) 8*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20604kB [ 746.909133][ T154] Normal: 117*4kB (UMH) 67*8kB (UH) 88*16kB (UEH) 168*32kB (UEH) 31*64kB (UEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9900kB [ 746.925205][ T154] 9090 total pagecache pages [ 746.930567][ T154] 0 pages in swap cache [ 746.935143][ T154] Swap cache stats: add 0, delete 0, find 0/0 [ 746.941504][ T154] Free swap = 0kB [ 746.952499][ T154] Total swap = 0kB [ 746.956304][ T154] 1965979 pages RAM [ 746.960097][ T154] 0 pages HighMem/MovableOnly [ 746.982092][ T154] 318829 pages reserved [ 746.986449][ T154] 0 pages cma reserved [ 746.990724][ T154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=16191,uid=0 12:56:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:52 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500680001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 747.005520][ T154] Out of memory: Killed process 16191 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 747.025892][ T23] oom_reaper: reaped process 16191 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:56:53 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105006c0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:53 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$cdc_ecm(0x0, 0x92, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000002e6ff08ba0d0010400001020301090280000101080000098400ff030206220005"], 0x0) 12:56:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 747.280997][ T4304] usb 6-1: USB disconnect, device number 13 [ 747.311770][ T4094] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 747.322298][ T4094] loop4: partition table partially beyond EOD, truncated [ 747.380165][ T4094] loop4: p1 start 1 is beyond EOD, truncated [ 747.427834][ T4094] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 747.484160][ T4094] loop4: p3 size 2 extends beyond EOD, truncated [ 747.494481][ T4094] loop4: p4 size 32768 extends beyond EOD, truncated [ 747.514456][ T4094] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 747.547760][ T4094] loop4: p6 size 32768 extends beyond EOD, truncated [ 747.574157][ T5988] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 747.700821][ T4094] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 747.706766][ T4094] loop4: partition table partially beyond EOD, truncated 12:56:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 12:56:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 747.774134][ T4094] loop4: p1 start 1 is beyond EOD, truncated [ 747.780175][ T4094] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:56:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 747.827129][ T4094] loop4: p3 size 2 extends beyond EOD, truncated [ 747.854066][ T5988] usb 1-1: Using ep0 maxpacket: 8 12:56:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 747.896762][ T4094] loop4: p4 size 32768 extends beyond EOD, truncated [ 747.946314][ T4094] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 747.974057][ T5988] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 748.009768][ T4094] loop4: p6 size 32768 extends beyond EOD, truncated [ 748.015446][ T5988] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 748.294038][ T5988] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 748.309949][ T5988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 748.337802][ T5988] usb 1-1: Product: syz [ 748.375348][ T5988] usb 1-1: Manufacturer: syz [ 748.397343][ T5988] usb 1-1: SerialNumber: syz [ 748.685325][ T5988] usb 1-1: USB disconnect, device number 7 12:56:55 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:55 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500740001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:56:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:55 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:55 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$cdc_ecm(0x0, 0x92, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000002e6ff08ba0d0010400001020301090280000101080000098400ff030206220005"], 0x0) 12:56:56 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 750.224316][ T4130] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 750.230752][ T4130] loop4: partition table partially beyond EOD, truncated [ 750.252459][ T4130] loop4: p1 start 1 is beyond EOD, truncated 12:56:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 750.284934][ T4130] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 750.301700][ T4130] loop4: p3 size 2 extends beyond EOD, truncated [ 750.313040][ T4130] loop4: p4 size 32768 extends beyond EOD, truncated [ 750.322059][ T4130] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 750.334600][ T4130] loop4: p6 size 32768 extends beyond EOD, truncated [ 750.433824][ T1968] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 750.603808][ T5988] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 750.833841][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 750.873788][ T5988] usb 1-1: Using ep0 maxpacket: 8 [ 750.913877][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 750.946487][ T208] rs:main Q:Reg invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=0 [ 750.973777][ T208] CPU: 0 PID: 208 Comm: rs:main Q:Reg Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 750.983780][ T208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.993839][ T208] Call Trace: [ 750.997300][ T208] dump_stack+0x14a/0x1ce [ 751.001730][ T208] ? devkmsg_release+0x11c/0x11c [ 751.006657][ T208] ? show_regs_print_info+0x12/0x12 [ 751.011848][ T208] ? radix_tree_cpu_dead+0x160/0x160 [ 751.017113][ T208] ? _raw_spin_lock+0xa1/0x170 [ 751.021850][ T208] ? _raw_spin_trylock_bh+0x190/0x190 [ 751.027195][ T208] dump_header+0xdb/0x700 [ 751.031509][ T208] oom_kill_process+0xd3/0x280 [ 751.037634][ T208] out_of_memory+0x5b6/0x890 [ 751.042198][ T208] ? unregister_oom_notifier+0x20/0x20 [ 751.048330][ T208] __alloc_pages_slowpath+0x16c2/0x1e50 [ 751.053853][ T208] ? get_page_from_freelist+0x7c0/0x7c0 [ 751.059368][ T208] ? __ext4_handle_dirty_metadata+0x2d8/0x910 [ 751.065518][ T208] ? node_dirty_ok+0x5f9/0x650 [ 751.070275][ T208] __alloc_pages_nodemask+0x5cb/0x7c0 [ 751.075633][ T208] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 751.081168][ T208] ? ext4_reserve_inode_write+0x19c/0x220 [ 751.086871][ T208] pagecache_get_page+0x50f/0x880 [ 751.091873][ T208] grab_cache_page_write_begin+0x50/0x90 [ 751.097498][ T208] ext4_da_write_begin+0x9e1/0xfc0 [ 751.102589][ T208] ? __rcu_read_lock+0x50/0x50 [ 751.107424][ T208] ? ext4_set_page_dirty+0x190/0x190 [ 751.112873][ T208] ? __ext4_journal_stop+0x2f/0x190 [ 751.118050][ T208] ? __ext4_expand_extra_isize+0x3b0/0x3b0 [ 751.123923][ T208] ? __mark_inode_dirty+0x475/0xbb0 [ 751.129092][ T208] ? __block_commit_write+0x226/0x240 [ 751.134553][ T208] ? generic_write_end+0x1fd/0x2e0 [ 751.139647][ T208] ? __ext4_journal_stop+0x2f/0x190 [ 751.144909][ T208] ? iov_iter_fault_in_readable+0x2d2/0x630 [ 751.150773][ T208] ? uuid_parse+0x3e0/0x3e0 [ 751.155267][ T208] ? balance_dirty_pages_ratelimited+0x302/0x4c0 [ 751.161566][ T208] generic_perform_write+0x2f7/0x5a0 [ 751.167096][ T208] ? grab_cache_page_write_begin+0x90/0x90 [ 751.172894][ T208] ? file_remove_privs+0x640/0x640 [ 751.178334][ T208] ? down_write_trylock+0xd8/0x150 [ 751.183420][ T208] __generic_file_write_iter+0x217/0x440 [ 751.189115][ T208] ext4_file_write_iter+0x46f/0x1070 [ 751.195593][ T208] ? ext4_file_read_iter+0x140/0x140 [ 751.200869][ T208] ? filemap_fault+0x1a30/0x1a30 [ 751.205789][ T208] ? iov_iter_init+0x83/0x160 [ 751.210457][ T208] __vfs_write+0x59d/0x720 [ 751.214866][ T208] ? __kernel_write+0x340/0x340 [ 751.219885][ T208] ? avc_policy_seqno+0x17/0x70 [ 751.224738][ T208] ? security_file_permission+0x128/0x300 [ 751.230431][ T208] vfs_write+0x217/0x4f0 [ 751.234749][ T208] ksys_write+0x18c/0x2c0 [ 751.239050][ T208] ? __ia32_sys_read+0x80/0x80 [ 751.243790][ T208] ? do_user_addr_fault+0x55c/0x9f0 [ 751.248958][ T208] do_syscall_64+0xcb/0x150 [ 751.253452][ T208] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 751.259316][ T208] RIP: 0033:0x7f0e6024a1cd [ 751.263794][ T208] Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 751.283542][ T208] RSP: 002b:00007f0e5d805590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 751.291924][ T208] RAX: ffffffffffffffda RBX: 00007f0e54026c50 RCX: 00007f0e6024a1cd [ 751.299867][ T208] RDX: 00000000000000b2 RSI: 00007f0e54026c50 RDI: 000000000000000a [ 751.307924][ T208] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 751.316127][ T208] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f0e540269d0 [ 751.324068][ T208] R13: 00007f0e5d8055b0 R14: 000055dd399647c0 R15: 00000000000000b2 [ 751.340340][ T208] Mem-Info: [ 751.343989][ T208] active_anon:1400491 inactive_anon:8887 isolated_anon:0 [ 751.343989][ T208] active_file:533 inactive_file:487 isolated_file:85 [ 751.343989][ T208] unevictable:0 dirty:19 writeback:3 unstable:0 [ 751.343989][ T208] slab_reclaimable:6588 slab_unreclaimable:89260 [ 751.343989][ T208] mapped:59346 shmem:8955 pagetables:40539 bounce:0 [ 751.343989][ T208] free:11433 free_pcp:375 free_cma:0 [ 751.382799][ T5988] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 751.394075][ T208] Node 0 active_anon:5601964kB inactive_anon:35548kB active_file:1416kB inactive_file:1484kB unevictable:0kB isolated(anon):0kB isolated(file):340kB mapped:236184kB dirty:76kB writeback:12kB shmem:35820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 751.419565][ T5988] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 751.430525][ T208] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 751.458040][ T208] lowmem_reserve[]: 0 2912 6416 6416 [ 751.464219][ T208] DMA32 free:20076kB min:4644kB low:7624kB high:10604kB active_anon:2736748kB inactive_anon:12816kB active_file:272kB inactive_file:68kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:22624kB pagetables:54300kB bounce:0kB free_pcp:380kB local_pcp:120kB free_cma:0kB [ 751.497377][ T208] lowmem_reserve[]: 0 0 3504 3504 [ 751.503156][ T208] Normal free:11768kB min:5592kB low:9180kB high:12768kB active_anon:2865216kB inactive_anon:22732kB active_file:776kB inactive_file:1096kB unevictable:0kB writepending:88kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24800kB pagetables:107856kB bounce:0kB free_pcp:1640kB local_pcp:344kB free_cma:0kB [ 751.534043][ T208] lowmem_reserve[]: 0 0 0 0 [ 751.539587][ T208] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 751.553834][ T208] DMA32: 199*4kB (UME) 236*8kB (UME) 483*16kB (UME) 121*32kB (UME) 76*64kB (UME) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19660kB [ 751.569775][ T208] Normal: 642*4kB (UMEH) 347*8kB (UMEH) 239*16kB (UMEH) 70*32kB (UMEH) 7*64kB (UMEH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12112kB [ 751.594750][ T208] 9608 total pagecache pages [ 751.600711][ T208] 0 pages in swap cache [ 751.605934][ T208] Swap cache stats: add 0, delete 0, find 0/0 [ 751.613010][ T208] Free swap = 0kB [ 751.617816][ T208] Total swap = 0kB [ 751.621909][ T208] 1965979 pages RAM [ 751.626199][ T5988] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 751.635970][ T208] 0 pages HighMem/MovableOnly [ 751.641306][ T5988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.650027][ T208] 318829 pages reserved [ 751.654827][ T208] 0 pages cma reserved [ 751.659591][ T5988] usb 1-1: Product: syz [ 751.664434][ T5988] usb 1-1: Manufacturer: syz 12:56:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 751.665891][ T208] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=15576,uid=0 [ 751.669940][ T5988] usb 1-1: SerialNumber: syz [ 751.703757][ T208] Out of memory: Killed process 15576 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:56:57 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105007a0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 751.877943][ T4159] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 751.883180][ T4159] loop4: partition table partially beyond EOD, truncated [ 751.905065][ T4159] loop4: p1 start 1 is beyond EOD, truncated [ 751.938531][ T4159] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 751.950447][ T4159] loop4: p3 size 2 extends beyond EOD, truncated [ 751.964499][ T4159] loop4: p4 size 32768 extends beyond EOD, truncated [ 751.983841][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 751.992894][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.001120][ T4159] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 752.030504][ T4159] loop4: p6 size 32768 extends beyond EOD, truncated [ 752.037281][ T1968] usb 6-1: Product: syz [ 752.041436][ T1968] usb 6-1: Manufacturer: syz [ 752.045307][ T5988] usb 1-1: USB disconnect, device number 8 [ 752.048368][ T1968] usb 6-1: SerialNumber: syz [ 752.136876][ T4159] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 752.143189][ T4159] loop4: partition table partially beyond EOD, truncated [ 752.160375][ T4159] loop4: p1 start 1 is beyond EOD, truncated [ 752.173700][ T4159] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 752.192194][ T4159] loop4: p3 size 2 extends beyond EOD, truncated [ 752.205773][ T4159] loop4: p4 size 32768 extends beyond EOD, truncated [ 752.231815][ T4159] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 752.240965][ T4159] loop4: p6 size 32768 extends beyond EOD, truncated [ 752.299901][ T5988] usb 6-1: USB disconnect, device number 14 [ 752.316100][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 752.321972][ T154] loop4: partition table partially beyond EOD, truncated [ 752.332753][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 752.339046][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 752.347008][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 752.364267][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 752.373887][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 752.381721][ T154] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:56:58 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:58 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105007c0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:56:58 executing program 0: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x3}, 0x1c) socket$packet(0x11, 0x3, 0x300) connect$inet6(r0, &(0x7f0000004540)={0xa, 0x4e20, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r0, &(0x7f0000004d80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffe0}}], 0x1, 0x0) 12:56:58 executing program 0: r0 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'virt_wifi0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0001000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r1, @ANYBLOB='\b'], 0x44}}, 0x0) [ 752.936779][ T4180] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 752.942010][ T4180] loop4: partition table partially beyond EOD, truncated [ 752.965991][ T4180] loop4: p1 start 1 is beyond EOD, truncated [ 752.973168][ T4180] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 753.026957][ T4180] loop4: p3 size 2 extends beyond EOD, truncated [ 753.060991][ T4180] loop4: p4 size 32768 extends beyond EOD, truncated [ 753.089565][ T4180] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:56:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:56:59 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:56:59 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000042, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f0000000100)="c7043ab90ec8846e21a9fb5bb1712d8b7f228d2a69e52e38258752b0d67c57d46ba2f3b55dd6cae93fb2f75e1ef0cc7463abecdf8311a98ea72d0321b1eac69a0bc30d695ccf09fff249d3a3c8d1b07d55f61e9ab809293213e4b32feaf1e0f1531502096737f2a5d60df0a4020273fbf65fe46d7f42a3a95aaafe3d642f03d6b3d0361633a0bc91025af387422a6f1e5ee639b00522fcaf5bc702e4247acf8c16fd7586866558ecada43f1f6f8a00f8a30a675566c40976c8451a8ac0fa0637e537c358fe2d26ef0374f0acdee3a74a6ee0f2a0bc987943def926f03b2a3a7e0f70e7e5ac54e2a1372f738fd6a8a9e12638800d13f11c7ff4695e5f26702f5625f052f41d20b7fe2a", 0x109, 0x20042001, &(0x7f0000000240)={0xa, 0x4e22, 0x200, @dev={0xfe, 0x80, [], 0xb}, 0xffffffff}, 0x1c) [ 753.163720][ T1968] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 753.173783][ T4180] loop4: p6 size 32768 extends beyond EOD, truncated 12:56:59 executing program 0: dup(0xffffffffffffffff) close(0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3a3dd40084848f01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x2, 0x3, 0x1d8, 0x98, 0x98, 0x98, 0x0, 0x98, 0x140, 0x140, 0x140, 0x140, 0x140, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'veth0_to_team\x00', 'ip6gretap0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x9}}}, {{@uncond, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffff}, {0xffff}, {0xffff, 0xfd}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x238) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, 0x0) 12:56:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 753.339886][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 753.345231][ T154] loop4: partition table partially beyond EOD, truncated [ 753.376073][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 753.386100][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 753.405157][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 753.423812][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 753.431071][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 753.440452][ T4213] syz-executor.3 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 753.454407][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 753.470584][ T4213] CPU: 0 PID: 4213 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 753.480663][ T4213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 753.490709][ T4213] Call Trace: [ 753.494025][ T4213] dump_stack+0x14a/0x1ce [ 753.498355][ T4213] ? devkmsg_release+0x11c/0x11c [ 753.503289][ T4213] ? show_regs_print_info+0x12/0x12 [ 753.508482][ T4213] ? radix_tree_cpu_dead+0x160/0x160 [ 753.513758][ T4213] ? _raw_spin_lock+0xa1/0x170 [ 753.518648][ T4213] ? _raw_spin_trylock_bh+0x190/0x190 [ 753.524100][ T4213] dump_header+0xdb/0x700 [ 753.528423][ T4213] oom_kill_process+0xd3/0x280 [ 753.533265][ T4213] out_of_memory+0x5b6/0x890 [ 753.537933][ T4213] ? unregister_oom_notifier+0x20/0x20 [ 753.543384][ T4213] __alloc_pages_slowpath+0x16c2/0x1e50 [ 753.548922][ T4213] ? get_page_from_freelist+0x7c0/0x7c0 [ 753.554457][ T4213] ? flush_tlb_func_common+0x45/0x580 [ 753.559907][ T4213] __alloc_pages_nodemask+0x5cb/0x7c0 [ 753.565295][ T4213] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 753.570827][ T4213] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 753.576537][ T4213] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 753.582595][ T4213] ? __perf_event_task_sched_in+0x4f7/0x560 [ 753.588474][ T4213] wp_page_copy+0x1cb/0x1120 [ 753.593040][ T4213] ? perf_pmu_sched_task+0x370/0x370 [ 753.598296][ T4213] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 753.603481][ T4213] ? add_mm_rss_vec+0x270/0x270 [ 753.608302][ T4213] ? _raw_spin_unlock_irq+0x5/0x20 [ 753.613384][ T4213] ? finish_task_switch+0x235/0x4c0 [ 753.618564][ T4213] ? vm_normal_page+0x1c9/0x1d0 [ 753.623382][ T4213] do_wp_page+0x4c1/0x1530 [ 753.627769][ T4213] ? _raw_spin_lock+0xa1/0x170 [ 753.632502][ T4213] ? do_swap_page+0x1560/0x1560 [ 753.637678][ T4213] ? ttwu_do_wakeup+0x154/0x5b0 [ 753.642504][ T4213] handle_mm_fault+0xfa5/0x41e0 [ 753.647330][ T4213] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 753.653018][ T4213] ? finish_fault+0x230/0x230 [ 753.657675][ T4213] ? update_curr+0x584/0x740 [ 753.662323][ T4213] ? down_read_trylock+0x17a/0x1d0 [ 753.667414][ T4213] ? _raw_spin_unlock_irq+0x5/0x20 [ 753.672495][ T4213] ? vmacache_find+0x3a2/0x4b0 [ 753.677230][ T4213] do_user_addr_fault+0x48a/0x9f0 [ 753.682229][ T4213] page_fault+0x2f/0x40 [ 753.686359][ T4213] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 753.692915][ T4213] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 753.712609][ T4213] RSP: 0018:ffff8881c83c7888 EFLAGS: 00010206 [ 753.718651][ T4213] RAX: ffffffff81f86901 RBX: 00000000204a6500 RCX: 0000000000000500 [ 753.726595][ T4213] RDX: 0000000000001000 RSI: ffff88819a909b00 RDI: 00000000204a6000 [ 753.734724][ T4213] RBP: ffff8881c83c7da8 R08: dffffc0000000000 R09: ffffed1033521400 [ 753.742667][ T4213] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 753.750695][ T4213] R13: 0000000000001000 R14: ffff88819a909000 R15: 00000000204a5500 [ 753.758652][ T4213] ? copyout+0x51/0xb0 [ 753.762704][ T4213] copyout+0x8e/0xb0 [ 753.766571][ T4213] copy_page_to_iter+0x393/0xbd0 [ 753.771500][ T4213] pipe_to_user+0xa3/0x130 [ 753.775886][ T4213] __splice_from_pipe+0x2d3/0x870 [ 753.780879][ T4213] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 753.786403][ T4213] do_vmsplice+0x252/0xee0 [ 753.790788][ T4213] ? futex_exit_release+0xc0/0xc0 [ 753.795869][ T4213] ? avc_ss_reset+0x3a0/0x3a0 [ 753.800516][ T4213] ? write_pipe_buf+0x1d0/0x1d0 [ 753.805349][ T4213] ? __rcu_read_lock+0x50/0x50 [ 753.810109][ T4213] ? check_stack_object+0x5a/0x90 [ 753.815100][ T4213] ? _copy_from_user+0xa4/0xe0 [ 753.819847][ T4213] ? rw_copy_check_uvector+0x2b3/0x310 [ 753.825274][ T4213] ? import_iovec+0x1c2/0x380 [ 753.829932][ T4213] ? dup_iter+0x110/0x110 [ 753.834598][ T4213] ? do_vfs_ioctl+0x780/0x1750 [ 753.839343][ T4213] __se_sys_vmsplice+0x1fb/0x300 [ 753.844264][ T4213] ? __x64_sys_vmsplice+0xa0/0xa0 [ 753.849257][ T4213] ? put_timespec64+0x109/0x150 [ 753.854079][ T4213] ? __x64_sys_clock_gettime+0x20d/0x260 [ 753.859680][ T4213] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 753.865382][ T4213] ? __fdget+0x187/0x200 [ 753.869602][ T4213] do_syscall_64+0xcb/0x150 [ 753.874076][ T4213] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 753.879938][ T4213] RIP: 0033:0x45d239 [ 753.883804][ T4213] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 753.903381][ T4213] RSP: 002b:00007f85e435bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 753.911762][ T4213] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 753.919802][ T4213] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 753.927754][ T4213] RBP: 000000000118d028 R08: 0000000000000000 R09: 0000000000000000 [ 753.935695][ T4213] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 753.943636][ T4213] R13: 00007ffc3e8a7e5f R14: 00007f85e435c9c0 R15: 000000000118cfec [ 753.986295][ T4213] Mem-Info: [ 753.990200][ T4213] active_anon:1399545 inactive_anon:9129 isolated_anon:0 [ 753.990200][ T4213] active_file:648 inactive_file:646 isolated_file:77 [ 753.990200][ T4213] unevictable:0 dirty:90 writeback:0 unstable:0 [ 753.990200][ T4213] slab_reclaimable:6659 slab_unreclaimable:88472 [ 753.990200][ T4213] mapped:59655 shmem:9201 pagetables:40695 bounce:0 [ 753.990200][ T4213] free:12716 free_pcp:0 free_cma:0 [ 754.038485][ T4213] Node 0 active_anon:5598180kB inactive_anon:36516kB active_file:2044kB inactive_file:2068kB unevictable:0kB isolated(anon):0kB isolated(file):188kB mapped:237720kB dirty:360kB writeback:0kB shmem:36804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 754.083651][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 754.083900][ T4213] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 754.117804][ T4213] lowmem_reserve[]: 0 2912 6416 6416 [ 754.123436][ T4213] DMA32 free:20572kB min:8740kB low:11720kB high:14700kB active_anon:2737420kB inactive_anon:12800kB active_file:16kB inactive_file:68kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:22848kB pagetables:54492kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 754.152941][ T4213] lowmem_reserve[]: 0 0 3504 3504 [ 754.160255][ T4213] Normal free:15904kB min:24744kB low:28332kB high:31920kB active_anon:2860760kB inactive_anon:23716kB active_file:1892kB inactive_file:1824kB unevictable:0kB writepending:356kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24800kB pagetables:108288kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 754.190595][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 754.225306][ T4213] lowmem_reserve[]: 0 0 0 0 [ 754.235718][ T4213] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 754.264972][ T4213] DMA32: 174*4kB (UME) 248*8kB (UME) 521*16kB (UME) 119*32kB (UME) 84*64kB (UME) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20712kB [ 754.283486][ T4213] Normal: 1019*4kB (UMEH) 378*8kB (UMH) 282*16kB (UMEH) 149*32kB (UMEH) 15*64kB (MEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17468kB [ 754.318260][ T4213] 9747 total pagecache pages [ 754.327485][ T4213] 0 pages in swap cache [ 754.341229][ T4213] Swap cache stats: add 0, delete 0, find 0/0 [ 754.351458][ T4213] Free swap = 0kB [ 754.355555][ T4213] Total swap = 0kB [ 754.359421][ T4213] 1965979 pages RAM [ 754.363431][ T4213] 0 pages HighMem/MovableOnly [ 754.368356][ T4213] 318829 pages reserved [ 754.372668][ T4213] 0 pages cma reserved [ 754.376999][ T4213] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=15324,uid=0 [ 754.391448][ T4213] Out of memory: Killed process 15324 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 754.464336][ T4180] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 754.469701][ T4180] loop4: partition table partially beyond EOD, truncated [ 754.490920][ T4180] loop4: p1 start 1 is beyond EOD, truncated [ 754.497050][ T4180] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 754.505277][ T4180] loop4: p3 size 2 extends beyond EOD, truncated [ 754.512957][ T4180] loop4: p4 size 32768 extends beyond EOD, truncated [ 754.520939][ T4180] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 754.547859][ T4180] loop4: p6 size 32768 extends beyond EOD, truncated [ 754.843588][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 754.876018][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.951388][ T1968] usb 6-1: Product: syz [ 755.019159][ T1968] usb 6-1: Manufacturer: syz [ 755.023979][ T1968] usb 6-1: SerialNumber: syz [ 755.290080][ T5988] usb 6-1: USB disconnect, device number 15 12:57:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:01 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:01 executing program 0: r0 = open(0x0, 0x0, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000640)={0xa, 0x1000000000004e24, 0x0, @ipv4={[], [], @dev}}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 12:57:01 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500900001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:01 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 755.897407][ T4251] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 755.905175][ T4251] loop4: partition table partially beyond EOD, truncated [ 755.930243][ T4251] loop4: p1 start 1 is beyond EOD, truncated 12:57:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 755.964630][ T4251] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 756.003280][ T4251] loop4: p3 size 2 extends beyond EOD, truncated [ 756.036285][ T4251] loop4: p4 size 32768 extends beyond EOD, truncated [ 756.048060][ T4251] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 756.060640][ T4251] loop4: p6 size 32768 extends beyond EOD, truncated [ 756.103422][ T5988] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 756.174793][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 756.184436][ T154] loop4: partition table partially beyond EOD, truncated [ 756.193891][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 756.200532][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 756.209690][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 756.218077][ T154] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:02 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 756.226696][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 756.235754][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 756.246821][ T4251] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 756.252979][ T4251] loop4: partition table partially beyond EOD, truncated [ 756.261370][ T4251] loop4: p1 start 1 is beyond EOD, truncated [ 756.267863][ T4251] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:02 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 756.275800][ T4251] loop4: p3 size 2 extends beyond EOD, truncated [ 756.283042][ T4251] loop4: p4 size 32768 extends beyond EOD, truncated [ 756.290866][ T4251] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 756.298460][ T4304] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 756.299760][ T4251] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:02 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105002a0101000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 756.517226][ T4295] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 756.522490][ T4295] loop4: partition table partially beyond EOD, truncated [ 756.534789][ T5988] usb 6-1: unable to get BOS descriptor or descriptor too short [ 756.615381][ T5988] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 756.655651][ T4295] loop4: p1 start 1 is beyond EOD, truncated [ 756.676353][ T4295] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 756.714038][ T4304] usb 1-1: unable to get BOS descriptor or descriptor too short [ 756.784730][ T4295] loop4: p3 size 2 extends beyond EOD, truncated [ 756.795586][ T4295] loop4: p4 size 32768 extends beyond EOD, truncated [ 756.803800][ T4304] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 756.810983][ T4295] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 756.828880][ T4295] loop4: p6 size 32768 extends beyond EOD, truncated [ 756.914176][ T4295] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 756.920332][ T4295] loop4: partition table partially beyond EOD, truncated [ 756.953012][ T4295] loop4: p1 start 1 is beyond EOD, truncated [ 756.959459][ T5988] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 756.979949][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.004246][ T4295] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 757.013496][ T4304] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 757.022686][ T4304] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 757.026178][ T4295] loop4: p3 size 2 extends beyond EOD, truncated [ 757.059211][ T5988] usb 6-1: Product: syz [ 757.080017][ T5988] usb 6-1: Manufacturer: syz [ 757.084774][ T4304] usb 1-1: Product: syz [ 757.088931][ T4304] usb 1-1: Manufacturer: syz [ 757.093829][ T5988] usb 6-1: SerialNumber: syz [ 757.096601][ T4295] loop4: p4 size 32768 extends beyond EOD, truncated [ 757.146446][ T4304] usb 1-1: SerialNumber: syz [ 757.161866][ T4295] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 757.183878][ T4295] loop4: p6 size 32768 extends beyond EOD, truncated [ 757.374636][ T4304] usb 6-1: USB disconnect, device number 16 [ 757.410194][ T1968] usb 1-1: USB disconnect, device number 9 12:57:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:03 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:03 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105008c0101000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:03 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 757.963989][ T4323] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 757.971178][ T4323] loop4: partition table partially beyond EOD, truncated [ 757.988810][ T4323] loop4: p1 start 1 is beyond EOD, truncated 12:57:03 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 758.009767][ T4323] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 758.060149][ T4323] loop4: p3 size 2 extends beyond EOD, truncated [ 758.141696][ T4323] loop4: p4 size 32768 extends beyond EOD, truncated [ 758.213294][ T1968] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 758.213398][ T4304] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 758.221149][ T4323] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:57:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 758.362454][ T4323] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 758.500244][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 758.506365][ T154] loop4: partition table partially beyond EOD, truncated [ 758.521194][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 758.537187][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 758.556340][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 758.572974][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 758.590654][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 758.610399][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 758.629750][ T4323] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 758.636207][ T4323] loop4: partition table partially beyond EOD, truncated [ 758.643433][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short 12:57:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 758.660526][ T4323] loop4: p1 start 1 is beyond EOD, truncated [ 758.673302][ T4304] usb 1-1: unable to get BOS descriptor or descriptor too short [ 758.674590][ T4323] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 758.723318][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 758.736839][ T4323] loop4: p3 size 2 extends beyond EOD, truncated [ 758.744721][ T4323] loop4: p4 size 32768 extends beyond EOD, truncated [ 758.751966][ T4323] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 758.760305][ T4323] loop4: p6 size 32768 extends beyond EOD, truncated [ 758.763313][ T4304] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 758.903310][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 758.917281][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 758.953311][ T4304] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 758.969320][ T4304] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 758.997385][ T4304] usb 1-1: Product: syz [ 759.011911][ T4304] usb 1-1: Manufacturer: syz [ 759.027001][ T1968] usb 6-1: Product: syz [ 759.028067][ T4304] usb 1-1: SerialNumber: syz [ 759.105706][ T1968] usb 6-1: Manufacturer: syz [ 759.122332][ T1968] usb 6-1: SerialNumber: syz [ 759.311713][ T1968] usb 1-1: USB disconnect, device number 10 12:57:05 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:05 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500dc0101000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 759.375332][ T3766] usb 6-1: USB disconnect, device number 17 [ 759.477305][ T4364] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 759.483440][ T4364] loop4: partition table partially beyond EOD, truncated [ 759.536112][ T4364] loop4: p1 start 1 is beyond EOD, truncated [ 759.615608][ T4364] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 759.624844][ T4364] loop4: p3 size 2 extends beyond EOD, truncated [ 759.640417][ T4364] loop4: p4 size 32768 extends beyond EOD, truncated [ 759.662411][ T4364] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 759.702885][ T4364] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:05 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:05 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:05 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 759.886546][ T4364] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 759.926186][ T4364] loop4: partition table partially beyond EOD, truncated [ 759.991427][ T4364] loop4: p1 start 1 is beyond EOD, truncated [ 760.017267][ T4364] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 760.048533][ T4364] loop4: p3 size 2 extends beyond EOD, truncated [ 760.073675][ T4364] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:06 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500fc0101000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 760.117145][ T4364] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 760.153688][ T4364] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, 0x0) preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 760.203149][ T3766] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 760.253170][ T1968] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 760.328418][ T4401] loop4: p1 < > p2 p3 < p5 p6 > p4 12:57:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, 0x0) preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 760.349433][ T4401] loop4: partition table partially beyond EOD, truncated [ 760.399268][ T4401] loop4: p1 start 1 is beyond EOD, truncated [ 760.429431][ T4401] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, 0x0) preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 760.451754][ T4401] loop4: p3 size 2 extends beyond EOD, truncated [ 760.465705][ T4401] loop4: p4 size 32768 extends beyond EOD, truncated [ 760.474237][ T4401] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 760.488744][ T4401] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:06 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500040201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 760.605327][ T4421] syz-executor.3 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 760.619191][ T4421] CPU: 0 PID: 4421 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 760.629252][ T4421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 760.639298][ T4421] Call Trace: [ 760.642583][ T4421] dump_stack+0x14a/0x1ce [ 760.646902][ T4421] ? devkmsg_release+0x11c/0x11c [ 760.651836][ T4421] ? show_regs_print_info+0x12/0x12 [ 760.657030][ T4421] ? radix_tree_cpu_dead+0x160/0x160 [ 760.662314][ T4421] ? _raw_spin_lock+0xa1/0x170 [ 760.667072][ T4421] ? _raw_spin_trylock_bh+0x190/0x190 [ 760.672439][ T4421] dump_header+0xdb/0x700 [ 760.676768][ T4421] oom_kill_process+0xd3/0x280 [ 760.681527][ T4421] out_of_memory+0x5b6/0x890 [ 760.686119][ T4421] ? unregister_oom_notifier+0x20/0x20 [ 760.691577][ T4421] __alloc_pages_slowpath+0x16c2/0x1e50 [ 760.697119][ T4421] ? get_page_from_freelist+0x7c0/0x7c0 [ 760.702659][ T4421] __alloc_pages_nodemask+0x5cb/0x7c0 [ 760.708024][ T4421] ? memcg_check_events+0xf8/0x520 [ 760.713127][ T4421] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 760.718672][ T4421] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 760.724385][ T4421] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 760.730441][ T4421] ? __perf_event_task_sched_in+0x4f7/0x560 [ 760.736327][ T4421] wp_page_copy+0x1cb/0x1120 [ 760.740910][ T4421] ? perf_pmu_sched_task+0x370/0x370 [ 760.746788][ T4421] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 760.751976][ T4421] ? add_mm_rss_vec+0x270/0x270 [ 760.756852][ T4421] ? _raw_spin_unlock_irq+0x5/0x20 [ 760.761957][ T4421] ? finish_task_switch+0x235/0x4c0 [ 760.767234][ T4421] ? vm_normal_page+0x1c9/0x1d0 [ 760.772077][ T4421] do_wp_page+0x4c1/0x1530 [ 760.776494][ T4421] ? _raw_spin_lock+0xa1/0x170 [ 760.781248][ T4421] ? do_swap_page+0x1560/0x1560 [ 760.786087][ T4421] ? ttwu_do_wakeup+0x154/0x5b0 [ 760.790927][ T4421] handle_mm_fault+0xfa5/0x41e0 [ 760.795799][ T4421] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 760.801524][ T4421] ? finish_fault+0x230/0x230 [ 760.806192][ T4421] ? update_curr+0x584/0x740 [ 760.810804][ T4421] ? down_read_trylock+0x17a/0x1d0 [ 760.815938][ T4421] ? _raw_spin_unlock_irq+0x5/0x20 [ 760.821039][ T4421] ? vmacache_find+0x47a/0x4b0 [ 760.825796][ T4421] do_user_addr_fault+0x48a/0x9f0 [ 760.830897][ T4421] page_fault+0x2f/0x40 [ 760.835044][ T4421] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 760.841612][ T4421] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 760.861203][ T4421] RSP: 0018:ffff88806c61f888 EFLAGS: 00010206 [ 760.867244][ T4421] RAX: ffffffff81f86901 RBX: 0000000020238500 RCX: 0000000000000500 [ 760.875191][ T4421] RDX: 0000000000001000 RSI: ffff8881cbd7cb00 RDI: 0000000020238000 [ 760.883137][ T4421] RBP: ffff88806c61fda8 R08: dffffc0000000000 R09: ffffed10397afa00 [ 760.891080][ T4421] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 760.899111][ T4421] R13: 0000000000001000 R14: ffff8881cbd7c000 R15: 0000000020237500 [ 760.907065][ T4421] ? copyout+0x51/0xb0 [ 760.911107][ T4421] copyout+0x8e/0xb0 [ 760.914976][ T4421] copy_page_to_iter+0x393/0xbd0 [ 760.919908][ T4421] pipe_to_user+0xa3/0x130 [ 760.924296][ T4421] __splice_from_pipe+0x2d3/0x870 [ 760.929555][ T4421] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 760.935283][ T4421] do_vmsplice+0x252/0xee0 [ 760.939679][ T4421] ? futex_exit_release+0xc0/0xc0 [ 760.944682][ T4421] ? avc_ss_reset+0x3a0/0x3a0 [ 760.949503][ T4421] ? write_pipe_buf+0x1d0/0x1d0 [ 760.954325][ T4421] ? __rcu_read_lock+0x50/0x50 [ 760.959086][ T4421] ? check_stack_object+0x5a/0x90 [ 760.964084][ T4421] ? _copy_from_user+0xa4/0xe0 [ 760.968819][ T4421] ? rw_copy_check_uvector+0x2b3/0x310 [ 760.974251][ T4421] ? import_iovec+0x1c2/0x380 [ 760.978897][ T4421] ? dup_iter+0x110/0x110 [ 760.983227][ T4421] ? do_vfs_ioctl+0x780/0x1750 [ 760.987962][ T4421] __se_sys_vmsplice+0x1fb/0x300 [ 760.992888][ T4421] ? __x64_sys_vmsplice+0xa0/0xa0 [ 760.997970][ T4421] ? put_timespec64+0x109/0x150 [ 761.002790][ T4421] ? __x64_sys_clock_gettime+0x20d/0x260 [ 761.008753][ T4421] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 761.014440][ T4421] ? __fdget+0x187/0x200 [ 761.018653][ T4421] do_syscall_64+0xcb/0x150 [ 761.023125][ T4421] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 761.028995][ T4421] RIP: 0033:0x45d239 [ 761.032859][ T4421] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 761.052965][ T4421] RSP: 002b:00007f85e433ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 761.061432][ T4421] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 761.069374][ T4421] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 761.077315][ T4421] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 761.085276][ T4421] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 761.093217][ T4421] R13: 00007ffc3e8a7e5f R14: 00007f85e433b9c0 R15: 000000000118d08c [ 761.122477][ T3766] usb 1-1: unable to get BOS descriptor or descriptor too short [ 761.131986][ T4421] Mem-Info: [ 761.139642][ T4421] active_anon:1400460 inactive_anon:9002 isolated_anon:0 [ 761.139642][ T4421] active_file:472 inactive_file:521 isolated_file:85 [ 761.139642][ T4421] unevictable:0 dirty:245 writeback:2 unstable:0 [ 761.139642][ T4421] slab_reclaimable:6614 slab_unreclaimable:86919 [ 761.139642][ T4421] mapped:59592 shmem:9069 pagetables:41132 bounce:0 [ 761.139642][ T4421] free:13053 free_pcp:54 free_cma:0 [ 761.177922][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 761.186241][ T4421] Node 0 active_anon:5601840kB inactive_anon:36008kB active_file:1888kB inactive_file:2084kB unevictable:0kB isolated(anon):0kB isolated(file):216kB mapped:238368kB dirty:980kB writeback:8kB shmem:36276kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 761.211575][ T4421] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 761.248372][ T4421] lowmem_reserve[]: 0 2912 6416 6416 [ 761.253953][ T3766] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 761.272694][ T4421] DMA32 free:22624kB min:8740kB low:11720kB high:14700kB active_anon:2739172kB inactive_anon:12736kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23232kB pagetables:54616kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 761.305296][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 761.318519][ T4421] lowmem_reserve[]: 0 0 3504 3504 [ 761.323852][ T4421] Normal free:14188kB min:24744kB low:28332kB high:31920kB active_anon:2862668kB inactive_anon:23272kB active_file:2024kB inactive_file:1648kB unevictable:0kB writepending:976kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:24960kB pagetables:109912kB bounce:0kB free_pcp:472kB local_pcp:0kB free_cma:0kB [ 761.354374][ T4421] lowmem_reserve[]: 0 0 0 0 [ 761.359259][ T4421] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 761.379677][ T4421] DMA32: 122*4kB (UME) 235*8kB (UME) 520*16kB (UME) 149*32kB (UME) 98*64kB (UME) 7*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22624kB [ 761.395072][ T4421] Normal: 1279*4kB (UMEH) 321*8kB (UMEH) 152*16kB (UMEH) 154*32kB (UMEH) 9*64kB (UMEH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15876kB [ 761.410946][ T4421] 9753 total pagecache pages [ 761.415990][ T4421] 0 pages in swap cache [ 761.420583][ T4421] Swap cache stats: add 0, delete 0, find 0/0 [ 761.427053][ T4421] Free swap = 0kB [ 761.431081][ T4421] Total swap = 0kB [ 761.435083][ T4421] 1965979 pages RAM [ 761.439169][ T4421] 0 pages HighMem/MovableOnly [ 761.444098][ T4421] 318829 pages reserved [ 761.448504][ T4421] 0 pages cma reserved [ 761.452937][ T4421] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=13686,uid=0 [ 761.467471][ T4421] Out of memory: Killed process 13686 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 761.489976][ T23] oom_reaper: reaped process 13686 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 761.653413][ T4426] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 761.660800][ T4426] loop4: partition table partially beyond EOD, truncated [ 761.684645][ T4426] loop4: p1 start 1 is beyond EOD, truncated [ 761.711269][ T4426] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 761.735794][ T4426] loop4: p3 size 2 extends beyond EOD, truncated [ 761.758694][ T4426] loop4: p4 size 32768 extends beyond EOD, truncated [ 761.774295][ T4426] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 761.788596][ T4426] loop4: p6 size 32768 extends beyond EOD, truncated [ 761.813763][ T3766] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 761.823093][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 761.832125][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.844124][ T3766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.856634][ T3766] usb 1-1: Product: syz [ 761.861902][ T3766] usb 1-1: Manufacturer: syz [ 761.868583][ T1968] usb 6-1: Product: syz [ 761.886667][ T3766] usb 1-1: SerialNumber: syz [ 761.891389][ T1968] usb 6-1: Manufacturer: syz [ 761.896779][ T1968] usb 6-1: SerialNumber: syz [ 761.944284][ T4426] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 761.949977][ T4426] loop4: partition table partially beyond EOD, truncated [ 761.957754][ T4426] loop4: p1 start 1 is beyond EOD, truncated [ 761.963906][ T4426] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 761.971454][ T4426] loop4: p3 size 2 extends beyond EOD, truncated [ 761.978450][ T4426] loop4: p4 size 32768 extends beyond EOD, truncated [ 761.985848][ T4426] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 761.994181][ T4426] loop4: p6 size 32768 extends beyond EOD, truncated [ 762.002812][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 762.008042][ T154] loop4: partition table partially beyond EOD, truncated [ 762.015274][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 762.021421][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 762.029347][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 762.036407][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 762.043615][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 762.051097][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 762.170736][ T1968] usb 1-1: USB disconnect, device number 11 [ 762.196081][ T4304] usb 6-1: USB disconnect, device number 18 12:57:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:08 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500100201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:08 executing program 5: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 762.830556][ T4439] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 762.835835][ T4439] loop4: partition table partially beyond EOD, truncated [ 762.842961][ T4439] loop4: p1 start 1 is beyond EOD, truncated [ 762.849085][ T4439] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 762.873799][ T4439] loop4: p3 size 2 extends beyond EOD, truncated 12:57:08 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:08 executing program 0: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 762.898020][ T4439] loop4: p4 size 32768 extends beyond EOD, truncated [ 762.925396][ T4439] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:57:08 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:08 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105001c0201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:08 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 762.961152][ T4439] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:08 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 763.073032][ T4304] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 763.135943][ T4465] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 763.142337][ T4465] loop4: partition table partially beyond EOD, truncated [ 763.156123][ T4465] loop4: p1 start 1 is beyond EOD, truncated [ 763.162563][ T4465] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 763.177508][ T4465] loop4: p3 size 2 extends beyond EOD, truncated [ 763.186002][ T4465] loop4: p4 size 32768 extends beyond EOD, truncated [ 763.216958][ T4465] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 763.258167][ T4465] loop4: p6 size 32768 extends beyond EOD, truncated [ 763.505160][ T4304] usb 6-1: unable to get BOS descriptor or descriptor too short [ 763.592992][ T4304] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 763.782979][ T4304] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 763.809469][ T4304] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.826886][ T4304] usb 6-1: Product: syz [ 763.836053][ T4304] usb 6-1: Manufacturer: syz [ 763.845886][ T4304] usb 6-1: SerialNumber: syz [ 764.107214][ T4304] usb 6-1: USB disconnect, device number 19 12:57:10 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, 0x0, 0x0, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:10 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:10 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105003c0201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 764.737182][ T4494] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 764.742881][ T4494] loop4: partition table partially beyond EOD, truncated [ 764.754665][ T4494] loop4: p1 start 1 is beyond EOD, truncated [ 764.767103][ T4494] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 764.777891][ T4494] loop4: p3 size 2 extends beyond EOD, truncated [ 764.792180][ T4494] loop4: p4 size 32768 extends beyond EOD, truncated [ 764.800302][ T4494] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 764.808603][ T4494] loop4: p6 size 32768 extends beyond EOD, truncated [ 764.942859][ T1968] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 765.342834][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 765.422871][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 765.603268][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 765.631754][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.667030][ T1968] usb 6-1: Product: syz [ 765.685190][ T1968] usb 6-1: Manufacturer: syz [ 765.708236][ T1968] usb 6-1: SerialNumber: syz 12:57:11 executing program 0: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:11 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:11 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, 0x0, 0x0, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:11 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500420201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:11 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:11 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 765.969049][ T1968] usb 6-1: USB disconnect, device number 20 12:57:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, 0x0, 0x0, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 766.053279][ T4506] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 766.058510][ T4506] loop4: partition table partially beyond EOD, truncated [ 766.069868][ T4506] loop4: p1 start 1 is beyond EOD, truncated [ 766.087903][ T4506] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 766.104020][ T4506] loop4: p3 size 2 extends beyond EOD, truncated [ 766.127714][ T4506] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 766.156496][ T4506] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 766.177774][ T4506] loop4: p6 size 32768 extends beyond EOD, truncated [ 766.303250][ T4506] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 766.308626][ T4506] loop4: partition table partially beyond EOD, truncated [ 766.331097][ T4506] loop4: p1 start 1 is beyond EOD, truncated [ 766.352194][ T4506] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 766.380324][ T4506] loop4: p3 size 2 extends beyond EOD, truncated 12:57:12 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:12 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 766.398747][ T4506] loop4: p4 size 32768 extends beyond EOD, truncated [ 766.413637][ T4506] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 766.431145][ T4506] loop4: p6 size 32768 extends beyond EOD, truncated [ 766.862740][ T1968] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 767.262809][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 767.353130][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 767.532730][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 767.542113][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.550711][ T1968] usb 6-1: Product: syz [ 767.555099][ T1968] usb 6-1: Manufacturer: syz [ 767.559687][ T1968] usb 6-1: SerialNumber: syz [ 767.804422][ T1968] usb 6-1: USB disconnect, device number 21 12:57:14 executing program 0: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:14 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 12:57:14 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500720201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:14 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:14 executing program 1: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500100201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:14 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 769.082864][ T4561] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 769.088095][ T4561] loop4: partition table partially beyond EOD, truncated [ 769.104068][ T4561] loop4: p1 start 1 is beyond EOD, truncated [ 769.132617][ T4561] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 769.144515][ T4561] loop4: p3 size 2 extends beyond EOD, truncated [ 769.151629][ T4561] loop4: p4 size 32768 extends beyond EOD, truncated [ 769.159934][ T4561] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 769.172623][ T4574] loop1: p1 < > p2 p3 < p5 p6 > p4 [ 769.177842][ T4574] loop1: partition table partially beyond EOD, truncated [ 769.202800][ T4574] loop1: p1 start 1 is beyond EOD, truncated [ 769.208897][ T4574] loop1: p2 size 1073741824 extends beyond EOD, truncated [ 769.217835][ T4561] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 769.282549][ T1968] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 769.291622][ T4574] loop1: p3 size 2 extends beyond EOD, truncated [ 769.333640][ T4574] loop1: p4 size 32768 extends beyond EOD, truncated [ 769.348741][ T4574] loop1: p5 size 1073741824 extends beyond EOD, truncated [ 769.386664][ T4574] loop1: p6 size 32768 extends beyond EOD, truncated [ 769.882559][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 769.972602][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 770.162521][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 770.171574][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.203066][ T1968] usb 6-1: Product: syz [ 770.207380][ T1968] usb 6-1: Manufacturer: syz [ 770.212079][ T1968] usb 6-1: SerialNumber: syz 12:57:15 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:15 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 770.627175][ T4590] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 770.642825][ T4590] CPU: 0 PID: 4590 Comm: syz-executor.2 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 770.652891][ T4590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 770.662953][ T4590] Call Trace: [ 770.666225][ T4590] dump_stack+0x14a/0x1ce [ 770.670541][ T4590] ? devkmsg_release+0x11c/0x11c [ 770.675538][ T4590] ? show_regs_print_info+0x12/0x12 [ 770.680705][ T4590] ? radix_tree_cpu_dead+0x160/0x160 [ 770.687985][ T4590] ? _raw_spin_lock+0xa1/0x170 [ 770.692732][ T4590] ? _raw_spin_trylock_bh+0x190/0x190 [ 770.698072][ T4590] dump_header+0xdb/0x700 [ 770.702375][ T4590] oom_kill_process+0xd3/0x280 [ 770.707111][ T4590] out_of_memory+0x5b6/0x890 [ 770.711671][ T4590] ? unregister_oom_notifier+0x20/0x20 [ 770.717111][ T4590] __alloc_pages_slowpath+0x16c2/0x1e50 [ 770.722657][ T4590] ? get_page_from_freelist+0x7c0/0x7c0 [ 770.728171][ T4590] __alloc_pages_nodemask+0x5cb/0x7c0 [ 770.733524][ T4590] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 770.739039][ T4590] ? switch_mm_irqs_off+0x4d7/0x9a0 [ 770.744205][ T4590] ? switch_mm+0x100/0x100 [ 770.748617][ T4590] wp_page_copy+0x1fe/0x1120 [ 770.753179][ T4590] ? __schedule+0x920/0xef0 [ 770.757693][ T4590] ? add_mm_rss_vec+0x270/0x270 [ 770.762512][ T4590] do_wp_page+0x68b/0x1530 [ 770.766909][ T4590] ? do_swap_page+0x1560/0x1560 [ 770.771738][ T4590] ? ___preempt_schedule+0x16/0x20 [ 770.776831][ T4590] handle_mm_fault+0xfa5/0x41e0 [ 770.781653][ T4590] ? finish_fault+0x230/0x230 [ 770.786299][ T4590] ? down_read_trylock+0x17a/0x1d0 [ 770.791386][ T4590] ? vmacache_update+0x9f/0xf0 [ 770.796139][ T4590] do_user_addr_fault+0x48a/0x9f0 [ 770.801132][ T4590] page_fault+0x2f/0x40 [ 770.805450][ T4590] RIP: 0033:0x42d0f9 [ 770.809326][ T4590] Code: 00 00 00 41 0f b6 36 4c 89 e7 49 8d 5e 01 ff 50 18 83 f8 ff 74 23 48 83 ed 01 49 89 de eb 92 66 90 4c 89 f6 48 89 da 49 01 de 12 19 01 00 49 89 44 24 28 eb bd 0f 1f 00 4c 89 e8 5b 48 29 e8 [ 770.828991][ T4590] RSP: 002b:00007fff51548000 EFLAGS: 00010216 [ 770.835025][ T4590] RAX: 000000000052a800 RBX: 0000000000000016 RCX: 0000000000000016 [ 770.842965][ T4590] RDX: 0000000000000016 RSI: 00000000004c2bfb RDI: 00007fff51548860 [ 770.850918][ T4590] RBP: 0000000000000016 R08: 0000000000000000 R09: 00007fff51548708 [ 770.859832][ T4590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff51548590 [ 770.867773][ T4590] R13: 0000000000000016 R14: 00000000004c2c11 R15: 0000000000000000 [ 770.877420][ T4590] Mem-Info: [ 770.892406][ T4590] active_anon:1401620 inactive_anon:8841 isolated_anon:0 [ 770.892406][ T4590] active_file:484 inactive_file:459 isolated_file:32 [ 770.892406][ T4590] unevictable:0 dirty:38 writeback:5 unstable:0 [ 770.892406][ T4590] slab_reclaimable:6594 slab_unreclaimable:84373 [ 770.892406][ T4590] mapped:59783 shmem:8907 pagetables:41587 bounce:0 [ 770.892406][ T4590] free:14008 free_pcp:0 free_cma:0 [ 770.962429][ T4590] Node 0 active_anon:5606532kB inactive_anon:35364kB active_file:1508kB inactive_file:1436kB unevictable:0kB isolated(anon):0kB isolated(file):236kB mapped:238556kB dirty:220kB writeback:0kB shmem:35628kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 770.991123][ T4590] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 771.051256][ T4590] lowmem_reserve[]: 0 2912 6416 6416 [ 771.057340][ T4590] DMA32 free:23112kB min:20548kB low:23528kB high:26508kB active_anon:2742984kB inactive_anon:12732kB active_file:80kB inactive_file:276kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23424kB pagetables:54624kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 771.087594][ T4590] lowmem_reserve[]: 0 0 3504 3504 [ 771.093214][ T4590] Normal free:17792kB min:5592kB low:9180kB high:12768kB active_anon:2864556kB inactive_anon:22632kB active_file:1024kB inactive_file:1052kB unevictable:0kB writepending:220kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25248kB pagetables:111712kB bounce:0kB free_pcp:396kB local_pcp:388kB free_cma:0kB [ 771.123685][ T4590] lowmem_reserve[]: 0 0 0 0 [ 771.128474][ T4590] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 771.152837][ T4590] DMA32: 251*4kB (UE) 240*8kB (UE) 681*16kB (UE) 83*32kB (UE) 93*64kB (UE) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22556kB [ 771.181423][ T4590] Normal: 474*4kB (UMH) 76*8kB (UMEH) 176*16kB (UMEH) 168*32kB (UEH) 15*64kB (UEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11784kB [ 771.196681][ T4590] 9342 total pagecache pages [ 771.201622][ T4590] 0 pages in swap cache [ 771.205917][ T4590] Swap cache stats: add 0, delete 0, find 0/0 [ 771.212107][ T4590] Free swap = 0kB [ 771.215939][ T4590] Total swap = 0kB [ 771.219850][ T4590] 1965979 pages RAM [ 771.223863][ T4590] 0 pages HighMem/MovableOnly [ 771.228635][ T4590] 318829 pages reserved [ 771.232883][ T4590] 0 pages cma reserved [ 771.237021][ T4590] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=13637,uid=0 12:57:17 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105004a0301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 771.251420][ T4590] Out of memory: Killed process 13637 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 771.280761][ T23] oom_reaper: reaped process 13637 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 771.302556][ T4304] usb 6-1: USB disconnect, device number 22 [ 771.581324][ T154] systemd-udevd invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=-1000 [ 771.616405][ T154] CPU: 0 PID: 154 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 771.626312][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 771.636371][ T154] Call Trace: [ 771.639655][ T154] dump_stack+0x14a/0x1ce [ 771.643987][ T154] ? devkmsg_release+0x11c/0x11c [ 771.648914][ T154] ? show_regs_print_info+0x12/0x12 [ 771.654101][ T154] ? radix_tree_cpu_dead+0x160/0x160 [ 771.659373][ T154] ? _raw_spin_lock+0xa1/0x170 [ 771.664127][ T154] ? _raw_spin_trylock_bh+0x190/0x190 [ 771.669502][ T154] dump_header+0xdb/0x700 [ 771.673913][ T154] oom_kill_process+0xd3/0x280 [ 771.678664][ T154] out_of_memory+0x5b6/0x890 [ 771.683244][ T154] ? unregister_oom_notifier+0x20/0x20 [ 771.688695][ T154] __alloc_pages_slowpath+0x16c2/0x1e50 [ 771.694242][ T154] ? get_page_from_freelist+0x7c0/0x7c0 [ 771.699778][ T154] ? __zone_watermark_ok+0x91/0x280 [ 771.705228][ T154] __alloc_pages_nodemask+0x5cb/0x7c0 [ 771.710723][ T154] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 771.716256][ T154] ? lockref_get+0x1c2/0x2b0 [ 771.720926][ T154] ? blk_crypto_keyslot_evict+0x160/0x160 [ 771.726747][ T154] ? find_inode_fast+0x3f9/0x4b0 [ 771.731675][ T154] __get_free_pages+0xa/0x30 [ 771.736265][ T154] inode_doinit_with_dentry+0x950/0x10e0 [ 771.741888][ T154] ? __wake_up_bit+0x180/0x180 [ 771.746640][ T154] ? sb_finish_set_opts+0x7e0/0x7e0 [ 771.751922][ T154] ? current_time+0x1be/0x2f0 [ 771.756569][ T154] ? atime_needs_update+0x570/0x570 [ 771.761737][ T154] security_d_instantiate+0x90/0xf0 [ 771.766917][ T154] d_splice_alias+0x71/0x590 [ 771.771485][ T154] kernfs_iop_lookup+0x17a/0x1f0 [ 771.776397][ T154] __lookup_slow+0x312/0x490 [ 771.780960][ T154] ? lookup_one_len2+0x2d0/0x2d0 [ 771.785868][ T154] walk_component+0x3ee/0x970 [ 771.790517][ T154] ? follow_managed+0x950/0x950 [ 771.795348][ T154] ? path_init+0x1220/0x1220 [ 771.799906][ T154] ? path_init+0x962/0x1220 [ 771.804380][ T154] path_lookupat+0x211/0xa60 [ 771.808960][ T154] ? filename_lookup+0x6e0/0x6e0 [ 771.813870][ T154] filename_lookup+0x254/0x6e0 [ 771.818602][ T154] ? hashlen_string+0x120/0x120 [ 771.823424][ T154] ? getname_flags+0x20d/0x610 [ 771.828158][ T154] do_readlinkat+0x119/0x3c0 [ 771.832718][ T154] ? cp_old_stat+0x8a0/0x8a0 [ 771.837278][ T154] ? do_syscall_64+0x150/0x150 [ 771.842011][ T154] ? __fput+0x4fd/0x6c0 [ 771.846137][ T154] __x64_sys_readlinkat+0x96/0xb0 [ 771.851144][ T154] do_syscall_64+0xcb/0x150 [ 771.855619][ T154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 771.861493][ T154] RIP: 0033:0x7f106ca370ba [ 771.865880][ T154] Code: 48 8b 0d e1 bd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 0b 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ae bd 2b 00 f7 d8 64 89 01 48 [ 771.885553][ T154] RSP: 002b:00007ffc17d863a8 EFLAGS: 00000202 ORIG_RAX: 000000000000010b [ 771.893935][ T154] RAX: ffffffffffffffda RBX: 00005629ca8dcd80 RCX: 00007f106ca370ba [ 771.901882][ T154] RDX: 00005629ca8dcd80 RSI: 00005629ca964740 RDI: 00000000ffffff9c [ 771.909913][ T154] RBP: 0000000000000064 R08: 00005629c84f9670 R09: 0000000000000070 [ 771.917876][ T154] R10: 0000000000000063 R11: 0000000000000202 R12: 00005629ca964740 [ 771.925822][ T154] R13: 00000000ffffff9c R14: 00007ffc17d86400 R15: 0000000000000063 [ 771.934602][ T154] Mem-Info: [ 771.937736][ T154] active_anon:1401627 inactive_anon:8840 isolated_anon:0 [ 771.937736][ T154] active_file:858 inactive_file:855 isolated_file:118 [ 771.937736][ T154] unevictable:0 dirty:38 writeback:0 unstable:0 [ 771.937736][ T154] slab_reclaimable:6600 slab_unreclaimable:84391 [ 771.937736][ T154] mapped:60613 shmem:8907 pagetables:41593 bounce:0 [ 771.937736][ T154] free:13244 free_pcp:49 free_cma:0 [ 772.005706][ T154] Node 0 active_anon:5606508kB inactive_anon:35360kB active_file:2524kB inactive_file:2508kB unevictable:0kB isolated(anon):0kB isolated(file):252kB mapped:240952kB dirty:152kB writeback:0kB shmem:35628kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 772.030261][ T154] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 772.057586][ T154] lowmem_reserve[]: 0 2912 6416 6416 [ 772.063650][ T154] DMA32 free:22052kB min:20548kB low:23528kB high:26508kB active_anon:2743552kB inactive_anon:12732kB active_file:164kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23488kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 772.114213][ T154] lowmem_reserve[]: 0 0 3504 3504 [ 772.122459][ T154] Normal free:18192kB min:17880kB low:21468kB high:25056kB active_anon:2862864kB inactive_anon:22628kB active_file:2108kB inactive_file:2684kB unevictable:0kB writepending:152kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25216kB pagetables:111744kB bounce:0kB free_pcp:640kB local_pcp:244kB free_cma:0kB [ 772.153426][ T154] lowmem_reserve[]: 0 0 0 0 [ 772.168277][ T154] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 772.196478][ T154] DMA32: 257*4kB (UME) 241*8kB (UME) 686*16kB (UME) 71*32kB (UE) 91*64kB (UE) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22156kB [ 772.212645][ T154] Normal: 651*4kB (UMEH) 186*8kB (UMEH) 167*16kB (UMEH) 190*32kB (UMEH) 39*64kB (UMEH) 25*128kB (MEH) 3*256kB (M) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 19820kB [ 772.235623][ T154] 9683 total pagecache pages [ 772.246001][ T154] 0 pages in swap cache [ 772.254772][ T154] Swap cache stats: add 0, delete 0, find 0/0 [ 772.267720][ T154] Free swap = 0kB [ 772.274233][ T154] Total swap = 0kB [ 772.278211][ T154] 1965979 pages RAM [ 772.282143][ T154] 0 pages HighMem/MovableOnly [ 772.286969][ T154] 318829 pages reserved [ 772.291288][ T154] 0 pages cma reserved [ 772.295666][ T154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=12947,uid=0 [ 772.310860][ T154] Out of memory: Killed process 12947 (syz-executor.5) total-vm:85476kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 772.335040][ T23] oom_reaper: reaped process 12947 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:57:18 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105004c0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:18 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:18 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500720301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:18 executing program 1: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500600001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:18 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 772.587426][ T4603] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 772.599556][ T4603] loop0: partition table partially beyond EOD, truncated [ 772.607799][ T4603] loop0: p1 start 1 is beyond EOD, truncated [ 772.614613][ T4603] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 772.622669][ T4607] loop1: p1 < > p2 p3 < p5 p6 > p4 [ 772.628575][ T4607] loop1: partition table partially beyond EOD, truncated [ 772.637170][ T4603] loop0: p3 size 2 extends beyond EOD, truncated [ 772.647267][ T4603] loop0: p4 size 32768 extends beyond EOD, truncated [ 772.651691][ T4607] loop1: p1 start 1 is beyond EOD, truncated [ 772.669716][ T4607] loop1: p2 size 1073741824 extends beyond EOD, truncated [ 772.669836][ T4603] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 772.693079][ T4607] loop1: p3 size 2 extends beyond EOD, truncated [ 772.699480][ T4598] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 772.707505][ T4598] loop4: partition table partially beyond EOD, truncated [ 772.708102][ T4603] loop0: p6 size 32768 extends beyond EOD, truncated [ 772.732788][ T4607] loop1: p4 size 32768 extends beyond EOD, truncated 12:57:18 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 772.740065][ T4598] loop4: p1 start 1 is beyond EOD, truncated [ 772.760290][ T4598] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 772.770107][ T4607] loop1: p5 size 1073741824 extends beyond EOD, truncated [ 772.802884][ T4598] loop4: p3 size 2 extends beyond EOD, truncated [ 772.809853][ T4598] loop4: p4 size 32768 extends beyond EOD, truncated [ 772.816982][ T4607] loop1: p6 size 32768 extends beyond EOD, truncated [ 772.824832][ T4598] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:57:18 executing program 1: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 772.852345][ T1968] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 772.874160][ T4598] loop4: p6 size 32768 extends beyond EOD, truncated [ 773.043418][ T4598] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 773.049171][ T4598] loop4: partition table partially beyond EOD, truncated [ 773.074803][ T4598] loop4: p1 start 1 is beyond EOD, truncated [ 773.089294][ T4598] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 773.107028][ T4598] loop4: p3 size 2 extends beyond EOD, truncated [ 773.125648][ T4598] loop4: p4 size 32768 extends beyond EOD, truncated [ 773.192243][ T3766] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 773.209424][ T4598] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 773.282307][ T1968] usb 6-1: unable to get BOS descriptor or descriptor too short [ 773.353548][ T4627] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 773.370832][ T4627] CPU: 0 PID: 4627 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 773.381077][ T4627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 773.391114][ T4627] Call Trace: [ 773.394393][ T4627] dump_stack+0x14a/0x1ce [ 773.398878][ T4627] ? devkmsg_release+0x11c/0x11c [ 773.403807][ T4627] ? show_regs_print_info+0x12/0x12 [ 773.408974][ T4627] ? radix_tree_cpu_dead+0x160/0x160 [ 773.414230][ T4627] ? _raw_spin_lock+0xa1/0x170 [ 773.418962][ T4627] ? _raw_spin_trylock_bh+0x190/0x190 [ 773.424305][ T4627] dump_header+0xdb/0x700 [ 773.428611][ T4627] oom_kill_process+0xd3/0x280 [ 773.433360][ T4627] out_of_memory+0x5b6/0x890 [ 773.437924][ T4627] ? unregister_oom_notifier+0x20/0x20 [ 773.443354][ T4627] __alloc_pages_slowpath+0x16c2/0x1e50 [ 773.448902][ T4627] ? get_page_from_freelist+0x7c0/0x7c0 [ 773.454506][ T4627] ? flush_tlb_func_common+0x45/0x580 [ 773.459848][ T4627] __alloc_pages_nodemask+0x5cb/0x7c0 [ 773.465365][ T4627] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 773.473404][ T4627] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 773.479787][ T4627] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 773.485563][ T4627] ? __lru_cache_add+0x1a1/0x1f0 [ 773.490471][ T4627] wp_page_copy+0x1cb/0x1120 [ 773.495044][ T4627] ? add_mm_rss_vec+0x270/0x270 [ 773.499875][ T4627] ? vm_normal_page+0x1c9/0x1d0 [ 773.504750][ T4627] do_wp_page+0x4c1/0x1530 [ 773.509141][ T4627] ? _raw_spin_lock+0xa1/0x170 [ 773.513902][ T4627] ? do_swap_page+0x1560/0x1560 [ 773.518734][ T4627] handle_mm_fault+0xfa5/0x41e0 [ 773.523570][ T4627] ? finish_fault+0x230/0x230 [ 773.528220][ T4627] ? down_read_trylock+0x17a/0x1d0 [ 773.533311][ T4627] ? vmacache_find+0x47a/0x4b0 [ 773.538131][ T4627] do_user_addr_fault+0x48a/0x9f0 [ 773.543127][ T4627] page_fault+0x2f/0x40 [ 773.547258][ T4627] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 773.553844][ T4627] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 773.574723][ T4627] RSP: 0018:ffff888100e5f888 EFLAGS: 00010206 [ 773.580759][ T4627] RAX: ffffffff81f86901 RBX: 0000000020bc1500 RCX: 0000000000000500 [ 773.588710][ T4627] RDX: 0000000000001000 RSI: ffff8881c8aeeb00 RDI: 0000000020bc1000 [ 773.596651][ T4627] RBP: ffff888100e5fda8 R08: dffffc0000000000 R09: ffffed103915de00 [ 773.604593][ T4627] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 773.612533][ T4627] R13: 0000000000001000 R14: ffff8881c8aee000 R15: 0000000020bc0500 [ 773.620481][ T4627] ? copyout+0x51/0xb0 [ 773.624519][ T4627] copyout+0x8e/0xb0 [ 773.628385][ T4627] copy_page_to_iter+0x393/0xbd0 [ 773.633297][ T4627] pipe_to_user+0xa3/0x130 [ 773.637683][ T4627] __splice_from_pipe+0x2d3/0x870 [ 773.642940][ T4627] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 773.648453][ T4627] do_vmsplice+0x252/0xee0 [ 773.652840][ T4627] ? futex_exit_release+0xc0/0xc0 [ 773.657944][ T4627] ? avc_ss_reset+0x3a0/0x3a0 [ 773.662591][ T4627] ? write_pipe_buf+0x1d0/0x1d0 [ 773.667421][ T4627] ? __rcu_read_lock+0x50/0x50 [ 773.672155][ T4627] ? check_stack_object+0x5a/0x90 [ 773.677243][ T4627] ? _copy_from_user+0xa4/0xe0 [ 773.681979][ T4627] ? rw_copy_check_uvector+0x2b3/0x310 [ 773.687421][ T4627] ? import_iovec+0x1c2/0x380 [ 773.692078][ T4627] ? dup_iter+0x110/0x110 [ 773.696376][ T4627] ? do_vfs_ioctl+0x780/0x1750 [ 773.701121][ T4627] __se_sys_vmsplice+0x1fb/0x300 [ 773.706029][ T4627] ? __x64_sys_vmsplice+0xa0/0xa0 [ 773.711038][ T4627] ? put_timespec64+0x109/0x150 [ 773.715858][ T4627] ? __x64_sys_clock_gettime+0x20d/0x260 [ 773.721476][ T4627] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 773.727165][ T4627] ? __fdget+0x187/0x200 [ 773.731426][ T4627] do_syscall_64+0xcb/0x150 [ 773.735910][ T4627] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 773.741778][ T4627] RIP: 0033:0x45d239 [ 773.745645][ T4627] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 773.765227][ T4627] RSP: 002b:00007f4b5e188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 773.773955][ T4627] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 773.781895][ T4627] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 773.789838][ T4627] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 773.797779][ T4627] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 773.805718][ T4627] R13: 00007ffeae16178f R14: 00007f4b5e1899c0 R15: 000000000118d08c [ 773.814486][ T1968] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 773.852575][ T4627] Mem-Info: [ 773.855728][ T4627] active_anon:1401785 inactive_anon:10886 isolated_anon:0 [ 773.855728][ T4627] active_file:375 inactive_file:475 isolated_file:60 [ 773.855728][ T4627] unevictable:0 dirty:31 writeback:11 unstable:0 [ 773.855728][ T4627] slab_reclaimable:6609 slab_unreclaimable:84112 [ 773.855728][ T4627] mapped:60027 shmem:10951 pagetables:41612 bounce:0 [ 773.855728][ T4627] free:12023 free_pcp:138 free_cma:0 [ 773.912229][ T4627] Node 0 active_anon:5607140kB inactive_anon:43544kB active_file:1500kB inactive_file:1756kB unevictable:0kB isolated(anon):0kB isolated(file):252kB mapped:240008kB dirty:124kB writeback:44kB shmem:43804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 773.945488][ T4627] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 773.972611][ T4627] lowmem_reserve[]: 0 2912 6416 6416 [ 773.978536][ T4627] DMA32 free:22440kB min:8740kB low:11720kB high:14700kB active_anon:2743880kB inactive_anon:12732kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23424kB pagetables:54624kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 774.008313][ T4627] lowmem_reserve[]: 0 0 3504 3504 [ 774.018701][ T4627] Normal free:10968kB min:24744kB low:28332kB high:31920kB active_anon:2863268kB inactive_anon:30808kB active_file:1552kB inactive_file:1784kB unevictable:0kB writepending:148kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25408kB pagetables:111728kB bounce:0kB free_pcp:140kB local_pcp:140kB free_cma:0kB [ 774.049687][ T4627] lowmem_reserve[]: 0 0 0 0 [ 774.056994][ T4627] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 774.097244][ T4627] DMA32: 202*4kB (UME) 234*8kB (UME) 685*16kB (UME) 85*32kB (UME) 91*64kB (UE) 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22440kB [ 774.112866][ T1968] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 774.126838][ T1968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.154692][ T1968] usb 6-1: Product: syz [ 774.164881][ T4627] Normal: 440*4kB (UMEH) 143*8kB (UMEH) 107*16kB (UMH) 189*32kB (UMH) 14*64kB (UMH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11816kB [ 774.196785][ T1968] usb 6-1: Manufacturer: syz [ 774.202195][ T4627] 11292 total pagecache pages [ 774.206968][ T4627] 0 pages in swap cache [ 774.209850][ T1968] usb 6-1: SerialNumber: syz [ 774.211137][ T4627] Swap cache stats: add 0, delete 0, find 0/0 [ 774.211140][ T4627] Free swap = 0kB [ 774.211143][ T4627] Total swap = 0kB [ 774.211147][ T4627] 1965979 pages RAM [ 774.211149][ T4627] 0 pages HighMem/MovableOnly [ 774.211151][ T4627] 318829 pages reserved [ 774.211153][ T4627] 0 pages cma reserved [ 774.211164][ T4627] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=12539,uid=0 [ 774.260231][ T4627] Out of memory: Killed process 12539 (syz-executor.5) total-vm:85476kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 774.282736][ T23] oom_reaper: reaped process 12539 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 774.332216][ T3766] usb 2-1: unable to get BOS descriptor or descriptor too short [ 774.395798][ T4598] loop4: p6 size 32768 extends beyond EOD, truncated [ 774.412874][ T3766] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 12:57:20 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500b80301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:20 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 774.602236][ T3766] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 774.615019][ T3766] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 774.634530][ T3766] usb 2-1: Product: syz [ 774.644563][ T3766] usb 2-1: Manufacturer: syz [ 774.655274][ T3766] usb 2-1: SerialNumber: syz [ 774.838953][ T4620] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 774.864040][ T4620] CPU: 1 PID: 4620 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 774.874114][ T4620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 774.884156][ T4620] Call Trace: [ 774.887439][ T4620] dump_stack+0x14a/0x1ce [ 774.892620][ T4620] ? devkmsg_release+0x11c/0x11c [ 774.897531][ T4620] ? show_regs_print_info+0x12/0x12 [ 774.902697][ T4620] ? radix_tree_cpu_dead+0x160/0x160 [ 774.907957][ T4620] ? _raw_spin_lock+0xa1/0x170 [ 774.912688][ T4620] ? _raw_spin_trylock_bh+0x190/0x190 [ 774.918097][ T4620] dump_header+0xdb/0x700 [ 774.922408][ T4620] oom_kill_process+0xd3/0x280 [ 774.927140][ T4620] out_of_memory+0x5b6/0x890 [ 774.931712][ T4620] ? unregister_oom_notifier+0x20/0x20 [ 774.937141][ T4620] __alloc_pages_slowpath+0x16c2/0x1e50 [ 774.942744][ T4620] ? get_page_from_freelist+0x7c0/0x7c0 [ 774.948262][ T4620] __alloc_pages_nodemask+0x5cb/0x7c0 [ 774.953605][ T4620] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 774.961508][ T4620] pagecache_get_page+0x50f/0x880 [ 774.966504][ T4620] ? __down_read+0x210/0x210 [ 774.971064][ T4620] ? __set_page_dirty_buffers+0x24f/0x2e0 [ 774.976931][ T4620] ? wait_for_stable_page+0x10f/0x150 [ 774.982283][ T4620] filemap_fault+0x14cb/0x1a30 [ 774.987016][ T4620] ? __down_read+0xf1/0x210 [ 774.992878][ T4620] ? generic_file_read_iter+0x20b0/0x20b0 [ 774.998581][ T4620] ? __rcu_read_lock+0x50/0x50 [ 775.003327][ T4620] ext4_filemap_fault+0x7b/0x90 [ 775.008148][ T4620] handle_mm_fault+0x1fcc/0x41e0 [ 775.013143][ T4620] ? finish_fault+0x230/0x230 [ 775.017790][ T4620] ? get_timespec64+0x11f/0x1d0 [ 775.022628][ T4620] ? down_read_trylock+0x17a/0x1d0 [ 775.027708][ T4620] ? common_interrupt+0xa/0xf [ 775.032365][ T4620] ? vmacache_find+0x205/0x4b0 [ 775.037113][ T4620] do_user_addr_fault+0x48a/0x9f0 [ 775.042119][ T4620] page_fault+0x2f/0x40 [ 775.046505][ T4620] RIP: 0033:0x4036c7 [ 775.050381][ T4620] Code: 00 00 00 48 83 ec 08 48 8b 15 d5 04 2a 01 48 8b 05 c6 04 2a 01 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 a8 04 2a 01 48 83 c4 08 c3 48 89 c6 bf a0 12 4d 00 [ 775.069967][ T4620] RSP: 002b:00007ffeae161760 EFLAGS: 00010287 [ 775.076005][ T4620] RAX: 0000001b31b25000 RBX: 0000000035815a66 RCX: 0000001b32b20000 [ 775.083949][ T4620] RDX: 0000001b31b25004 RSI: 0000000000001227 RDI: ffffffff69aa1227 [ 775.091893][ T4620] RBP: 0000000000000037 R08: 0000000069aa1227 R09: 0000000069aa122b [ 775.099848][ T4620] R10: 00007ffeae1618f0 R11: 0000000000000246 R12: 000000000118d108 [ 775.107805][ T4620] R13: 0000000080000000 R14: 00007f4b5fdcc008 R15: 0000000000000070 [ 775.279025][ T4620] Mem-Info: [ 775.282409][ T4620] active_anon:1399638 inactive_anon:10887 isolated_anon:0 [ 775.282409][ T4620] active_file:3 inactive_file:68 isolated_file:59 [ 775.282409][ T4620] unevictable:0 dirty:43 writeback:0 unstable:0 [ 775.282409][ T4620] slab_reclaimable:6621 slab_unreclaimable:84103 [ 775.282409][ T4620] mapped:59361 shmem:10951 pagetables:41583 bounce:0 [ 775.282409][ T4620] free:14482 free_pcp:632 free_cma:0 [ 775.320686][ T4620] Node 0 active_anon:5598552kB inactive_anon:43548kB active_file:12kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:237244kB dirty:172kB writeback:0kB shmem:43804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 775.345640][ T4620] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 775.371983][ T4620] lowmem_reserve[]: 0 2912 6416 6416 [ 775.377690][ T4620] DMA32 free:21668kB min:4644kB low:7624kB high:10604kB active_anon:2744040kB inactive_anon:12732kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23552kB pagetables:54624kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 775.407914][ T4620] lowmem_reserve[]: 0 0 3504 3504 [ 775.415083][ T4620] Normal free:20608kB min:5592kB low:9180kB high:12768kB active_anon:2854512kB inactive_anon:30816kB active_file:212kB inactive_file:192kB unevictable:0kB writepending:120kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25472kB pagetables:111708kB bounce:0kB free_pcp:2304kB local_pcp:1504kB free_cma:0kB [ 775.445472][ T4620] lowmem_reserve[]: 0 0 0 0 [ 775.450090][ T4620] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 775.463465][ T4620] DMA32: 201*4kB (UME) 234*8kB (UME) 691*16kB (UME) 62*32kB (UME) 91*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21668kB [ 775.478340][ T4620] Normal: 963*4kB (UMEH) 293*8kB (UMEH) 247*16kB (UMH) 263*32kB (UMH) 22*64kB (UMH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20228kB [ 775.498796][ T4620] 11325 total pagecache pages [ 775.504104][ T4620] 0 pages in swap cache [ 775.508871][ T4620] Swap cache stats: add 0, delete 0, find 0/0 [ 775.515551][ T4620] Free swap = 0kB [ 775.519699][ T4620] Total swap = 0kB [ 775.542641][ T4620] 1965979 pages RAM [ 775.552070][ T4620] 0 pages HighMem/MovableOnly [ 775.556749][ T4620] 318829 pages reserved [ 775.560879][ T4620] 0 pages cma reserved [ 775.568928][ T4304] usb 6-1: USB disconnect, device number 23 [ 775.572075][ T4620] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=12293,uid=0 [ 775.589040][ T4620] Out of memory: Killed process 12293 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 775.609141][ T23] oom_reaper: reaped process 12293 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:57:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:21 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:21 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d30301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:21 executing program 1: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 775.916435][ T3766] usb 2-1: USB disconnect, device number 12 [ 775.940788][ T4654] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 775.946773][ T4654] loop4: partition table partially beyond EOD, truncated 12:57:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 775.976750][ T4654] loop4: p1 start 1 is beyond EOD, truncated [ 776.010289][ T4654] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 776.058076][ T4654] loop4: p3 size 2 extends beyond EOD, truncated [ 776.079395][ T4654] loop4: p4 size 32768 extends beyond EOD, truncated [ 776.107649][ T4654] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 776.123060][ T4654] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:22 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d40301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 776.192051][ T4304] usb 6-1: new high-speed USB device number 24 using dummy_hcd 12:57:22 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 776.308891][ T4674] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 776.314484][ T4674] loop4: partition table partially beyond EOD, truncated [ 776.342052][ T3766] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 776.344206][ T4674] loop4: p1 start 1 is beyond EOD, truncated [ 776.358513][ T4674] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 776.456753][ T4680] syz-executor.3 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 776.471514][ T4680] CPU: 1 PID: 4680 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 776.481571][ T4680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 776.491610][ T4680] Call Trace: [ 776.494893][ T4680] dump_stack+0x14a/0x1ce [ 776.499212][ T4680] ? devkmsg_release+0x11c/0x11c [ 776.504139][ T4680] ? show_regs_print_info+0x12/0x12 [ 776.509324][ T4680] ? radix_tree_cpu_dead+0x160/0x160 [ 776.514595][ T4680] ? _raw_spin_lock+0xa1/0x170 [ 776.519349][ T4680] ? _raw_spin_trylock_bh+0x190/0x190 [ 776.524711][ T4680] dump_header+0xdb/0x700 [ 776.529026][ T4680] oom_kill_process+0xd3/0x280 [ 776.533777][ T4680] out_of_memory+0x5b6/0x890 [ 776.538356][ T4680] ? unregister_oom_notifier+0x20/0x20 [ 776.543805][ T4680] __alloc_pages_slowpath+0x16c2/0x1e50 [ 776.549339][ T4680] ? get_page_from_freelist+0x7c0/0x7c0 [ 776.554881][ T4680] __alloc_pages_nodemask+0x5cb/0x7c0 [ 776.560254][ T4680] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 776.565794][ T4680] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 776.571504][ T4680] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 776.577300][ T4680] ? __lru_cache_add+0x1a1/0x1f0 [ 776.582226][ T4680] wp_page_copy+0x1cb/0x1120 [ 776.586800][ T4680] ? prep_new_page+0x11a/0x380 [ 776.595979][ T4680] ? add_mm_rss_vec+0x270/0x270 [ 776.600816][ T4680] ? __rcu_read_lock+0x50/0x50 [ 776.605565][ T4680] ? __memcg_kmem_charge_memcg+0x150/0x150 [ 776.611356][ T4680] ? vm_normal_page+0x1c9/0x1d0 [ 776.616193][ T4680] do_wp_page+0x4c1/0x1530 [ 776.620594][ T4680] ? _raw_spin_lock+0xa1/0x170 [ 776.625346][ T4680] ? do_swap_page+0x1560/0x1560 [ 776.630188][ T4680] handle_mm_fault+0xfa5/0x41e0 [ 776.635030][ T4680] ? _raw_spin_unlock+0x5/0x20 [ 776.639869][ T4680] ? wake_up_new_task+0x9d3/0xb60 [ 776.644972][ T4680] ? finish_fault+0x230/0x230 [ 776.649641][ T4680] ? get_timespec64+0x11f/0x1d0 [ 776.654478][ T4680] ? down_read_trylock+0x17a/0x1d0 [ 776.659576][ T4680] ? vmacache_find+0x2d2/0x4b0 [ 776.664327][ T4680] do_user_addr_fault+0x48a/0x9f0 [ 776.669337][ T4680] page_fault+0x2f/0x40 [ 776.673480][ T4680] RIP: 0033:0x411ea8 [ 776.677358][ T4680] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 13 2b 4c 00 31 c0 e8 83 ff fe ff 31 ff e8 ec 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 76 00 eb b6 31 ed 0f 1f 44 00 00 80 3d a6 1c 29 01 [ 776.697300][ T4680] RSP: 002b:00007ffc3e8a7e10 EFLAGS: 00010246 [ 776.703342][ T4680] RAX: 00000000145f2446 RBX: 0000000073fa3da0 RCX: 0000001b32c20000 [ 776.711283][ T4680] RDX: 0000000000000000 RSI: 0000000000000446 RDI: ffffffff145f2446 [ 776.719224][ T4680] RBP: 0000000000000001 R08: 00000000145f2446 R09: 00000000145f244a [ 776.727180][ T4680] R10: 00007ffc3e8a7fc0 R11: 0000000000000246 R12: 000000000118cfc8 [ 776.735133][ T4680] R13: 0000000080000000 R14: 00007f85e637e008 R15: 0000000000000001 [ 776.747165][ T4680] Mem-Info: [ 776.750407][ T4680] active_anon:1400591 inactive_anon:10886 isolated_anon:0 [ 776.750407][ T4680] active_file:245 inactive_file:349 isolated_file:0 [ 776.750407][ T4680] unevictable:0 dirty:27 writeback:5 unstable:0 [ 776.750407][ T4680] slab_reclaimable:6623 slab_unreclaimable:83698 [ 776.750407][ T4680] mapped:59773 shmem:10951 pagetables:41604 bounce:0 [ 776.750407][ T4680] free:13574 free_pcp:485 free_cma:0 [ 776.790036][ T4674] loop4: p3 size 2 extends beyond EOD, truncated [ 776.802915][ T4674] loop4: p4 size 32768 extends beyond EOD, truncated [ 776.853721][ T4674] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 776.856877][ T4680] Node 0 active_anon:5608164kB inactive_anon:43544kB active_file:1152kB inactive_file:2584kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:240492kB dirty:108kB writeback:20kB shmem:43804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 776.862219][ T4304] usb 6-1: unable to get BOS descriptor or descriptor too short [ 776.920507][ T4674] loop4: p6 size 32768 extends beyond EOD, truncated [ 776.973244][ T4680] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 776.999654][ T4680] lowmem_reserve[]: 0 2912 6416 6416 [ 777.005446][ T4680] DMA32 free:23828kB min:20548kB low:23528kB high:26508kB active_anon:2745000kB inactive_anon:12732kB active_file:0kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23488kB pagetables:54736kB bounce:0kB free_pcp:420kB local_pcp:112kB free_cma:0kB [ 777.035028][ T4304] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 777.035278][ T4680] lowmem_reserve[]: 0 0 3504 3504 [ 777.053673][ T4680] Normal free:7748kB min:24744kB low:28332kB high:31920kB active_anon:2863480kB inactive_anon:30828kB active_file:1632kB inactive_file:1420kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25440kB pagetables:111940kB bounce:0kB free_pcp:940kB local_pcp:0kB free_cma:0kB [ 777.084237][ T4680] lowmem_reserve[]: 0 0 0 0 [ 777.089131][ T4680] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 777.112397][ T4680] DMA32: 122*4kB (UME) 218*8kB (UME) 688*16kB (UE) 168*32kB (UE) 88*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24248kB [ 777.140459][ T4680] Normal: 434*4kB (UMH) 98*8kB (UMEH) 37*16kB (UMH) 153*32kB (UMH) 17*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9224kB [ 777.156675][ T4680] 11766 total pagecache pages [ 777.161774][ T4680] 0 pages in swap cache [ 777.166383][ T4680] Swap cache stats: add 0, delete 0, find 0/0 [ 777.172803][ T4680] Free swap = 0kB [ 777.176937][ T4680] Total swap = 0kB [ 777.180990][ T4680] 1965979 pages RAM [ 777.185227][ T4680] 0 pages HighMem/MovableOnly [ 777.190195][ T4680] 318829 pages reserved [ 777.194671][ T4680] 0 pages cma reserved [ 777.199053][ T4680] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=4633,uid=0 [ 777.212057][ T4304] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 777.213711][ T3766] usb 2-1: unable to get BOS descriptor or descriptor too short [ 777.228081][ T4304] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.230290][ T4680] Out of memory: Killed process 4633 (syz-executor.0) total-vm:85608kB, anon-rss:16568kB, file-rss:35056kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 777.248120][ T4304] usb 6-1: Product: syz [ 777.263029][ T4304] usb 6-1: Manufacturer: syz [ 777.267960][ T4304] usb 6-1: SerialNumber: syz [ 777.284276][ T139] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 777.312270][ T139] CPU: 1 PID: 139 Comm: systemd-journal Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 777.322347][ T139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 777.332479][ T139] Call Trace: [ 777.335766][ T139] dump_stack+0x14a/0x1ce [ 777.340095][ T139] ? devkmsg_release+0x11c/0x11c [ 777.345024][ T139] ? show_regs_print_info+0x12/0x12 [ 777.350211][ T139] ? radix_tree_cpu_dead+0x160/0x160 [ 777.355480][ T139] ? _raw_spin_lock+0xa1/0x170 [ 777.360233][ T139] ? _raw_spin_trylock_bh+0x190/0x190 [ 777.365585][ T139] dump_header+0xdb/0x700 [ 777.369896][ T139] oom_kill_process+0xd3/0x280 [ 777.374724][ T139] out_of_memory+0x5b6/0x890 [ 777.379288][ T139] ? unregister_oom_notifier+0x20/0x20 [ 777.384734][ T139] __alloc_pages_slowpath+0x16c2/0x1e50 [ 777.390270][ T139] ? get_page_from_freelist+0x7c0/0x7c0 [ 777.395792][ T139] ? __zone_watermark_ok+0x91/0x280 [ 777.400962][ T139] __alloc_pages_nodemask+0x5cb/0x7c0 [ 777.406316][ T139] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 777.411844][ T139] ? unix_dgram_recvmsg+0xba4/0x10a0 [ 777.417100][ T139] alloc_slab_page+0x3a/0x3a0 [ 777.421748][ T139] new_slab+0x408/0x450 [ 777.425876][ T139] ? should_fail+0x18e/0x860 [ 777.430436][ T139] ___slab_alloc+0x2e0/0x450 [ 777.435009][ T139] ? ____sys_recvmsg+0x353/0x440 [ 777.439916][ T139] ? getname_flags+0xb8/0x610 [ 777.444578][ T139] ? getname_flags+0xb8/0x610 [ 777.449228][ T139] kmem_cache_alloc+0x23f/0x260 [ 777.454054][ T139] getname_flags+0xb8/0x610 [ 777.459134][ T139] user_path_at_empty+0x28/0x50 [ 777.463954][ T139] __se_sys_newstat+0xea/0x8b0 [ 777.468688][ T139] ? __x64_sys_newstat+0x60/0x60 [ 777.473595][ T139] ? __sys_recvmsg+0x352/0x3c0 [ 777.478329][ T139] ? ____sys_recvmsg+0x440/0x440 [ 777.483238][ T139] ? __secure_computing+0x1b6/0x250 [ 777.488408][ T139] ? security_file_ioctl+0xad/0xc0 [ 777.493496][ T139] do_syscall_64+0xcb/0x150 [ 777.497975][ T139] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 777.503838][ T139] RIP: 0033:0x7f1664483295 [ 777.508240][ T139] Code: Bad RIP value. [ 777.512277][ T139] RSP: 002b:00007fff31019c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 777.520667][ T139] RAX: ffffffffffffffda RBX: 00007f166450b011 RCX: 00007f1664483295 [ 777.528612][ T139] RDX: 00007fff31019d10 RSI: 00007fff31019d10 RDI: 00007f166450b011 [ 777.536653][ T139] RBP: 0000000000000001 R08: 0000556289b83300 R09: 0000000000000020 [ 777.544594][ T139] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 777.552537][ T139] R13: 0000000000000000 R14: 00007fff3101a2b0 R15: 00007fff31019e51 [ 777.562062][ T139] Mem-Info: [ 777.565742][ T139] active_anon:1397970 inactive_anon:10890 isolated_anon:0 [ 777.565742][ T139] active_file:282 inactive_file:347 isolated_file:64 [ 777.565742][ T139] unevictable:0 dirty:10 writeback:0 unstable:0 [ 777.565742][ T139] slab_reclaimable:6634 slab_unreclaimable:83607 [ 777.565742][ T139] mapped:59944 shmem:10956 pagetables:41669 bounce:0 [ 777.565742][ T139] free:16280 free_pcp:191 free_cma:0 [ 777.605381][ T139] Node 0 active_anon:5591880kB inactive_anon:43560kB active_file:1128kB inactive_file:1388kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:239676kB dirty:40kB writeback:0kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 777.612054][ T3766] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 777.631288][ T139] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 777.687901][ T139] lowmem_reserve[]: 0 2912 6416 6416 [ 777.693971][ T139] DMA32 free:24332kB min:4644kB low:7624kB high:10604kB active_anon:2744496kB inactive_anon:12732kB active_file:0kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23488kB pagetables:54736kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 777.753711][ T139] lowmem_reserve[]: 0 0 3504 3504 [ 777.759858][ T139] Normal free:21044kB min:5592kB low:9180kB high:12768kB active_anon:2847856kB inactive_anon:30828kB active_file:1620kB inactive_file:4948kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25440kB pagetables:111940kB bounce:0kB free_pcp:712kB local_pcp:264kB free_cma:0kB 12:57:23 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 777.811502][ T139] lowmem_reserve[]: 0 0 0 0 [ 777.830886][ T139] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 777.847095][ T139] DMA32: 186*4kB (UME) 222*8kB (UME) 693*16kB (UME) 182*32kB (UME) 89*64kB (UE) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 25384kB [ 777.862896][ T139] Normal: 59*4kB (EH) 33*8kB (UMH) 19*16kB (UEH) 155*32kB (UEH) 31*64kB (UMEH) 11*128kB (MH) 0*256kB 0*512kB 2*1024kB (M) 2*2048kB (ME) 0*4096kB = 15300kB [ 777.880383][ T139] 13906 total pagecache pages [ 777.885569][ T3766] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 777.897260][ T4674] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 777.902770][ T4674] loop4: partition table partially beyond EOD, truncated [ 777.910122][ T4674] loop4: p1 start 1 is beyond EOD, truncated [ 777.914545][ T139] 0 pages in swap cache [ 777.916925][ T3766] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.927277][ T139] Swap cache stats: add 0, delete 0, find 0/0 [ 777.934025][ T4674] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 777.947235][ T139] Free swap = 0kB [ 777.952562][ T4674] loop4: p3 size 2 extends beyond EOD, truncated 12:57:23 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 777.961281][ T3766] usb 2-1: Product: syz [ 777.965606][ T4674] loop4: p4 size 32768 extends beyond EOD, truncated [ 777.967487][ T139] Total swap = 0kB [ 777.974177][ T3766] usb 2-1: Manufacturer: syz [ 777.984808][ T3766] usb 2-1: SerialNumber: syz [ 777.989587][ T4674] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 777.993397][ T139] 1965979 pages RAM [ 778.003034][ T4674] loop4: p6 size 32768 extends beyond EOD, truncated [ 778.014598][ T139] 0 pages HighMem/MovableOnly [ 778.027150][ T139] 318829 pages reserved [ 778.031349][ T139] 0 pages cma reserved [ 778.035525][ T139] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=11944,uid=0 [ 778.051021][ T139] Out of memory: Killed process 11944 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 778.078457][ T3766] usb 6-1: USB disconnect, device number 24 [ 778.114233][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 778.119590][ T154] loop4: partition table partially beyond EOD, truncated [ 778.130274][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 778.136874][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 778.144764][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 778.154236][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 778.167482][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 778.179027][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 778.290691][ T4304] usb 2-1: USB disconnect, device number 13 12:57:24 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d50301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:24 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 778.662212][ T4709] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 778.667450][ T4709] loop4: partition table partially beyond EOD, truncated [ 778.681975][ T4709] loop4: p1 start 1 is beyond EOD, truncated [ 778.687979][ T4709] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 778.702628][ T4709] loop4: p3 size 2 extends beyond EOD, truncated 12:57:24 executing program 1: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d40301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:24 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 778.710762][ T4709] loop4: p4 size 32768 extends beyond EOD, truncated [ 778.725313][ T4709] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 778.749742][ T4709] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:24 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d40301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 778.855435][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 778.860769][ T154] loop4: partition table partially beyond EOD, truncated [ 778.868084][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 778.874162][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 778.882245][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 778.889052][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 778.892600][ T4730] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 778.901460][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 778.901951][ T4730] loop0: partition table partially beyond EOD, truncated [ 778.916595][ T4304] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 778.916679][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 778.933028][ T4730] loop0: p1 start 1 is beyond EOD, truncated [ 778.940695][ T4709] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 778.947031][ T4709] loop4: partition table partially beyond EOD, truncated 12:57:24 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 778.951921][ T4730] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 778.954809][ T4728] loop1: p1 < > p2 p3 < p5 p6 > p4 [ 778.962861][ T4730] loop0: p3 size 2 extends beyond EOD, truncated [ 778.971533][ T4728] loop1: partition table partially beyond EOD, truncated [ 778.974778][ T4730] loop0: p4 size 32768 extends beyond EOD, truncated [ 778.985613][ T4709] loop4: p1 start 1 is beyond EOD, truncated [ 778.993367][ T4728] loop1: p1 start 1 is beyond EOD, truncated [ 778.995258][ T4730] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 778.999462][ T4709] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 779.007844][ T4730] loop0: p6 size 32768 extends beyond EOD, truncated [ 779.014818][ T4728] loop1: p2 size 1073741824 extends beyond EOD, truncated [ 779.029016][ T4728] loop1: p3 size 2 extends beyond EOD, truncated [ 779.031965][ T4709] loop4: p3 size 2 extends beyond EOD, truncated [ 779.036990][ T4728] loop1: p4 size 32768 extends beyond EOD, truncated [ 779.043175][ T4709] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:24 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d60301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 779.050325][ T4728] loop1: p5 size 1073741824 extends beyond EOD, truncated [ 779.056748][ T4709] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 779.070565][ T4709] loop4: p6 size 32768 extends beyond EOD, truncated [ 779.070621][ T4728] loop1: p6 size 32768 extends beyond EOD, truncated [ 779.242578][ T4746] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 779.247975][ T4746] loop4: partition table partially beyond EOD, truncated [ 779.255914][ T4746] loop4: p1 start 1 is beyond EOD, truncated [ 779.262469][ T4746] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 779.270344][ T4746] loop4: p3 size 2 extends beyond EOD, truncated [ 779.277652][ T4746] loop4: p4 size 32768 extends beyond EOD, truncated [ 779.285232][ T4746] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 779.293397][ T4746] loop4: p6 size 32768 extends beyond EOD, truncated [ 779.371889][ T4304] usb 6-1: unable to get BOS descriptor or descriptor too short [ 779.379255][ T4746] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 779.386833][ T4746] loop4: partition table partially beyond EOD, truncated [ 779.395836][ T4746] loop4: p1 start 1 is beyond EOD, truncated [ 779.402432][ T4746] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 779.415570][ T4746] loop4: p3 size 2 extends beyond EOD, truncated [ 779.424979][ T4746] loop4: p4 size 32768 extends beyond EOD, truncated [ 779.432934][ T4746] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 779.441358][ T4746] loop4: p6 size 32768 extends beyond EOD, truncated [ 779.451877][ T4304] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 779.631924][ T4304] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 779.644458][ T4304] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.656419][ T4304] usb 6-1: Product: syz [ 779.664058][ T4304] usb 6-1: Manufacturer: syz [ 779.682097][ T4304] usb 6-1: SerialNumber: syz [ 779.942980][ T4304] usb 6-1: USB disconnect, device number 25 12:57:26 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:26 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:26 executing program 1: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:26 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d70301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:26 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 780.892836][ T4756] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 780.899189][ T4756] loop4: partition table partially beyond EOD, truncated [ 780.908862][ T4756] loop4: p1 start 1 is beyond EOD, truncated [ 780.917665][ T4756] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 780.926625][ T4756] loop4: p3 size 2 extends beyond EOD, truncated [ 780.934627][ T4756] loop4: p4 size 32768 extends beyond EOD, truncated [ 780.942370][ T4756] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 780.950086][ T4756] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 781.181729][ T5988] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 781.192141][ T4756] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 781.197359][ T4756] loop4: partition table partially beyond EOD, truncated [ 781.231790][ T4756] loop4: p1 start 1 is beyond EOD, truncated [ 781.237806][ T4756] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 781.272270][ T4756] loop4: p3 size 2 extends beyond EOD, truncated [ 781.281814][ T4756] loop4: p4 size 32768 extends beyond EOD, truncated [ 781.301857][ T4756] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 781.321821][ T4756] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:27 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d80301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 781.517102][ T364] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 781.560527][ T364] CPU: 1 PID: 364 Comm: syz-executor.4 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 781.570616][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.580662][ T364] Call Trace: [ 781.583970][ T364] dump_stack+0x14a/0x1ce [ 781.588290][ T364] ? devkmsg_release+0x11c/0x11c [ 781.593234][ T364] ? show_regs_print_info+0x12/0x12 [ 781.598410][ T364] ? radix_tree_cpu_dead+0x160/0x160 [ 781.603755][ T364] ? _raw_spin_lock+0xa1/0x170 [ 781.608491][ T364] ? _raw_spin_trylock_bh+0x190/0x190 [ 781.613834][ T364] dump_header+0xdb/0x700 [ 781.618134][ T364] oom_kill_process+0xd3/0x280 [ 781.623215][ T364] out_of_memory+0x5b6/0x890 [ 781.627960][ T364] ? unregister_oom_notifier+0x20/0x20 [ 781.633404][ T364] __alloc_pages_slowpath+0x16c2/0x1e50 [ 781.638920][ T364] ? get_page_from_freelist+0x7c0/0x7c0 [ 781.644436][ T364] ? selinux_inode_permission+0x464/0x6c0 [ 781.650123][ T364] ? __zone_watermark_ok+0x91/0x280 [ 781.655300][ T364] __alloc_pages_nodemask+0x5cb/0x7c0 [ 781.660649][ T364] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 781.666349][ T364] alloc_slab_page+0x3a/0x3a0 [ 781.670995][ T364] new_slab+0x408/0x450 [ 781.675121][ T364] ? should_fail+0x18e/0x860 [ 781.679683][ T364] ___slab_alloc+0x2e0/0x450 [ 781.684265][ T364] ? success_walk_trace+0x430/0x430 [ 781.689432][ T364] ? getname_flags+0xb8/0x610 [ 781.695896][ T364] ? getname_flags+0xb8/0x610 [ 781.700542][ T364] kmem_cache_alloc+0x23f/0x260 [ 781.705375][ T364] getname_flags+0xb8/0x610 [ 781.709848][ T364] ? __rcu_read_lock+0x50/0x50 [ 781.714579][ T364] user_path_at_empty+0x28/0x50 [ 781.719400][ T364] __se_sys_newlstat+0xe4/0x8b0 [ 781.724219][ T364] ? __x64_sys_newlstat+0x60/0x60 [ 781.729216][ T364] ? __rcu_read_lock+0x50/0x50 [ 781.733950][ T364] ? vfs_submount+0xb0/0xb0 [ 781.738433][ T364] ? getname_flags+0x20d/0x610 [ 781.743168][ T364] ? dput+0x4fb/0x5e0 [ 781.747124][ T364] ? switch_fpu_return+0x10/0x10 [ 781.752030][ T364] ? getname_flags+0x20d/0x610 [ 781.756763][ T364] do_syscall_64+0xcb/0x150 [ 781.761240][ T364] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 781.767102][ T364] RIP: 0033:0x45c5f5 [ 781.770968][ T364] Code: d4 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 c7 c2 d4 ff ff ff f7 d8 64 89 [ 781.790628][ T364] RSP: 002b:00007ffe1c1b7a98 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 781.799026][ T364] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c5f5 [ 781.809312][ T364] RDX: 00007ffe1c1b7ab0 RSI: 00007ffe1c1b7ab0 RDI: 00007ffe1c1b7b40 [ 781.817255][ T364] RBP: 000000000000091e R08: 0000000000000000 R09: 000000000000000b [ 781.825197][ T364] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffe1c1b8bd0 [ 781.833149][ T364] R13: 0000000003145940 R14: 0000000000000000 R15: 00007ffe1c1b8bd0 [ 781.881820][ T5988] usb 6-1: unable to get BOS descriptor or descriptor too short [ 781.971739][ T5988] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 782.070923][ T364] Mem-Info: [ 782.074295][ T364] active_anon:1401051 inactive_anon:10886 isolated_anon:0 [ 782.074295][ T364] active_file:446 inactive_file:379 isolated_file:81 [ 782.074295][ T364] unevictable:0 dirty:13 writeback:0 unstable:0 [ 782.074295][ T364] slab_reclaimable:6619 slab_unreclaimable:83144 [ 782.074295][ T364] mapped:60129 shmem:10951 pagetables:41748 bounce:0 [ 782.074295][ T364] free:13570 free_pcp:124 free_cma:0 [ 782.113173][ T364] Node 0 active_anon:5604204kB inactive_anon:43544kB active_file:1236kB inactive_file:1224kB unevictable:0kB isolated(anon):0kB isolated(file):324kB mapped:239916kB dirty:52kB writeback:0kB shmem:43804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 782.137893][ T364] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 782.165514][ T364] lowmem_reserve[]: 0 2912 6416 6416 [ 782.171239][ T364] DMA32 free:23968kB min:4644kB low:7624kB high:10604kB active_anon:2744988kB inactive_anon:12732kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23552kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 782.200579][ T364] lowmem_reserve[]: 0 0 3504 3504 [ 782.206125][ T364] Normal free:15416kB min:5592kB low:9180kB high:12768kB active_anon:2859216kB inactive_anon:30812kB active_file:1528kB inactive_file:1396kB unevictable:0kB writepending:52kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25344kB pagetables:112364kB bounce:0kB free_pcp:400kB local_pcp:0kB free_cma:0kB [ 782.237045][ T364] lowmem_reserve[]: 0 0 0 0 [ 782.241693][ T364] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 782.258394][ T364] DMA32: 263*4kB (UME) 221*8kB (UME) 774*16kB (UME) 82*32kB (UME) 94*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23972kB [ 782.273272][ T364] Normal: 1297*4kB (UMH) 269*8kB (UMEH) 179*16kB (UMEH) 110*32kB (UMEH) 21*64kB (UMH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15324kB [ 782.288750][ T364] 11248 total pagecache pages [ 782.293585][ T364] 0 pages in swap cache [ 782.297871][ T364] Swap cache stats: add 0, delete 0, find 0/0 [ 782.304078][ T364] Free swap = 0kB [ 782.307923][ T364] Total swap = 0kB [ 782.320277][ T364] 1965979 pages RAM [ 782.325797][ T364] 0 pages HighMem/MovableOnly [ 782.330616][ T364] 318829 pages reserved [ 782.334944][ T364] 0 pages cma reserved [ 782.339155][ T364] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=11832,uid=0 [ 782.353776][ T364] Out of memory: Killed process 11832 (syz-executor.5) total-vm:85476kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 782.371825][ T5988] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 782.375800][ T23] oom_reaper: reaped process 11832 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 782.385834][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 782.400549][ T5988] usb 6-1: Product: syz [ 782.405396][ T5988] usb 6-1: Manufacturer: syz [ 782.413594][ T5988] usb 6-1: SerialNumber: syz 12:57:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 782.542121][ T4779] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 782.547847][ T4779] loop4: partition table partially beyond EOD, truncated [ 782.574200][ T4779] loop4: p1 start 1 is beyond EOD, truncated [ 782.591020][ T4779] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 782.608696][ T4779] loop4: p3 size 2 extends beyond EOD, truncated [ 782.623048][ T4779] loop4: p4 size 32768 extends beyond EOD, truncated [ 782.641745][ T4779] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 782.657794][ T4779] loop4: p6 size 32768 extends beyond EOD, truncated [ 782.672296][ T3766] usb 6-1: USB disconnect, device number 26 [ 782.684326][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 12:57:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 782.690889][ T154] loop4: partition table partially beyond EOD, truncated [ 782.711695][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 782.717704][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 782.733344][ T154] loop4: p3 size 2 extends beyond EOD, truncated 12:57:28 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 782.743307][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 782.751514][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 782.762357][ T154] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 782.837758][ T4779] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 782.845098][ T4779] loop4: partition table partially beyond EOD, truncated [ 782.854880][ T4779] loop4: p1 start 1 is beyond EOD, truncated [ 782.871848][ T4779] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 782.880677][ T4779] loop4: p3 size 2 extends beyond EOD, truncated [ 782.889468][ T4779] loop4: p4 size 32768 extends beyond EOD, truncated [ 782.897856][ T4779] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 782.906677][ T4779] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:29 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:29 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500d90301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:29 executing program 1: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:29 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:29 executing program 1: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:29 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 783.941999][ T4810] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 783.947333][ T4810] loop4: partition table partially beyond EOD, truncated [ 783.969952][ T4810] loop4: p1 start 1 is beyond EOD, truncated [ 783.983139][ T4810] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 783.999086][ T4810] loop4: p3 size 2 extends beyond EOD, truncated [ 784.013813][ T4810] loop4: p4 size 32768 extends beyond EOD, truncated [ 784.042428][ T4810] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 784.077862][ T4810] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:30 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500da0301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 784.181495][ T5988] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 784.252108][ T3766] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 784.380811][ T364] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 784.420136][ T364] CPU: 1 PID: 364 Comm: syz-executor.4 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 784.430127][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.440164][ T364] Call Trace: [ 784.443434][ T364] dump_stack+0x14a/0x1ce [ 784.447750][ T364] ? devkmsg_release+0x11c/0x11c [ 784.452662][ T364] ? show_regs_print_info+0x12/0x12 [ 784.457840][ T364] ? radix_tree_cpu_dead+0x160/0x160 [ 784.463114][ T364] ? _raw_spin_lock+0xa1/0x170 [ 784.467846][ T364] ? _raw_spin_trylock_bh+0x190/0x190 [ 784.473191][ T364] dump_header+0xdb/0x700 [ 784.477499][ T364] oom_kill_process+0xd3/0x280 [ 784.482235][ T364] out_of_memory+0x5b6/0x890 [ 784.486796][ T364] ? unregister_oom_notifier+0x20/0x20 [ 784.492230][ T364] __alloc_pages_slowpath+0x16c2/0x1e50 [ 784.497925][ T364] ? get_page_from_freelist+0x7c0/0x7c0 [ 784.503457][ T364] ? __zone_watermark_ok+0x91/0x280 [ 784.508634][ T364] __alloc_pages_nodemask+0x5cb/0x7c0 [ 784.513985][ T364] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 784.519526][ T364] ? copy_process+0x5a4/0x5110 [ 784.524261][ T364] ? copy_process+0x5a4/0x5110 [ 784.528995][ T364] ? kmem_cache_alloc+0x1d5/0x260 [ 784.534001][ T364] copy_process+0x5f3/0x5110 [ 784.538577][ T364] ? _raw_spin_unlock+0x5/0x20 [ 784.543313][ T364] ? do_swap_page+0x1560/0x1560 [ 784.548135][ T364] ? fork_idle+0x290/0x290 [ 784.552546][ T364] _do_fork+0x196/0x920 [ 784.556673][ T364] ? finish_fault+0x230/0x230 [ 784.561321][ T364] ? dup_mm+0x300/0x300 [ 784.565451][ T364] ? ktime_get_raw+0x130/0x130 [ 784.570391][ T364] __x64_sys_clone+0x25e/0x2c0 [ 784.575129][ T364] ? __ia32_sys_vfork+0x110/0x110 [ 784.580137][ T364] ? __x64_sys_clock_gettime+0x20d/0x260 [ 784.585739][ T364] ? do_user_addr_fault+0x55c/0x9f0 [ 784.590911][ T364] do_syscall_64+0xcb/0x150 [ 784.595404][ T364] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 784.601270][ T364] RIP: 0033:0x45b80a [ 784.605140][ T364] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 784.624812][ T364] RSP: 002b:00007ffe1c1b8b40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 784.633198][ T364] RAX: ffffffffffffffda RBX: 00007ffe1c1b8b40 RCX: 000000000045b80a [ 784.641163][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 784.649120][ T364] RBP: 00007ffe1c1b8b80 R08: 0000000000000001 R09: 0000000003144940 [ 784.657328][ T364] R10: 0000000003144c10 R11: 0000000000000246 R12: 0000000000000001 [ 784.665272][ T364] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe1c1b8bd0 [ 784.688663][ T364] Mem-Info: [ 784.698654][ T364] active_anon:1401441 inactive_anon:10888 isolated_anon:0 [ 784.698654][ T364] active_file:648 inactive_file:667 isolated_file:48 [ 784.698654][ T364] unevictable:0 dirty:27 writeback:0 unstable:0 [ 784.698654][ T364] slab_reclaimable:6619 slab_unreclaimable:82457 [ 784.698654][ T364] mapped:60643 shmem:10953 pagetables:41882 bounce:0 [ 784.698654][ T364] free:12863 free_pcp:328 free_cma:0 [ 784.786802][ T364] Node 0 active_anon:5605764kB inactive_anon:43552kB active_file:1820kB inactive_file:1916kB unevictable:0kB isolated(anon):0kB isolated(file):192kB mapped:241372kB dirty:108kB writeback:0kB shmem:43812kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 784.845314][ T364] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 784.905595][ T364] lowmem_reserve[]: 0 2912 6416 6416 [ 784.921759][ T364] DMA32 free:28812kB min:20548kB low:23528kB high:26508kB active_anon:2745488kB inactive_anon:12732kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23872kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 784.951138][ T364] lowmem_reserve[]: 0 0 3504 3504 [ 784.956684][ T364] Normal free:12172kB min:24744kB low:28332kB high:31920kB active_anon:2860324kB inactive_anon:30820kB active_file:752kB inactive_file:896kB unevictable:0kB writepending:16kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25280kB pagetables:112900kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 784.986910][ T364] lowmem_reserve[]: 0 0 0 0 [ 784.993224][ T364] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 785.024537][ T364] DMA32: 302*4kB (UM) 224*8kB (UME) 814*16kB (UE) 214*32kB (UE) 98*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29144kB [ 785.038897][ T364] Normal: 955*4kB (UMH) 360*8kB (UMEH) 244*16kB (UMEH) 32*32kB (UMEH) 2*64kB (MH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11884kB [ 785.054026][ T364] 11257 total pagecache pages [ 785.058915][ T364] 0 pages in swap cache [ 785.063581][ T364] Swap cache stats: add 0, delete 0, find 0/0 [ 785.069771][ T364] Free swap = 0kB [ 785.073792][ T364] Total swap = 0kB [ 785.077682][ T364] 1965979 pages RAM [ 785.081573][ T364] 0 pages HighMem/MovableOnly [ 785.086237][ T364] 318829 pages reserved [ 785.090379][ T364] 0 pages cma reserved [ 785.094567][ T364] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=4790,uid=0 [ 785.108949][ T364] Out of memory: Killed process 4790 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34880kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 785.130791][ T23] oom_reaper: reaped process 4790 (syz-executor.3), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 785.262942][ T4835] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 785.269160][ T4835] loop4: partition table partially beyond EOD, truncated [ 785.276663][ T5988] usb 6-1: unable to get BOS descriptor or descriptor too short [ 785.285695][ T4835] loop4: p1 start 1 is beyond EOD, truncated [ 785.292337][ T4835] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 785.302451][ T4835] loop4: p3 size 2 extends beyond EOD, truncated [ 785.309998][ T4835] loop4: p4 size 32768 extends beyond EOD, truncated [ 785.318909][ T4835] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 785.328227][ T4835] loop4: p6 size 32768 extends beyond EOD, truncated [ 785.371537][ T5988] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 785.401500][ T3766] usb 1-1: unable to get BOS descriptor or descriptor too short [ 785.460082][ T4835] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 785.468166][ T4835] loop4: partition table partially beyond EOD, truncated [ 785.477586][ T4835] loop4: p1 start 1 is beyond EOD, truncated [ 785.483977][ T3766] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 785.496928][ T4835] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 785.505359][ T4835] loop4: p3 size 2 extends beyond EOD, truncated [ 785.513004][ T4835] loop4: p4 size 32768 extends beyond EOD, truncated [ 785.520597][ T4835] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 785.529159][ T4835] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:31 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500db0301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 785.561565][ T5988] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 785.571986][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.580955][ T5988] usb 6-1: Product: syz [ 785.585405][ T5988] usb 6-1: Manufacturer: syz [ 785.590875][ T5988] usb 6-1: SerialNumber: syz 12:57:31 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 785.671582][ T3766] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 785.680772][ T3766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.689648][ T3766] usb 1-1: Product: syz [ 785.694686][ T4841] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 785.694775][ T3766] usb 1-1: Manufacturer: syz [ 785.704180][ T4841] loop4: partition table partially beyond EOD, truncated [ 785.708817][ T3766] usb 1-1: SerialNumber: syz [ 785.717564][ T4841] loop4: p1 start 1 is beyond EOD, truncated [ 785.724222][ T4841] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 785.732318][ T4841] loop4: p3 size 2 extends beyond EOD, truncated [ 785.740780][ T4841] loop4: p4 size 32768 extends beyond EOD, truncated [ 785.750539][ T4841] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 785.758511][ T4841] loop4: p6 size 32768 extends beyond EOD, truncated [ 785.768444][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 785.775694][ T154] loop4: partition table partially beyond EOD, truncated [ 785.783491][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 785.789725][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 785.797988][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 785.805312][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 785.813208][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 785.845925][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 785.865493][ T5988] usb 6-1: USB disconnect, device number 27 [ 785.942238][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 785.947959][ T154] loop4: partition table partially beyond EOD, truncated [ 785.974423][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 785.976742][ T4829] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 785.999805][ T4829] CPU: 0 PID: 4829 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 786.009884][ T4829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.013349][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 786.019948][ T4829] Call Trace: [ 786.019966][ T4829] dump_stack+0x14a/0x1ce [ 786.019979][ T4829] ? devkmsg_release+0x11c/0x11c [ 786.039610][ T4829] ? show_regs_print_info+0x12/0x12 [ 786.044798][ T4829] ? radix_tree_cpu_dead+0x160/0x160 [ 786.050073][ T4829] ? _raw_spin_lock+0xa1/0x170 [ 786.054856][ T4829] ? _raw_spin_trylock_bh+0x190/0x190 [ 786.060221][ T4829] dump_header+0xdb/0x700 [ 786.064547][ T4829] oom_kill_process+0xd3/0x280 [ 786.069388][ T4829] out_of_memory+0x5b6/0x890 [ 786.073122][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 786.073967][ T4829] ? unregister_oom_notifier+0x20/0x20 [ 786.073980][ T4829] __alloc_pages_slowpath+0x16c2/0x1e50 [ 786.081214][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 786.085756][ T4829] ? get_page_from_freelist+0x7c0/0x7c0 [ 786.085766][ T4829] __alloc_pages_nodemask+0x5cb/0x7c0 [ 786.085777][ T4829] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 786.085791][ T4829] pagecache_get_page+0x50f/0x880 [ 786.094321][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 786.097994][ T4829] filemap_fault+0x14cb/0x1a30 [ 786.098003][ T4829] ? __down_read+0xf1/0x210 [ 786.098014][ T4829] ? generic_file_read_iter+0x20b0/0x20b0 [ 786.105759][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 786.108913][ T4829] ext4_filemap_fault+0x7b/0x90 [ 786.108923][ T4829] handle_mm_fault+0x29ca/0x41e0 [ 786.108936][ T4829] ? _raw_spin_unlock+0x5/0x20 [ 786.118363][ T4841] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 786.119542][ T4829] ? wake_up_new_task+0x9d3/0xb60 [ 786.119551][ T4829] ? finish_fault+0x230/0x230 [ 786.119564][ T4829] ? get_timespec64+0x11f/0x1d0 [ 786.128224][ T4841] loop4: partition table partially beyond EOD, truncated [ 786.131404][ T4829] ? down_read_trylock+0x17a/0x1d0 [ 786.131413][ T4829] ? vmacache_update+0x9f/0xf0 [ 786.131422][ T4829] do_user_addr_fault+0x48a/0x9f0 [ 786.131430][ T4829] page_fault+0x2f/0x40 [ 786.131442][ T4829] RIP: 0033:0x40f6f0 [ 786.138265][ T4841] loop4: p1 start 1 is beyond EOD, truncated [ 786.141608][ T4829] Code: e6 04 c6 86 a0 90 18 01 01 48 89 86 a8 90 18 01 66 2e 0f 1f 84 00 00 00 00 00 48 8b 43 10 48 3d 00 00 59 01 0f 83 a8 00 00 00 <48> 83 38 fd 48 8d 70 08 48 89 73 10 0f 85 b6 00 00 00 48 81 fe 00 [ 786.141612][ T4829] RSP: 002b:00007ffeae1617e0 EFLAGS: 00010283 [ 786.141619][ T4829] RAX: 00000000011908a8 RBX: 000000000118cf40 RCX: 0000000000000001 [ 786.141623][ T4829] RDX: 0000000000000001 RSI: ffffffffffffffff RDI: 000000000118cf40 [ 786.141627][ T4829] RBP: 000000000118cf40 R08: 0000000000000000 R09: 0000000000000000 [ 786.141631][ T4829] R10: 00007ffeae1618f0 R11: 0000000000000246 R12: 00000000000003e8 [ 786.141634][ T4829] R13: 00000000000c012f R14: 00000000000bf54a R15: 000000000118cf4c [ 786.189486][ T4829] Mem-Info: [ 786.305202][ T4841] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 786.351616][ T4841] loop4: p3 size 2 extends beyond EOD, truncated [ 786.352619][ T4829] active_anon:1399202 inactive_anon:10888 isolated_anon:0 [ 786.352619][ T4829] active_file:690 inactive_file:681 isolated_file:65 [ 786.352619][ T4829] unevictable:0 dirty:55 writeback:0 unstable:0 [ 786.352619][ T4829] slab_reclaimable:6619 slab_unreclaimable:82159 [ 786.352619][ T4829] mapped:60723 shmem:10953 pagetables:41875 bounce:0 [ 786.352619][ T4829] free:15546 free_pcp:32 free_cma:0 [ 786.396298][ T4829] Node 0 active_anon:5596808kB inactive_anon:43552kB active_file:2352kB inactive_file:2364kB unevictable:0kB isolated(anon):0kB isolated(file):388kB mapped:242192kB dirty:220kB writeback:0kB shmem:43812kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 786.405805][ T4841] loop4: p4 size 32768 extends beyond EOD, truncated [ 786.421208][ T4829] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 786.447277][ T4841] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 786.453818][ T4829] lowmem_reserve[]: 0 2912 6416 6416 [ 786.463938][ T4841] loop4: p6 size 32768 extends beyond EOD, truncated [ 786.466965][ T4829] DMA32 free:29628kB min:20548kB low:23528kB high:26508kB active_anon:2744684kB inactive_anon:12732kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23744kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 786.539115][ T4829] lowmem_reserve[]: 0 0 3504 3504 [ 786.544355][ T4829] Normal free:19172kB min:24744kB low:28332kB high:31920kB active_anon:2851476kB inactive_anon:30820kB active_file:1732kB inactive_file:2160kB unevictable:0kB writepending:216kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25312kB pagetables:112872kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 786.575191][ T4829] lowmem_reserve[]: 0 0 0 0 [ 786.587491][ T4829] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 786.601182][ T4829] DMA32: 345*4kB (UME) 239*8kB (UME) 820*16kB (UME) 233*32kB (UME) 100*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30268kB [ 786.616448][ T4829] Normal: 1717*4kB (UMH) 629*8kB (UMEH) 244*16kB (UMEH) 86*32kB (UMEH) 10*64kB (MH) 3*128kB (MH) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20348kB [ 786.661327][ T4829] 11495 total pagecache pages [ 786.666023][ T4829] 0 pages in swap cache [ 786.670164][ T4829] Swap cache stats: add 0, delete 0, find 0/0 [ 786.677971][ T4829] Free swap = 0kB [ 786.681719][ T4829] Total swap = 0kB [ 786.685425][ T4829] 1965979 pages RAM [ 786.689215][ T4829] 0 pages HighMem/MovableOnly [ 786.693910][ T4829] 318829 pages reserved [ 786.698048][ T4829] 0 pages cma reserved [ 786.702131][ T4829] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10983,uid=0 [ 786.716474][ T4829] Out of memory: Killed process 10983 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 786.758473][ T3766] usb 1-1: USB disconnect, device number 12 12:57:33 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:33 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500020401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:33 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 787.626326][ T4861] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 787.631784][ T4861] loop4: partition table partially beyond EOD, truncated [ 787.660305][ T4861] loop4: p1 start 1 is beyond EOD, truncated 12:57:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 787.689372][ T4861] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 787.752258][ T4861] loop4: p3 size 2 extends beyond EOD, truncated 12:57:33 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500060401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 787.799200][ T4861] loop4: p4 size 32768 extends beyond EOD, truncated [ 787.807021][ T3766] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 787.814901][ T4631] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 787.824580][ T4861] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 787.835154][ T4861] loop4: p6 size 32768 extends beyond EOD, truncated [ 787.942355][ T4886] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 787.949425][ T4886] loop4: partition table partially beyond EOD, truncated 12:57:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 787.988535][ T4886] loop4: p1 start 1 is beyond EOD, truncated [ 788.015403][ T4886] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 788.047903][ T4886] loop4: p3 size 2 extends beyond EOD, truncated [ 788.064250][ T4886] loop4: p4 size 32768 extends beyond EOD, truncated [ 788.081657][ T4886] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 788.098111][ T4886] loop4: p6 size 32768 extends beyond EOD, truncated [ 788.241318][ T4631] usb 6-1: unable to get BOS descriptor or descriptor too short [ 788.249169][ T3766] usb 1-1: unable to get BOS descriptor or descriptor too short [ 788.351295][ T3766] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 788.364333][ T4631] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 788.611272][ T3766] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 788.620636][ T4631] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 788.633248][ T4631] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.642378][ T3766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.661192][ T4631] usb 6-1: Product: syz [ 788.665475][ T3766] usb 1-1: Product: syz [ 788.675414][ T4631] usb 6-1: Manufacturer: syz [ 788.680150][ T3766] usb 1-1: Manufacturer: syz [ 788.690120][ T4631] usb 6-1: SerialNumber: syz [ 788.695865][ T3766] usb 1-1: SerialNumber: syz 12:57:34 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 788.946952][ T5988] usb 6-1: USB disconnect, device number 28 [ 788.971761][ T4631] usb 1-1: USB disconnect, device number 13 12:57:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:36 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:36 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500800401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:57:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:36 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:36 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 790.541747][ T4922] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 790.550162][ T4922] loop4: partition table partially beyond EOD, truncated [ 790.561711][ T4922] loop4: p1 start 1 is beyond EOD, truncated [ 790.570470][ T4922] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 790.582830][ T4922] loop4: p3 size 2 extends beyond EOD, truncated 12:57:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:36 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 790.593428][ T4922] loop4: p4 size 32768 extends beyond EOD, truncated [ 790.603344][ T4922] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 790.630487][ T4922] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 790.771036][ T4631] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 790.791349][ T4922] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 790.796567][ T4922] loop4: partition table partially beyond EOD, truncated 12:57:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 790.818778][ T4922] loop4: p1 start 1 is beyond EOD, truncated [ 790.829563][ T4922] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 790.851662][ T4922] loop4: p3 size 2 extends beyond EOD, truncated [ 790.864966][ T4922] loop4: p4 size 32768 extends beyond EOD, truncated [ 790.876905][ T4922] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 790.885124][ T4922] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:36 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500f50401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 791.021034][ T5988] usb 1-1: new high-speed USB device number 14 using dummy_hcd 12:57:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 791.201685][ T4631] usb 6-1: unable to get BOS descriptor or descriptor too short [ 791.311106][ T4631] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 791.421059][ T5988] usb 1-1: unable to get BOS descriptor or descriptor too short 12:57:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 791.501050][ T5988] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 791.542461][ T4968] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 791.549443][ T4968] loop4: partition table partially beyond EOD, truncated [ 791.561173][ T4631] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 791.585532][ T4631] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.602048][ T4968] loop4: p1 start 1 is beyond EOD, truncated [ 791.617472][ T4631] usb 6-1: Product: syz [ 791.622673][ T4968] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 791.640610][ T4631] usb 6-1: Manufacturer: syz [ 791.653734][ T4968] loop4: p3 size 2 extends beyond EOD, truncated [ 791.656225][ T4631] usb 6-1: SerialNumber: syz [ 791.682872][ T4968] loop4: p4 size 32768 extends beyond EOD, truncated [ 791.711058][ T5988] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 791.716422][ T4968] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 791.730384][ T5988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.761070][ T5988] usb 1-1: Product: syz [ 791.766192][ T4968] loop4: p6 size 32768 extends beyond EOD, truncated [ 791.772924][ T5988] usb 1-1: Manufacturer: syz [ 791.772932][ T5988] usb 1-1: SerialNumber: syz [ 792.044253][ T4631] usb 1-1: USB disconnect, device number 14 [ 792.066439][ T4968] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 792.072028][ T23] oom_reaper: reaped process 4968 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 792.081082][ T4968] loop4: partition table partially beyond EOD, truncated [ 792.091043][ T4968] loop4: p1 start 1 is beyond EOD, truncated [ 792.106860][ T4968] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 792.128557][ T4976] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 792.151143][ T4976] CPU: 0 PID: 4976 Comm: syz-executor.1 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 792.161210][ T4976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.171239][ T4976] Call Trace: [ 792.174514][ T4976] dump_stack+0x14a/0x1ce [ 792.178815][ T4976] ? devkmsg_release+0x11c/0x11c [ 792.183817][ T4976] ? show_regs_print_info+0x12/0x12 [ 792.189032][ T4976] ? radix_tree_cpu_dead+0x160/0x160 [ 792.194313][ T4976] ? _raw_spin_lock+0xa1/0x170 [ 792.199055][ T4976] ? _raw_spin_trylock_bh+0x190/0x190 [ 792.204434][ T4976] dump_header+0xdb/0x700 [ 792.208753][ T4976] oom_kill_process+0xd3/0x280 [ 792.213577][ T4976] out_of_memory+0x5b6/0x890 [ 792.218146][ T4976] ? unregister_oom_notifier+0x20/0x20 [ 792.223587][ T4976] __alloc_pages_slowpath+0x16c2/0x1e50 [ 792.229125][ T4976] ? get_page_from_freelist+0x7c0/0x7c0 [ 792.234650][ T4976] __alloc_pages_nodemask+0x5cb/0x7c0 [ 792.240104][ T4976] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 792.245622][ T4976] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 792.251330][ T4976] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 792.257369][ T4976] ? __perf_event_task_sched_in+0x4f7/0x560 [ 792.263237][ T4976] wp_page_copy+0x1cb/0x1120 [ 792.267798][ T4976] ? perf_pmu_sched_task+0x370/0x370 [ 792.273054][ T4976] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 792.278247][ T4976] ? add_mm_rss_vec+0x270/0x270 [ 792.283081][ T4976] ? _raw_spin_unlock_irq+0x5/0x20 [ 792.288162][ T4976] ? finish_task_switch+0x235/0x4c0 [ 792.293328][ T4976] ? vm_normal_page+0x1c9/0x1d0 [ 792.298150][ T4976] do_wp_page+0x4c1/0x1530 [ 792.302622][ T4976] ? _raw_spin_lock+0xa1/0x170 [ 792.307560][ T4976] ? do_swap_page+0x1560/0x1560 [ 792.312414][ T4976] ? ttwu_do_wakeup+0x154/0x5b0 [ 792.317503][ T4976] handle_mm_fault+0xfa5/0x41e0 [ 792.322326][ T4976] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 792.328016][ T4976] ? finish_fault+0x230/0x230 [ 792.332704][ T4976] ? update_curr+0x584/0x740 [ 792.337262][ T4976] ? down_read_trylock+0x17a/0x1d0 [ 792.342343][ T4976] ? _raw_spin_unlock_irq+0x5/0x20 [ 792.347424][ T4976] ? vmacache_find+0x47a/0x4b0 [ 792.352331][ T4976] do_user_addr_fault+0x48a/0x9f0 [ 792.357335][ T4976] page_fault+0x2f/0x40 [ 792.361465][ T4976] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 792.368056][ T4976] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 792.387984][ T4976] RSP: 0018:ffff88818e0df888 EFLAGS: 00010206 [ 792.394020][ T4976] RAX: ffffffff81f86901 RBX: 00000000202c1500 RCX: 0000000000000500 [ 792.401961][ T4976] RDX: 0000000000001000 RSI: ffff8881d761db00 RDI: 00000000202c1000 [ 792.409923][ T4976] RBP: ffff88818e0dfda8 R08: dffffc0000000000 R09: ffffed103aec3c00 [ 792.418213][ T4976] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 792.426168][ T4976] R13: 0000000000001000 R14: ffff8881d761d000 R15: 00000000202c0500 [ 792.434140][ T4976] ? copyout+0x51/0xb0 [ 792.438195][ T4976] copyout+0x8e/0xb0 [ 792.442063][ T4976] copy_page_to_iter+0x393/0xbd0 [ 792.446973][ T4976] pipe_to_user+0xa3/0x130 [ 792.451358][ T4976] __splice_from_pipe+0x2d3/0x870 [ 792.456438][ T4976] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 792.461959][ T4976] do_vmsplice+0x252/0xee0 [ 792.467668][ T4976] ? futex_exit_release+0xc0/0xc0 [ 792.472671][ T4976] ? avc_ss_reset+0x3a0/0x3a0 [ 792.477317][ T4976] ? write_pipe_buf+0x1d0/0x1d0 [ 792.482137][ T4976] ? __rcu_read_lock+0x50/0x50 [ 792.486895][ T4976] ? check_stack_object+0x5a/0x90 [ 792.494496][ T4976] ? _copy_from_user+0xa4/0xe0 [ 792.499230][ T4976] ? rw_copy_check_uvector+0x2b3/0x310 [ 792.504669][ T4976] ? import_iovec+0x1c2/0x380 [ 792.509497][ T4976] ? dup_iter+0x110/0x110 [ 792.513820][ T4976] ? do_vfs_ioctl+0x780/0x1750 [ 792.518572][ T4976] __se_sys_vmsplice+0x1fb/0x300 [ 792.523490][ T4976] ? __x64_sys_vmsplice+0xa0/0xa0 [ 792.528483][ T4976] ? put_timespec64+0x109/0x150 [ 792.533305][ T4976] ? __x64_sys_clock_gettime+0x20d/0x260 [ 792.538915][ T4976] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 792.544605][ T4976] ? __fdget+0x187/0x200 [ 792.548817][ T4976] do_syscall_64+0xcb/0x150 [ 792.553291][ T4976] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 792.559152][ T4976] RIP: 0033:0x45d239 [ 792.563019][ T4976] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.582592][ T4976] RSP: 002b:00007fe4de147c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 792.590971][ T4976] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 792.598937][ T4976] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 792.606907][ T4976] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 792.617210][ T4976] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 792.625150][ T4976] R13: 00007ffea068e98f R14: 00007fe4de1489c0 R15: 000000000118d08c [ 792.636815][ T4976] Mem-Info: [ 792.640037][ T4976] active_anon:1401188 inactive_anon:10888 isolated_anon:0 [ 792.640037][ T4976] active_file:169 inactive_file:168 isolated_file:32 [ 792.640037][ T4976] unevictable:0 dirty:0 writeback:0 unstable:0 [ 792.640037][ T4976] slab_reclaimable:6592 slab_unreclaimable:81748 [ 792.640037][ T4976] mapped:59819 shmem:10955 pagetables:42096 bounce:0 [ 792.640037][ T4976] free:14814 free_pcp:8 free_cma:0 [ 792.678116][ T4976] Node 0 active_anon:5604752kB inactive_anon:43552kB active_file:656kB inactive_file:656kB unevictable:0kB isolated(anon):0kB isolated(file):168kB mapped:239184kB dirty:24kB writeback:0kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 792.702759][ T4976] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 792.730247][ T4976] lowmem_reserve[]: 0 2912 6416 6416 [ 792.735945][ T4976] DMA32 free:31204kB min:20548kB low:23528kB high:26508kB active_anon:2745408kB inactive_anon:12732kB active_file:16kB inactive_file:272kB unevictable:0kB writepending:16kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23808kB pagetables:54684kB bounce:0kB free_pcp:40kB local_pcp:0kB free_cma:0kB [ 792.768098][ T4976] lowmem_reserve[]: 0 0 3504 3504 [ 792.779235][ T4976] Normal free:12696kB min:24744kB low:28332kB high:31920kB active_anon:2859344kB inactive_anon:30820kB active_file:640kB inactive_file:384kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25568kB pagetables:113700kB bounce:0kB free_pcp:368kB local_pcp:128kB free_cma:0kB [ 792.809405][ T4976] lowmem_reserve[]: 0 0 0 0 [ 792.814268][ T4976] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 792.827983][ T4976] DMA32: 327*4kB (UME) 252*8kB (UME) 875*16kB (UE) 231*32kB (UE) 106*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31500kB [ 792.842585][ T4976] Normal: 1239*4kB (UMEH) 209*8kB (UMEH) 211*16kB (UMEH) 81*32kB (UMEH) 4*64kB (UMH) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13108kB [ 792.858076][ T4976] 11135 total pagecache pages [ 792.863015][ T4976] 0 pages in swap cache [ 792.867473][ T4976] Swap cache stats: add 0, delete 0, find 0/0 [ 792.873805][ T4976] Free swap = 0kB [ 792.877876][ T4976] Total swap = 0kB [ 792.891151][ T4976] 1965979 pages RAM [ 792.896408][ T4976] 0 pages HighMem/MovableOnly [ 792.902778][ T4976] 318829 pages reserved [ 792.907153][ T4976] 0 pages cma reserved [ 792.911486][ T4976] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10955,uid=0 [ 792.925868][ T4976] Out of memory: Killed process 10955 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 792.947195][ T23] oom_reaper: reaped process 10955 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 792.994618][ T5988] usb 6-1: USB disconnect, device number 29 [ 793.046359][ T4968] loop4: p3 size 2 extends beyond EOD, truncated [ 793.055202][ T4968] loop4: p4 size 32768 extends beyond EOD, truncated [ 793.062853][ T4968] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 793.070582][ T4968] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:39 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000501000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 793.381140][ T4986] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 793.386374][ T4986] loop4: partition table partially beyond EOD, truncated [ 793.400448][ T4986] loop4: p1 start 1 is beyond EOD, truncated [ 793.406825][ T4986] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 793.414806][ T4986] loop4: p3 size 2 extends beyond EOD, truncated [ 793.422180][ T4986] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:39 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 793.429492][ T4986] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 793.438062][ T4986] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:39 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 793.544463][ T4986] loop4: p1 < > p2 p3 < p5 p6 > p4 12:57:39 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 793.582883][ T4986] loop4: partition table partially beyond EOD, truncated [ 793.612796][ T4986] loop4: p1 start 1 is beyond EOD, truncated [ 793.645731][ T4986] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 793.693909][ T4986] loop4: p3 size 2 extends beyond EOD, truncated [ 793.717135][ T4986] loop4: p4 size 32768 extends beyond EOD, truncated [ 793.740083][ T4986] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:57:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:39 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000601000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 793.787067][ T4986] loop4: p6 size 32768 extends beyond EOD, truncated [ 793.820838][ T4631] usb 6-1: new high-speed USB device number 30 using dummy_hcd 12:57:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 793.857902][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 793.863702][ T154] loop4: partition table partially beyond EOD, truncated [ 793.871078][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 793.877059][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 793.895979][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 793.909747][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 793.925964][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 793.933919][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 794.230854][ T4631] usb 6-1: unable to get BOS descriptor or descriptor too short [ 794.320920][ T4631] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 794.660893][ T4631] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 794.670489][ T4631] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.679426][ T4631] usb 6-1: Product: syz [ 794.684333][ T4631] usb 6-1: Manufacturer: syz [ 794.689726][ T4631] usb 6-1: SerialNumber: syz [ 794.785856][ T139] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 794.810741][ T139] CPU: 0 PID: 139 Comm: systemd-journal Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 794.820819][ T139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.830879][ T139] Call Trace: [ 794.834200][ T139] dump_stack+0x14a/0x1ce [ 794.838616][ T139] ? devkmsg_release+0x11c/0x11c [ 794.843698][ T139] ? show_regs_print_info+0x12/0x12 [ 794.848873][ T139] ? radix_tree_cpu_dead+0x160/0x160 [ 794.854260][ T139] ? _raw_spin_lock+0xa1/0x170 [ 794.859009][ T139] ? _raw_spin_trylock_bh+0x190/0x190 [ 794.864356][ T139] dump_header+0xdb/0x700 [ 794.869052][ T139] oom_kill_process+0xd3/0x280 [ 794.873808][ T139] out_of_memory+0x5b6/0x890 [ 794.878688][ T139] ? unregister_oom_notifier+0x20/0x20 [ 794.884561][ T139] __alloc_pages_slowpath+0x16c2/0x1e50 [ 794.890089][ T139] ? get_page_from_freelist+0x7c0/0x7c0 [ 794.895628][ T139] __alloc_pages_nodemask+0x5cb/0x7c0 [ 794.900988][ T139] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 794.906709][ T139] pagecache_get_page+0x50f/0x880 [ 794.912031][ T139] filemap_fault+0x14cb/0x1a30 [ 794.916965][ T139] ? __down_read+0xf1/0x210 [ 794.921443][ T139] ? generic_file_read_iter+0x20b0/0x20b0 [ 794.927139][ T139] ? ep_show_fdinfo+0x320/0x320 [ 794.931966][ T139] ext4_filemap_fault+0x7b/0x90 [ 794.936893][ T139] handle_mm_fault+0x29ca/0x41e0 [ 794.941825][ T139] ? finish_fault+0x230/0x230 [ 794.946504][ T139] ? down_read_trylock+0x17a/0x1d0 [ 794.951616][ T139] ? ksys_read+0x24c/0x2c0 [ 794.956027][ T139] ? vmacache_find+0x205/0x4b0 [ 794.963999][ T139] do_user_addr_fault+0x48a/0x9f0 [ 794.969021][ T139] page_fault+0x2f/0x40 [ 794.973170][ T139] RIP: 0033:0x7f1664de7ba3 [ 794.977585][ T139] Code: Bad RIP value. [ 794.981647][ T139] RSP: 002b:00007fff3101a268 EFLAGS: 00010293 [ 794.987704][ T139] RAX: 0000000000000702 RBX: 0000556289b8d670 RCX: 0000000000000000 [ 794.995670][ T139] RDX: 00007f1664ee36c0 RSI: 0000000000000003 RDI: 0000556289b81200 [ 795.003635][ T139] RBP: 0000000000000001 R08: 00007fff311de080 R09: 00007fff311de118 [ 795.011610][ T139] R10: 0000000000024b7e R11: 0000000000000000 R12: 000000002f5225d7 [ 795.019573][ T139] R13: 0000000000000001 R14: 00007fff3101a2bc R15: 00007fff3101a2bc [ 795.028356][ T139] Mem-Info: [ 795.031519][ T139] active_anon:1401589 inactive_anon:10889 isolated_anon:0 [ 795.031519][ T139] active_file:190 inactive_file:179 isolated_file:0 [ 795.031519][ T139] unevictable:0 dirty:18 writeback:0 unstable:0 [ 795.031519][ T139] slab_reclaimable:6609 slab_unreclaimable:81194 [ 795.031519][ T139] mapped:59891 shmem:10954 pagetables:42123 bounce:0 [ 795.031519][ T139] free:14525 free_pcp:336 free_cma:0 [ 795.042477][ T5988] usb 6-1: USB disconnect, device number 30 [ 795.069421][ T139] Node 0 active_anon:5606356kB inactive_anon:43556kB active_file:476kB inactive_file:740kB unevictable:0kB isolated(anon):0kB isolated(file):156kB mapped:239264kB dirty:84kB writeback:0kB shmem:43816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 795.099703][ T139] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 795.132072][ T139] lowmem_reserve[]: 0 2912 6416 6416 [ 795.137403][ T139] DMA32 free:31812kB min:20548kB low:23528kB high:26508kB active_anon:2745796kB inactive_anon:12732kB active_file:68kB inactive_file:388kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23744kB pagetables:54636kB bounce:0kB free_pcp:456kB local_pcp:0kB free_cma:0kB [ 795.184442][ T139] lowmem_reserve[]: 0 0 3504 3504 [ 795.200732][ T139] Normal free:7564kB min:24744kB low:28332kB high:31920kB active_anon:2860560kB inactive_anon:30824kB active_file:772kB inactive_file:3352kB unevictable:0kB writepending:72kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25504kB pagetables:113708kB bounce:0kB free_pcp:132kB local_pcp:4kB free_cma:0kB [ 795.250704][ T139] lowmem_reserve[]: 0 0 0 0 [ 795.255256][ T139] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 795.276290][ T139] DMA32: 243*4kB (UM) 247*8kB (UE) 879*16kB (UE) 270*32kB (UE) 107*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32500kB [ 795.291454][ T139] Normal: 377*4kB (UMEH) 85*8kB (UMEH) 184*16kB (UMEH) 84*32kB (UMEH) 9*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8524kB [ 795.306392][ T139] 11505 total pagecache pages [ 795.311170][ T139] 0 pages in swap cache [ 795.315319][ T139] Swap cache stats: add 0, delete 0, find 0/0 [ 795.321403][ T139] Free swap = 0kB [ 795.325112][ T139] Total swap = 0kB [ 795.328820][ T139] 1965979 pages RAM [ 795.332721][ T139] 0 pages HighMem/MovableOnly [ 795.337484][ T139] 318829 pages reserved [ 795.341642][ T139] 0 pages cma reserved [ 795.345700][ T139] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10927,uid=0 [ 795.359811][ T139] Out of memory: Killed process 10927 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 795.380914][ T23] oom_reaper: reaped process 10927 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:57:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 795.601047][ T5049] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 795.606626][ T5049] loop4: partition table partially beyond EOD, truncated [ 795.614900][ T5049] loop4: p1 start 1 is beyond EOD, truncated [ 795.621184][ T5049] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 795.629873][ T5049] loop4: p3 size 2 extends beyond EOD, truncated [ 795.636874][ T5049] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:41 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:41 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500f50401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 795.644622][ T5049] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 795.653587][ T5049] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 795.705916][ T5049] __loop_clr_fd: partition scan of loop4 failed (rc=-16) [ 795.759154][ T5049] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 795.765633][ T5049] loop4: partition table partially beyond EOD, truncated [ 795.777219][ T5049] loop4: p1 start 1 is beyond EOD, truncated [ 795.785060][ T5049] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 795.794223][ T5049] loop4: p3 size 2 extends beyond EOD, truncated [ 795.802731][ T5049] loop4: p4 size 32768 extends beyond EOD, truncated [ 795.812122][ T5065] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 795.820817][ T5065] loop0: partition table partially beyond EOD, truncated [ 795.823718][ T5049] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 795.837101][ T5065] loop0: p1 start 1 is beyond EOD, truncated [ 795.839039][ T5049] loop4: p6 size 32768 extends beyond EOD, truncated [ 795.853558][ T5065] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 795.872615][ T5065] loop0: p3 size 2 extends beyond EOD, truncated [ 795.882582][ T5065] loop0: p4 size 32768 extends beyond EOD, truncated [ 795.896015][ T5065] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 795.896717][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 795.908629][ T154] loop4: partition table partially beyond EOD, truncated [ 795.915857][ T5065] loop0: p6 size 32768 extends beyond EOD, truncated [ 795.923048][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 795.929035][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 795.938115][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 795.945075][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 795.952368][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 795.959986][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 796.057781][ T5988] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 796.276551][ T5077] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 796.304463][ T5077] CPU: 1 PID: 5077 Comm: syz-executor.1 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 796.314555][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.324595][ T5077] Call Trace: [ 796.327874][ T5077] dump_stack+0x14a/0x1ce [ 796.332265][ T5077] ? devkmsg_release+0x11c/0x11c [ 796.337189][ T5077] ? show_regs_print_info+0x12/0x12 [ 796.342375][ T5077] ? radix_tree_cpu_dead+0x160/0x160 [ 796.347645][ T5077] ? _raw_spin_lock+0xa1/0x170 [ 796.352385][ T5077] ? _raw_spin_trylock_bh+0x190/0x190 [ 796.357748][ T5077] dump_header+0xdb/0x700 [ 796.362060][ T5077] oom_kill_process+0xd3/0x280 [ 796.366897][ T5077] out_of_memory+0x5b6/0x890 [ 796.371470][ T5077] ? unregister_oom_notifier+0x20/0x20 [ 796.376915][ T5077] __alloc_pages_slowpath+0x16c2/0x1e50 [ 796.382641][ T5077] ? get_page_from_freelist+0x7c0/0x7c0 [ 796.388159][ T5077] ? flush_tlb_func_common+0x45/0x580 [ 796.393506][ T5077] __alloc_pages_nodemask+0x5cb/0x7c0 [ 796.398852][ T5077] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 796.404371][ T5077] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 796.410061][ T5077] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 796.416013][ T5077] ? __lru_cache_add+0x1a1/0x1f0 [ 796.420925][ T5077] wp_page_copy+0x1cb/0x1120 [ 796.425489][ T5077] ? add_mm_rss_vec+0x270/0x270 [ 796.430398][ T5077] ? vm_normal_page+0x1c9/0x1d0 [ 796.435220][ T5077] do_wp_page+0x4c1/0x1530 [ 796.439613][ T5077] ? _raw_spin_lock+0xa1/0x170 [ 796.444349][ T5077] ? do_swap_page+0x1560/0x1560 [ 796.449170][ T5077] handle_mm_fault+0xfa5/0x41e0 [ 796.453995][ T5077] ? finish_fault+0x230/0x230 [ 796.458644][ T5077] ? down_read_trylock+0x17a/0x1d0 [ 796.463727][ T5077] ? vmacache_find+0x205/0x4b0 [ 796.468465][ T5077] do_user_addr_fault+0x48a/0x9f0 [ 796.473463][ T5077] page_fault+0x2f/0x40 [ 796.477603][ T5077] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 796.484161][ T5077] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 796.503745][ T5077] RSP: 0018:ffff88809d4af888 EFLAGS: 00010206 [ 796.509824][ T5077] RAX: ffffffff81f86901 RBX: 00000000209ee500 RCX: 0000000000000500 [ 796.517792][ T5077] RDX: 0000000000001000 RSI: ffff8881c84c4b00 RDI: 00000000209ee000 [ 796.525740][ T5077] RBP: ffff88809d4afda8 R08: dffffc0000000000 R09: ffffed1039098a00 [ 796.533686][ T5077] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 796.541629][ T5077] R13: 0000000000001000 R14: ffff8881c84c4000 R15: 00000000209ed500 [ 796.549585][ T5077] ? copyout+0x51/0xb0 [ 796.553731][ T5077] copyout+0x8e/0xb0 [ 796.557751][ T5077] copy_page_to_iter+0x393/0xbd0 [ 796.562699][ T5077] pipe_to_user+0xa3/0x130 [ 796.567110][ T5077] __splice_from_pipe+0x2d3/0x870 [ 796.572114][ T5077] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 796.577633][ T5077] do_vmsplice+0x252/0xee0 [ 796.582026][ T5077] ? futex_exit_release+0xc0/0xc0 [ 796.587025][ T5077] ? avc_ss_reset+0x3a0/0x3a0 [ 796.591685][ T5077] ? write_pipe_buf+0x1d0/0x1d0 [ 796.596507][ T5077] ? __rcu_read_lock+0x50/0x50 [ 796.601242][ T5077] ? check_stack_object+0x5a/0x90 [ 796.606237][ T5077] ? _copy_from_user+0xa4/0xe0 [ 796.610974][ T5077] ? rw_copy_check_uvector+0x2b3/0x310 [ 796.616403][ T5077] ? import_iovec+0x1c2/0x380 [ 796.621052][ T5077] ? dup_iter+0x110/0x110 [ 796.625368][ T5077] ? do_vfs_ioctl+0x780/0x1750 [ 796.630102][ T5077] __se_sys_vmsplice+0x1fb/0x300 [ 796.635010][ T5077] ? __x64_sys_vmsplice+0xa0/0xa0 [ 796.640005][ T5077] ? put_timespec64+0x109/0x150 [ 796.644827][ T5077] ? __x64_sys_clock_gettime+0x20d/0x260 [ 796.650447][ T5077] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 796.656224][ T5077] ? __fdget+0x187/0x200 [ 796.660436][ T5077] do_syscall_64+0xcb/0x150 [ 796.664911][ T5077] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 796.670773][ T5077] RIP: 0033:0x45d239 [ 796.674727][ T5077] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 796.694480][ T5077] RSP: 002b:00007fe4de147c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 796.703228][ T5077] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 796.711170][ T5077] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 796.719123][ T5077] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 796.727074][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 796.735017][ T5077] R13: 00007ffea068e98f R14: 00007fe4de1489c0 R15: 000000000118d08c [ 796.757226][ T5077] Mem-Info: [ 796.762828][ T5077] active_anon:1401039 inactive_anon:10892 isolated_anon:0 [ 796.762828][ T5077] active_file:375 inactive_file:349 isolated_file:53 [ 796.762828][ T5077] unevictable:0 dirty:10 writeback:13 unstable:0 [ 796.762828][ T5077] slab_reclaimable:6628 slab_unreclaimable:80878 [ 796.762828][ T5077] mapped:60238 shmem:10961 pagetables:42172 bounce:0 [ 796.762828][ T5077] free:15467 free_pcp:0 free_cma:0 [ 796.818395][ T5077] Node 0 active_anon:5604156kB inactive_anon:43568kB active_file:1344kB inactive_file:1356kB unevictable:0kB isolated(anon):0kB isolated(file):212kB mapped:240652kB dirty:40kB writeback:52kB shmem:43844kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 796.843173][ T5077] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 796.869419][ T5077] lowmem_reserve[]: 0 2912 6416 6416 [ 796.874958][ T5077] DMA32 free:32112kB min:20548kB low:23528kB high:26508kB active_anon:2745836kB inactive_anon:12732kB active_file:164kB inactive_file:32kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24064kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 796.904609][ T5077] lowmem_reserve[]: 0 0 3504 3504 [ 796.909857][ T5077] Normal free:14136kB min:13784kB low:17372kB high:20960kB active_anon:2858080kB inactive_anon:30836kB active_file:1320kB inactive_file:1376kB unevictable:0kB writepending:288kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25376kB pagetables:114060kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 796.939746][ T5077] lowmem_reserve[]: 0 0 0 0 [ 796.945658][ T5077] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 796.958997][ T5077] DMA32: 228*4kB (UME) 239*8kB (UE) 879*16kB (UE) 257*32kB (UE) 108*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32024kB [ 796.973207][ T5077] Normal: 100*4kB (UMEH) 74*8kB (UEH) 231*16kB (UMEH) 159*32kB (UMEH) 20*64kB (UMEH) 4*128kB (MEH) 1*256kB (E) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11824kB [ 796.988887][ T5077] 12338 total pagecache pages [ 796.993586][ T5077] 0 pages in swap cache [ 796.998256][ T5077] Swap cache stats: add 0, delete 0, find 0/0 [ 797.006753][ T5077] Free swap = 0kB [ 797.011187][ T5077] Total swap = 0kB [ 797.015545][ T5077] 1965979 pages RAM [ 797.041314][ T5077] 0 pages HighMem/MovableOnly [ 797.067101][ T5077] 318829 pages reserved [ 797.072643][ T5077] 0 pages cma reserved [ 797.086726][ T5988] usb 6-1: unable to get BOS descriptor or descriptor too short [ 797.104666][ T5077] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=5045,uid=0 [ 797.131309][ T5077] Out of memory: Killed process 5045 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34844kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 797.232491][ T5988] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 12:57:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:43 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500040601000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:43 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 797.420772][ T5988] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 797.445822][ T5088] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 797.459296][ T5088] loop4: partition table partially beyond EOD, truncated 12:57:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:43 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:43 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500110001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 797.513628][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.552133][ T5088] loop4: p1 start 1 is beyond EOD, truncated [ 797.568000][ T5088] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 797.571014][ T5988] usb 6-1: Product: syz [ 797.589926][ T5088] loop4: p3 size 2 extends beyond EOD, truncated [ 797.598231][ T5988] usb 6-1: Manufacturer: syz [ 797.606059][ T5088] loop4: p4 size 32768 extends beyond EOD, truncated [ 797.616424][ T5988] usb 6-1: SerialNumber: syz [ 797.630785][ T5088] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 797.648197][ T5088] loop4: p6 size 32768 extends beyond EOD, truncated [ 797.678895][ T5112] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 797.684160][ T5112] loop0: partition table partially beyond EOD, truncated [ 797.711772][ T5112] loop0: p1 start 1 is beyond EOD, truncated [ 797.740463][ T5112] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 797.748940][ T5112] loop0: p3 size 2 extends beyond EOD, truncated [ 797.761880][ T5112] loop0: p4 size 32768 extends beyond EOD, truncated [ 797.781000][ T5112] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 797.791104][ T5088] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 797.801519][ T5088] loop4: partition table partially beyond EOD, truncated [ 797.816337][ T5112] loop0: p6 size 32768 extends beyond EOD, truncated [ 797.819612][ T5088] loop4: p1 start 1 is beyond EOD, truncated [ 797.833402][ T5088] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 797.845376][ T5088] loop4: p3 size 2 extends beyond EOD, truncated [ 797.854753][ T5088] loop4: p4 size 32768 extends beyond EOD, truncated [ 797.863144][ T5088] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 797.885648][ T5088] loop4: p6 size 32768 extends beyond EOD, truncated [ 797.916235][ T5988] usb 6-1: USB disconnect, device number 31 12:57:44 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500110001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:44 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:44 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000701000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 798.535866][ T5127] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 798.542528][ T5127] loop4: partition table partially beyond EOD, truncated [ 798.560699][ T5127] loop4: p1 start 1 is beyond EOD, truncated [ 798.566936][ T5127] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 798.581438][ T5127] loop4: p3 size 2 extends beyond EOD, truncated [ 798.589095][ T5127] loop4: p4 size 32768 extends beyond EOD, truncated [ 798.605157][ T5132] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 798.621649][ T5132] loop0: partition table partially beyond EOD, truncated [ 798.636151][ T5127] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 798.655895][ T5132] loop0: p1 start 1 is beyond EOD, truncated [ 798.666913][ T5127] loop4: p6 size 32768 extends beyond EOD, truncated [ 798.693155][ T5132] loop0: p2 size 1073741824 extends beyond EOD, truncated 12:57:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 798.742356][ T5132] loop0: p3 size 2 extends beyond EOD, truncated [ 798.770243][ T4631] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 798.773120][ T5132] loop0: p4 size 32768 extends beyond EOD, truncated [ 798.802523][ T5127] __loop_clr_fd: partition scan of loop4 failed (rc=-16) [ 798.850550][ T5132] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 798.881637][ T5132] loop0: p6 size 32768 extends beyond EOD, truncated [ 798.900840][ T5127] loop_reread_partitions: partition scan of loop4 () failed (rc=-16) [ 799.052251][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 799.066333][ T154] loop4: partition table partially beyond EOD, truncated 12:57:45 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000901000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 799.094533][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 799.109967][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 799.120338][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 799.128352][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 799.136467][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 799.144521][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 799.190543][ T4631] usb 6-1: unable to get BOS descriptor or descriptor too short [ 799.270536][ T4631] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 799.388270][ T5156] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 799.396260][ T5156] loop4: partition table partially beyond EOD, truncated [ 799.407759][ T5156] loop4: p1 start 1 is beyond EOD, truncated [ 799.416561][ T5156] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 799.430707][ T5156] loop4: p3 size 2 extends beyond EOD, truncated [ 799.444234][ T5156] loop4: p4 size 32768 extends beyond EOD, truncated [ 799.453011][ T5156] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 799.463443][ T4631] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 799.476303][ T4631] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 799.501651][ T4631] usb 6-1: Product: syz [ 799.522431][ T4631] usb 6-1: Manufacturer: syz [ 799.535399][ T4631] usb 6-1: SerialNumber: syz [ 799.562931][ T5156] loop4: p6 size 32768 extends beyond EOD, truncated [ 799.601633][ T3766] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 799.650965][ T5156] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 799.656323][ T5156] loop4: partition table partially beyond EOD, truncated [ 799.663945][ T5156] loop4: p1 start 1 is beyond EOD, truncated [ 799.669936][ T5156] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 799.677941][ T5156] loop4: p3 size 2 extends beyond EOD, truncated [ 799.685543][ T5156] loop4: p4 size 32768 extends beyond EOD, truncated [ 799.694003][ T5156] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 799.702357][ T5156] loop4: p6 size 32768 extends beyond EOD, truncated [ 799.711577][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 799.717864][ T154] loop4: partition table partially beyond EOD, truncated [ 799.726469][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 799.733068][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 799.740685][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 799.750684][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 799.758268][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 799.766151][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 799.817204][ T4631] usb 6-1: USB disconnect, device number 32 [ 800.010457][ T3766] usb 1-1: unable to get BOS descriptor or descriptor too short [ 800.090465][ T3766] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 800.261082][ T3766] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 800.270709][ T3766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.279094][ T3766] usb 1-1: Product: syz [ 800.283516][ T3766] usb 1-1: Manufacturer: syz [ 800.289173][ T3766] usb 1-1: SerialNumber: syz 12:57:46 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:46 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:46 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000a01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:46 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:46 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 800.534870][ T4631] usb 1-1: USB disconnect, device number 15 [ 800.541421][ T5169] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 800.559553][ T5169] loop4: partition table partially beyond EOD, truncated [ 800.578229][ T5169] loop4: p1 start 1 is beyond EOD, truncated [ 800.591057][ T5169] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 800.620785][ T5169] loop4: p3 size 2 extends beyond EOD, truncated [ 800.665699][ T5169] loop4: p4 size 32768 extends beyond EOD, truncated [ 800.755233][ T5169] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 800.765749][ T5169] loop4: p6 size 32768 extends beyond EOD, truncated [ 800.770341][ T3766] usb 6-1: new high-speed USB device number 33 using dummy_hcd 12:57:46 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000b01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 801.186574][ T4308] systemd-udevd invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 801.200344][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 801.234164][ T4308] CPU: 0 PID: 4308 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 801.244166][ T4308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.254214][ T4308] Call Trace: [ 801.257526][ T4308] dump_stack+0x14a/0x1ce [ 801.261847][ T4308] ? devkmsg_release+0x11c/0x11c [ 801.266803][ T4308] ? show_regs_print_info+0x12/0x12 [ 801.271994][ T4308] ? radix_tree_cpu_dead+0x160/0x160 [ 801.277269][ T4308] ? _raw_spin_lock+0xa1/0x170 [ 801.282049][ T4308] ? _raw_spin_trylock_bh+0x190/0x190 [ 801.287415][ T4308] dump_header+0xdb/0x700 [ 801.291736][ T4308] oom_kill_process+0xd3/0x280 [ 801.296496][ T4308] out_of_memory+0x5b6/0x890 [ 801.301098][ T4308] ? unregister_oom_notifier+0x20/0x20 [ 801.306559][ T4308] __alloc_pages_slowpath+0x16c2/0x1e50 [ 801.312110][ T4308] ? get_page_from_freelist+0x7c0/0x7c0 [ 801.317651][ T4308] ? __zone_watermark_ok+0x91/0x280 [ 801.322848][ T4308] __alloc_pages_nodemask+0x5cb/0x7c0 [ 801.328221][ T4308] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 801.333762][ T4308] ? lockref_get+0x1c2/0x2b0 [ 801.338349][ T4308] ? blk_crypto_keyslot_evict+0x160/0x160 [ 801.344088][ T4308] ? find_inode_fast+0x3f9/0x4b0 [ 801.349008][ T4308] __get_free_pages+0xa/0x30 [ 801.353576][ T4308] inode_doinit_with_dentry+0x950/0x10e0 [ 801.359185][ T4308] ? __wake_up_bit+0x180/0x180 [ 801.363933][ T4308] ? sb_finish_set_opts+0x7e0/0x7e0 [ 801.369189][ T4308] ? current_time+0x1be/0x2f0 [ 801.373859][ T4308] ? atime_needs_update+0x570/0x570 [ 801.379039][ T4308] security_d_instantiate+0x90/0xf0 [ 801.384277][ T4308] d_splice_alias+0x71/0x590 [ 801.389811][ T4308] kernfs_iop_lookup+0x17a/0x1f0 [ 801.394901][ T4308] __lookup_slow+0x312/0x490 [ 801.399576][ T4308] ? lookup_one_len2+0x2d0/0x2d0 [ 801.404501][ T4308] walk_component+0x3ee/0x970 [ 801.409170][ T4308] ? follow_managed+0x950/0x950 [ 801.414086][ T4308] ? generic_permission+0x13a/0x4a0 [ 801.419267][ T4308] ? security_inode_permission+0xda/0x110 [ 801.424957][ T4308] link_path_walk+0x72b/0x1500 [ 801.429692][ T4308] ? path_init+0x887/0x1220 [ 801.434166][ T4308] ? path_init+0x1220/0x1220 [ 801.438736][ T4308] ? path_init+0x962/0x1220 [ 801.443253][ T4308] path_lookupat+0xd2/0xa60 [ 801.448511][ T4308] ? kmem_cache_alloc+0x1d5/0x260 [ 801.453507][ T4308] ? getname_flags+0xb8/0x610 [ 801.458153][ T4308] ? user_path_at_empty+0x28/0x50 [ 801.463147][ T4308] ? do_readlinkat+0x119/0x3c0 [ 801.467879][ T4308] ? __x64_sys_readlinkat+0x96/0xb0 [ 801.473120][ T4308] ? do_syscall_64+0xcb/0x150 [ 801.477771][ T4308] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 801.483814][ T4308] ? filename_lookup+0x6e0/0x6e0 [ 801.488724][ T4308] filename_lookup+0x254/0x6e0 [ 801.493496][ T4308] ? hashlen_string+0x120/0x120 [ 801.498328][ T4308] ? getname_flags+0x20d/0x610 [ 801.503062][ T4308] do_readlinkat+0x119/0x3c0 [ 801.507627][ T4308] ? cp_old_stat+0x8a0/0x8a0 [ 801.512188][ T4308] ? do_syscall_64+0x150/0x150 [ 801.516922][ T4308] __x64_sys_readlinkat+0x96/0xb0 [ 801.521936][ T4308] do_syscall_64+0xcb/0x150 [ 801.526411][ T4308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 801.532794][ T4308] RIP: 0033:0x7f106ca370ba [ 801.537182][ T4308] Code: 48 8b 0d e1 bd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 0b 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ae bd 2b 00 f7 d8 64 89 01 48 [ 801.556757][ T4308] RSP: 002b:00007ffc17d862f8 EFLAGS: 00000202 ORIG_RAX: 000000000000010b [ 801.565137][ T4308] RAX: ffffffffffffffda RBX: 00005629ca530210 RCX: 00007f106ca370ba [ 801.573078][ T4308] RDX: 00005629ca530210 RSI: 00005629ca5350f0 RDI: 00000000ffffff9c [ 801.581035][ T4308] RBP: 0000000000000064 R08: 00005629c84f9670 R09: 0000000000000070 [ 801.589154][ T4308] R10: 0000000000000063 R11: 0000000000000202 R12: 00005629ca5350f0 [ 801.597097][ T4308] R13: 00000000ffffff9c R14: 00007ffc17d86350 R15: 0000000000000063 [ 801.622142][ T4308] Mem-Info: [ 801.625899][ T4308] active_anon:1401030 inactive_anon:10886 isolated_anon:0 [ 801.625899][ T4308] active_file:714 inactive_file:733 isolated_file:69 [ 801.625899][ T4308] unevictable:0 dirty:25 writeback:1 unstable:0 [ 801.625899][ T4308] slab_reclaimable:6633 slab_unreclaimable:80616 [ 801.625899][ T4308] mapped:60986 shmem:10951 pagetables:42367 bounce:0 [ 801.625899][ T4308] free:14424 free_pcp:0 free_cma:0 [ 801.664079][ T4308] Node 0 active_anon:5604120kB inactive_anon:43544kB active_file:2404kB inactive_file:2508kB unevictable:0kB isolated(anon):0kB isolated(file):180kB mapped:242844kB dirty:100kB writeback:4kB shmem:43804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 801.694689][ T3766] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 801.703324][ T4308] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 801.764743][ T4308] lowmem_reserve[]: 0 2912 6416 6416 [ 801.770199][ T4308] DMA32 free:26996kB min:4644kB low:7624kB high:10604kB active_anon:2745600kB inactive_anon:12732kB active_file:96kB inactive_file:280kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24160kB pagetables:54744kB bounce:0kB free_pcp:16kB local_pcp:12kB free_cma:0kB [ 801.799651][ T4308] lowmem_reserve[]: 0 0 3504 3504 [ 801.804863][ T4308] Normal free:17672kB min:20648kB low:24236kB high:27824kB active_anon:2858360kB inactive_anon:30812kB active_file:1512kB inactive_file:1592kB unevictable:0kB writepending:136kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25600kB pagetables:114720kB bounce:0kB free_pcp:332kB local_pcp:236kB free_cma:0kB [ 801.835206][ T4308] lowmem_reserve[]: 0 0 0 0 [ 801.850397][ T4308] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 801.864736][ T4308] DMA32: 317*4kB (UM) 199*8kB (UME) 906*16kB (UME) 88*32kB (UME) 109*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27148kB [ 801.890562][ T4308] Normal: 835*4kB (UMEH) 188*8kB (UMEH) 183*16kB (UMEH) 271*32kB (UMEH) 35*64kB (UMEH) 3*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19068kB [ 801.906731][ T4308] 11510 total pagecache pages [ 801.911978][ T4308] 0 pages in swap cache [ 801.916705][ T4308] Swap cache stats: add 0, delete 0, find 0/0 [ 801.923491][ T3766] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 801.933232][ T4308] Free swap = 0kB [ 801.937570][ T3766] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 801.946208][ T4308] Total swap = 0kB [ 801.950544][ T4308] 1965979 pages RAM [ 801.954925][ T3766] usb 6-1: Product: syz [ 801.959685][ T4308] 0 pages HighMem/MovableOnly [ 801.964994][ T3766] usb 6-1: Manufacturer: syz [ 801.970233][ T4308] 318829 pages reserved [ 801.975309][ T3766] usb 6-1: SerialNumber: syz [ 801.980570][ T4308] 0 pages cma reserved [ 801.985370][ T4308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=10331,uid=0 [ 802.000291][ T4308] Out of memory: Killed process 10331 (syz-executor.5) total-vm:85476kB, anon-rss:16556kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 12:57:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 802.200623][ T5188] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 802.206383][ T5188] loop4: partition table partially beyond EOD, truncated [ 802.213721][ T5188] loop4: p1 start 1 is beyond EOD, truncated [ 802.219901][ T5188] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 802.228178][ T5188] loop4: p3 size 2 extends beyond EOD, truncated [ 802.237376][ T5188] loop4: p4 size 32768 extends beyond EOD, truncated [ 802.260827][ T5188] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 802.274183][ T3766] usb 6-1: USB disconnect, device number 33 [ 802.281076][ T5188] loop4: p6 size 32768 extends beyond EOD, truncated [ 802.299504][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 802.312375][ T154] loop4: partition table partially beyond EOD, truncated [ 802.334447][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 802.354925][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:48 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 802.369589][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 802.377146][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 802.385483][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 802.393617][ T154] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 802.550778][ T5202] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 802.556551][ T5202] loop4: partition table partially beyond EOD, truncated [ 802.587442][ T5202] loop4: p1 start 1 is beyond EOD, truncated [ 802.594055][ T5202] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 802.645699][ T5202] loop4: p3 size 2 extends beyond EOD, truncated [ 802.673148][ T5202] loop4: p4 size 32768 extends beyond EOD, truncated [ 802.692538][ T5202] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 802.719601][ T5202] loop4: p6 size 32768 extends beyond EOD, truncated [ 802.750188][ T5216] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 802.864781][ T5216] CPU: 0 PID: 5216 Comm: syz-executor.1 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 802.874920][ T5216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.885058][ T5216] Call Trace: [ 802.888350][ T5216] dump_stack+0x14a/0x1ce [ 802.892680][ T5216] ? devkmsg_release+0x11c/0x11c [ 802.897705][ T5216] ? show_regs_print_info+0x12/0x12 [ 802.902903][ T5216] ? radix_tree_cpu_dead+0x160/0x160 [ 802.908207][ T5216] ? task_will_free_mem+0x1c6/0x4e0 [ 802.913421][ T5216] dump_header+0xdb/0x700 [ 802.917757][ T5216] oom_kill_process+0xd3/0x280 [ 802.922523][ T5216] out_of_memory+0x5b6/0x890 [ 802.927203][ T5216] ? unregister_oom_notifier+0x20/0x20 [ 802.932662][ T5216] __alloc_pages_slowpath+0x16c2/0x1e50 [ 802.938300][ T5216] ? get_page_from_freelist+0x7c0/0x7c0 [ 802.943852][ T5216] __alloc_pages_nodemask+0x5cb/0x7c0 [ 802.949227][ T5216] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 802.954836][ T5216] ? pagevec_lru_move_fn+0x193/0x210 [ 802.960097][ T5216] ? __pagevec_release+0x130/0x130 [ 802.965180][ T5216] ? __lru_cache_add+0x1a1/0x1f0 [ 802.970523][ T5216] wp_page_copy+0x1cb/0x1120 [ 802.975118][ T5216] ? add_mm_rss_vec+0x270/0x270 [ 802.979952][ T5216] ? vm_normal_page+0x1c9/0x1d0 [ 802.985040][ T5216] do_wp_page+0x4c1/0x1530 [ 802.989692][ T5216] ? _raw_spin_lock+0xa1/0x170 [ 802.995389][ T5216] ? do_swap_page+0x1560/0x1560 [ 803.000294][ T5216] handle_mm_fault+0xfa5/0x41e0 [ 803.005122][ T5216] ? finish_fault+0x230/0x230 [ 803.009783][ T5216] ? down_read_trylock+0x17a/0x1d0 [ 803.014958][ T5216] ? vmacache_find+0x205/0x4b0 [ 803.019693][ T5216] do_user_addr_fault+0x48a/0x9f0 [ 803.025034][ T5216] page_fault+0x2f/0x40 [ 803.029162][ T5216] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 803.035721][ T5216] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 803.055310][ T5216] RSP: 0018:ffff8881c72ef888 EFLAGS: 00010206 [ 803.061349][ T5216] RAX: ffffffff81f86901 RBX: 000000002014c500 RCX: 0000000000000500 [ 803.069304][ T5216] RDX: 0000000000001000 RSI: ffff8881c76f6b00 RDI: 000000002014c000 [ 803.077334][ T5216] RBP: ffff8881c72efda8 R08: dffffc0000000000 R09: ffffed1038edee00 [ 803.085278][ T5216] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 803.093230][ T5216] R13: 0000000000001000 R14: ffff8881c76f6000 R15: 000000002014b500 [ 803.101221][ T5216] ? copyout+0x51/0xb0 [ 803.105272][ T5216] copyout+0x8e/0xb0 [ 803.109139][ T5216] copy_page_to_iter+0x393/0xbd0 [ 803.114046][ T5216] pipe_to_user+0xa3/0x130 [ 803.118434][ T5216] __splice_from_pipe+0x2d3/0x870 [ 803.123435][ T5216] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 803.128952][ T5216] do_vmsplice+0x252/0xee0 [ 803.133344][ T5216] ? futex_exit_release+0xc0/0xc0 [ 803.138357][ T5216] ? avc_ss_reset+0x3a0/0x3a0 [ 803.143091][ T5216] ? write_pipe_buf+0x1d0/0x1d0 [ 803.147926][ T5216] ? __rcu_read_lock+0x50/0x50 [ 803.152680][ T5216] ? check_stack_object+0x5a/0x90 [ 803.157716][ T5216] ? _copy_from_user+0xa4/0xe0 [ 803.162465][ T5216] ? rw_copy_check_uvector+0x2b3/0x310 [ 803.167894][ T5216] ? import_iovec+0x1c2/0x380 [ 803.172540][ T5216] ? dup_iter+0x110/0x110 [ 803.176839][ T5216] ? do_vfs_ioctl+0x780/0x1750 [ 803.181572][ T5216] __se_sys_vmsplice+0x1fb/0x300 [ 803.186479][ T5216] ? __x64_sys_vmsplice+0xa0/0xa0 [ 803.191475][ T5216] ? put_timespec64+0x109/0x150 [ 803.196308][ T5216] ? __x64_sys_clock_gettime+0x20d/0x260 [ 803.201918][ T5216] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 803.207606][ T5216] ? __fdget+0x187/0x200 [ 803.211819][ T5216] do_syscall_64+0xcb/0x150 [ 803.216309][ T5216] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 803.222198][ T5216] RIP: 0033:0x45d239 [ 803.226083][ T5216] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.246533][ T5216] RSP: 002b:00007fe4de147c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 803.256391][ T5216] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 803.264334][ T5216] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 803.272282][ T5216] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 803.280244][ T5216] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 803.288810][ T5216] R13: 00007ffea068e98f R14: 00007fe4de1489c0 R15: 000000000118d08c [ 803.544746][ T5216] Mem-Info: [ 803.567713][ T5216] active_anon:1400065 inactive_anon:10889 isolated_anon:0 [ 803.567713][ T5216] active_file:324 inactive_file:318 isolated_file:55 [ 803.567713][ T5216] unevictable:0 dirty:47 writeback:1 unstable:0 [ 803.567713][ T5216] slab_reclaimable:6633 slab_unreclaimable:79881 [ 803.567713][ T5216] mapped:60270 shmem:10956 pagetables:42280 bounce:0 [ 803.567713][ T5216] free:17087 free_pcp:11 free_cma:0 [ 803.613752][ T5216] Node 0 active_anon:5600160kB inactive_anon:43556kB active_file:1268kB inactive_file:1272kB unevictable:0kB isolated(anon):0kB isolated(file):208kB mapped:240980kB dirty:188kB writeback:4kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 803.638905][ T5216] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 803.665107][ T5216] lowmem_reserve[]: 0 2912 6416 6416 [ 803.690234][ T5216] DMA32 free:27920kB min:20548kB low:23528kB high:26508kB active_anon:2746020kB inactive_anon:12732kB active_file:72kB inactive_file:8kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23808kB pagetables:54652kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 803.728363][ T5216] lowmem_reserve[]: 0 0 3504 3504 [ 803.735790][ T5216] Normal free:24980kB min:24744kB low:28332kB high:31920kB active_anon:2854340kB inactive_anon:30824kB active_file:1596kB inactive_file:1088kB unevictable:0kB writepending:188kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25952kB pagetables:114468kB bounce:0kB free_pcp:1056kB local_pcp:252kB free_cma:0kB [ 803.781259][ T5216] lowmem_reserve[]: 0 0 0 0 [ 803.786109][ T5216] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 803.799857][ T5216] DMA32: 350*4kB (UME) 199*8kB (UE) 904*16kB (UE) 113*32kB (UE) 109*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28048kB [ 803.817252][ T5216] Normal: 2250*4kB (UMEH) 266*8kB (UMEH) 192*16kB (UMH) 317*32kB (UMEH) 22*64kB (UMEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 25880kB [ 803.862651][ T5216] 11434 total pagecache pages [ 803.882926][ T5216] 0 pages in swap cache [ 803.897224][ T5216] Swap cache stats: add 0, delete 0, find 0/0 [ 803.903707][ T5216] Free swap = 0kB [ 803.908694][ T5216] Total swap = 0kB [ 803.912471][ T5216] 1965979 pages RAM [ 803.916348][ T5216] 0 pages HighMem/MovableOnly [ 803.921129][ T5216] 318829 pages reserved [ 803.925329][ T5216] 0 pages cma reserved 12:57:49 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000d01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:49 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 803.929531][ T5216] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=10180,uid=0 [ 803.943752][ T5216] Out of memory: Killed process 10180 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 12:57:49 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000003c0)=""/102400, 0x19000}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:49 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:57:49 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:49 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500000e01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 804.190527][ T5236] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 804.196241][ T5236] loop4: partition table partially beyond EOD, truncated [ 804.223036][ T5236] loop4: p1 start 1 is beyond EOD, truncated 12:57:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 804.249043][ T5236] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 804.303335][ T5236] loop4: p3 size 2 extends beyond EOD, truncated [ 804.320230][ T3766] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 804.338899][ T5236] loop4: p4 size 32768 extends beyond EOD, truncated [ 804.351826][ T5236] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 804.363900][ T5236] loop4: p6 size 32768 extends beyond EOD, truncated [ 804.375437][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 804.381380][ T154] loop4: partition table partially beyond EOD, truncated [ 804.388934][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 804.395835][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:50 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500021001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 804.404141][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 804.411455][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 804.419125][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 804.428072][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 804.649070][ T5269] syz-executor.4 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 804.677300][ T5269] CPU: 1 PID: 5269 Comm: syz-executor.4 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 804.687377][ T5269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.697423][ T5269] Call Trace: [ 804.700710][ T5269] dump_stack+0x14a/0x1ce [ 804.705034][ T5269] ? devkmsg_release+0x11c/0x11c [ 804.709961][ T5269] ? show_regs_print_info+0x12/0x12 [ 804.715155][ T5269] ? radix_tree_cpu_dead+0x160/0x160 [ 804.720133][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 804.720423][ T5269] ? _raw_spin_lock+0xa1/0x170 [ 804.720436][ T5269] ? _raw_spin_trylock_bh+0x190/0x190 [ 804.738677][ T5269] dump_header+0xdb/0x700 [ 804.743007][ T5269] oom_kill_process+0xd3/0x280 [ 804.748543][ T5269] out_of_memory+0x5b6/0x890 [ 804.753140][ T5269] ? unregister_oom_notifier+0x20/0x20 [ 804.758592][ T5269] __alloc_pages_slowpath+0x16c2/0x1e50 [ 804.764145][ T5269] ? get_page_from_freelist+0x7c0/0x7c0 [ 804.769690][ T5269] __alloc_pages_nodemask+0x5cb/0x7c0 [ 804.775061][ T5269] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 804.780602][ T5269] ? switch_mm+0x100/0x100 [ 804.785058][ T5269] wp_page_copy+0x1fe/0x1120 [ 804.789641][ T5269] ? __schedule+0x920/0xef0 [ 804.794744][ T5269] ? futex_exit_release+0xc0/0xc0 [ 804.799768][ T5269] ? add_mm_rss_vec+0x270/0x270 [ 804.804603][ T5269] do_wp_page+0x68b/0x1530 [ 804.809077][ T5269] ? do_swap_page+0x1560/0x1560 [ 804.813899][ T5269] ? ___preempt_schedule+0x16/0x20 [ 804.818993][ T5269] handle_mm_fault+0xfa5/0x41e0 [ 804.823815][ T5269] ? _raw_spin_unlock+0x5/0x20 [ 804.828572][ T5269] ? wake_up_new_task+0x9d3/0xb60 [ 804.833566][ T5269] ? finish_fault+0x230/0x230 [ 804.838212][ T5269] ? down_read_trylock+0x17a/0x1d0 [ 804.843319][ T5269] ? vmacache_update+0x9f/0xf0 [ 804.848141][ T5269] do_user_addr_fault+0x48a/0x9f0 [ 804.853138][ T5269] page_fault+0x2f/0x40 [ 804.857264][ T5269] RIP: 0033:0x40fcc7 [ 804.861131][ T5269] Code: 00 00 41 83 c5 01 48 81 c3 a0 00 00 00 41 83 fd 10 75 d7 bf ec 2b 4c 00 31 c0 e8 e4 31 ff ff c6 43 f8 01 44 89 6b f4 48 89 df 43 15 00 c7 43 fc 00 00 00 00 c7 03 00 00 00 00 e8 e3 40 ff ff [ 804.880703][ T5269] RSP: 002b:00007ffe1c1b89d0 EFLAGS: 00010246 [ 804.886736][ T5269] RAX: 0000000000000000 RBX: 000000000118cfec RCX: 00007ffe1c1b8a98 [ 804.894677][ T5269] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000118cfec [ 804.902621][ T5269] RBP: 000000000118cfe0 R08: 00007ffe1c1b8aa0 R09: 00000000011901a8 [ 804.910562][ T5269] R10: 000000000043cc90 R11: 0000000000000007 R12: 0000000001190168 [ 804.918504][ T5269] R13: 0000000000000001 R14: 00000000000000a4 R15: 000000000118cfec [ 804.926987][ T3766] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 805.059893][ T5269] Mem-Info: [ 805.070361][ T5269] active_anon:1400278 inactive_anon:10889 isolated_anon:0 [ 805.070361][ T5269] active_file:617 inactive_file:607 isolated_file:95 [ 805.070361][ T5269] unevictable:0 dirty:83 writeback:0 unstable:0 [ 805.070361][ T5269] slab_reclaimable:6633 slab_unreclaimable:79500 [ 805.070361][ T5269] mapped:60792 shmem:10955 pagetables:42388 bounce:0 [ 805.070361][ T5269] free:16481 free_pcp:31 free_cma:0 [ 805.110126][ T3766] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 805.124183][ T3766] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 805.142612][ T3766] usb 6-1: Product: syz [ 805.147095][ T3766] usb 6-1: Manufacturer: syz [ 805.151900][ T5269] Node 0 active_anon:5601112kB inactive_anon:43556kB active_file:2136kB inactive_file:2308kB unevictable:0kB isolated(anon):0kB isolated(file):252kB mapped:242768kB dirty:332kB writeback:0kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 805.152227][ T3766] usb 6-1: SerialNumber: syz [ 805.210126][ T5269] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 805.239256][ T5269] lowmem_reserve[]: 0 2912 6416 6416 [ 805.245137][ T5269] DMA32 free:28368kB min:20548kB low:23528kB high:26508kB active_anon:2746404kB inactive_anon:12752kB active_file:28kB inactive_file:4kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23872kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 805.282256][ T5269] lowmem_reserve[]: 0 0 3504 3504 [ 805.294255][ T5269] Normal free:22660kB min:24744kB low:28332kB high:31920kB active_anon:2854708kB inactive_anon:30804kB active_file:2092kB inactive_file:1948kB unevictable:0kB writepending:324kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26048kB pagetables:114924kB bounce:0kB free_pcp:380kB local_pcp:16kB free_cma:0kB [ 805.338869][ T5269] lowmem_reserve[]: 0 0 0 0 [ 805.343898][ T5269] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 805.365742][ T5269] DMA32: 280*4kB (UM) 198*8kB (UE) 904*16kB (UE) 132*32kB (UE) 109*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28368kB [ 805.380685][ T5269] Normal: 2599*4kB (UMH) 126*8kB (UMH) 62*16kB (UMH) 329*32kB (UMEH) 20*64kB (UEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24332kB [ 805.397284][ T5269] 11663 total pagecache pages [ 805.415573][ T5269] 0 pages in swap cache [ 805.420173][ T5269] Swap cache stats: add 0, delete 0, find 0/0 [ 805.426588][ T5269] Free swap = 0kB [ 805.430747][ T5269] Total swap = 0kB [ 805.434960][ T5269] 1965979 pages RAM [ 805.439099][ T5269] 0 pages HighMem/MovableOnly [ 805.468366][ T5269] 318829 pages reserved [ 805.472875][ T5269] 0 pages cma reserved [ 805.476936][ T5269] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=9819,uid=0 [ 805.549783][ T5269] Out of memory: Killed process 9819 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 12:57:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 805.675335][ T5270] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 805.681326][ T5270] loop4: partition table partially beyond EOD, truncated [ 805.689475][ T5270] loop4: p1 start 1 is beyond EOD, truncated [ 805.703605][ T5270] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 805.747161][ T5270] loop4: p3 size 2 extends beyond EOD, truncated [ 805.786749][ T5270] loop4: p4 size 32768 extends beyond EOD, truncated [ 805.807453][ T5270] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 805.823995][ T5270] loop4: p6 size 32768 extends beyond EOD, truncated [ 805.844293][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 805.849501][ T154] loop4: partition table partially beyond EOD, truncated [ 805.856734][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 805.863299][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 805.871300][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 805.885565][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 805.896290][ T5988] usb 6-1: USB disconnect, device number 34 [ 805.905988][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 805.952302][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 805.968214][ T5289] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 806.041538][ T5289] CPU: 0 PID: 5289 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 806.051736][ T5289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.061782][ T5289] Call Trace: [ 806.065087][ T5289] dump_stack+0x14a/0x1ce [ 806.069409][ T5289] ? devkmsg_release+0x11c/0x11c [ 806.074337][ T5289] ? show_regs_print_info+0x12/0x12 [ 806.079525][ T5289] ? radix_tree_cpu_dead+0x160/0x160 [ 806.084797][ T5289] ? _raw_spin_lock+0xa1/0x170 [ 806.089575][ T5289] ? _raw_spin_trylock_bh+0x190/0x190 [ 806.094941][ T5289] dump_header+0xdb/0x700 [ 806.099267][ T5289] oom_kill_process+0xd3/0x280 [ 806.104035][ T5289] out_of_memory+0x5b6/0x890 [ 806.108625][ T5289] ? unregister_oom_notifier+0x20/0x20 [ 806.114081][ T5289] __alloc_pages_slowpath+0x16c2/0x1e50 [ 806.119626][ T5289] ? get_page_from_freelist+0x7c0/0x7c0 [ 806.125164][ T5289] ? flush_tlb_func_common+0x45/0x580 [ 806.130536][ T5289] __alloc_pages_nodemask+0x5cb/0x7c0 [ 806.135907][ T5289] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 806.141445][ T5289] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 806.147156][ T5289] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 806.153218][ T5289] ? __perf_event_task_sched_in+0x4f7/0x560 [ 806.159135][ T5289] wp_page_copy+0x1cb/0x1120 [ 806.163729][ T5289] ? perf_pmu_sched_task+0x370/0x370 [ 806.169103][ T5289] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 806.178802][ T5289] ? add_mm_rss_vec+0x270/0x270 [ 806.183630][ T5289] ? _raw_spin_unlock_irq+0x5/0x20 [ 806.188726][ T5289] ? finish_task_switch+0x235/0x4c0 [ 806.193903][ T5289] ? vm_normal_page+0x1c9/0x1d0 [ 806.198725][ T5289] do_wp_page+0x4c1/0x1530 [ 806.203253][ T5289] ? _raw_spin_lock+0xa1/0x170 [ 806.208097][ T5289] ? do_swap_page+0x1560/0x1560 [ 806.212924][ T5289] ? ttwu_do_wakeup+0x154/0x5b0 [ 806.217756][ T5289] handle_mm_fault+0xfa5/0x41e0 [ 806.222590][ T5289] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 806.228286][ T5289] ? finish_fault+0x230/0x230 [ 806.232948][ T5289] ? update_curr+0x584/0x740 [ 806.237517][ T5289] ? down_read_trylock+0x17a/0x1d0 [ 806.242600][ T5289] ? _raw_spin_unlock_irq+0x5/0x20 [ 806.248292][ T5289] ? vmacache_find+0x3a2/0x4b0 [ 806.253026][ T5289] do_user_addr_fault+0x48a/0x9f0 [ 806.258020][ T5289] page_fault+0x2f/0x40 [ 806.262161][ T5289] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 806.268719][ T5289] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 806.288293][ T5289] RSP: 0018:ffff8881d24d7888 EFLAGS: 00010206 [ 806.294331][ T5289] RAX: ffffffff81f86901 RBX: 00000000204c3500 RCX: 0000000000000500 [ 806.302359][ T5289] RDX: 0000000000001000 RSI: ffff8881cf8d2b00 RDI: 00000000204c3000 [ 806.310314][ T5289] RBP: ffff8881d24d7da8 R08: dffffc0000000000 R09: ffffed1039f1a600 [ 806.318255][ T5289] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 806.326202][ T5289] R13: 0000000000001000 R14: ffff8881cf8d2000 R15: 00000000204c2500 [ 806.334174][ T5289] ? copyout+0x51/0xb0 [ 806.338215][ T5289] copyout+0x8e/0xb0 [ 806.342103][ T5289] copy_page_to_iter+0x393/0xbd0 [ 806.347011][ T5289] pipe_to_user+0xa3/0x130 [ 806.351519][ T5289] __splice_from_pipe+0x2d3/0x870 [ 806.356533][ T5289] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 806.362053][ T5289] do_vmsplice+0x252/0xee0 [ 806.366442][ T5289] ? futex_exit_release+0xc0/0xc0 [ 806.371437][ T5289] ? avc_ss_reset+0x3a0/0x3a0 [ 806.376605][ T5289] ? write_pipe_buf+0x1d0/0x1d0 [ 806.381429][ T5289] ? __rcu_read_lock+0x50/0x50 [ 806.386164][ T5289] ? check_stack_object+0x5a/0x90 [ 806.391163][ T5289] ? _copy_from_user+0xa4/0xe0 [ 806.395909][ T5289] ? rw_copy_check_uvector+0x2b3/0x310 [ 806.401343][ T5289] ? import_iovec+0x1c2/0x380 [ 806.406002][ T5289] ? dup_iter+0x110/0x110 [ 806.410306][ T5289] ? do_vfs_ioctl+0x780/0x1750 [ 806.415041][ T5289] __se_sys_vmsplice+0x1fb/0x300 [ 806.419962][ T5289] ? __x64_sys_vmsplice+0xa0/0xa0 [ 806.424956][ T5289] ? put_timespec64+0x109/0x150 [ 806.429781][ T5289] ? __x64_sys_clock_gettime+0x20d/0x260 [ 806.435398][ T5289] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 806.441091][ T5289] ? __fdget+0x187/0x200 [ 806.445319][ T5289] do_syscall_64+0xcb/0x150 [ 806.449795][ T5289] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 806.455660][ T5289] RIP: 0033:0x45d239 [ 806.459529][ T5289] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 806.479108][ T5289] RSP: 002b:00007f4b5e188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 806.487491][ T5289] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 806.495435][ T5289] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 806.503379][ T5289] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 806.511322][ T5289] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 806.519265][ T5289] R13: 00007ffeae16178f R14: 00007f4b5e1899c0 R15: 000000000118d08c [ 806.606363][ T5289] Mem-Info: [ 806.610421][ T5289] active_anon:1400751 inactive_anon:10891 isolated_anon:0 [ 806.610421][ T5289] active_file:444 inactive_file:442 isolated_file:32 [ 806.610421][ T5289] unevictable:0 dirty:62 writeback:0 unstable:0 [ 806.610421][ T5289] slab_reclaimable:6638 slab_unreclaimable:79460 [ 806.610421][ T5289] mapped:60509 shmem:10956 pagetables:42461 bounce:0 [ 806.610421][ T5289] free:16230 free_pcp:0 free_cma:0 [ 806.650710][ T5289] Node 0 active_anon:5603004kB inactive_anon:43564kB active_file:1776kB inactive_file:1656kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:241936kB dirty:248kB writeback:0kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 806.678498][ T5289] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 806.709223][ T5289] lowmem_reserve[]: 0 2912 6416 6416 [ 806.732060][ T5289] DMA32 free:29064kB min:20548kB low:23528kB high:26508kB active_anon:2746360kB inactive_anon:12752kB active_file:44kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23904kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 806.767158][ T5289] lowmem_reserve[]: 0 0 3504 3504 [ 806.772546][ T5289] Normal free:20960kB min:24744kB low:28332kB high:31920kB active_anon:2856244kB inactive_anon:30812kB active_file:1552kB inactive_file:1660kB unevictable:0kB writepending:248kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26240kB pagetables:115216kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 806.804755][ T5289] lowmem_reserve[]: 0 0 0 0 [ 806.809510][ T5289] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 806.844647][ T5289] DMA32: 289*4kB (UM) 217*8kB (UE) 906*16kB (UE) 160*32kB (UE) 109*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29484kB [ 806.864609][ T5289] Normal: 1876*4kB (UMEH) 307*8kB (UMEH) 93*16kB (UMEH) 303*32kB (UMEH) 19*64kB (UEH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22488kB [ 806.888239][ T5289] 11356 total pagecache pages [ 806.900154][ T5289] 0 pages in swap cache [ 806.909989][ T5289] Swap cache stats: add 0, delete 0, find 0/0 [ 806.924547][ T5289] Free swap = 0kB [ 806.933604][ T5289] Total swap = 0kB [ 806.937743][ T5289] 1965979 pages RAM [ 806.941837][ T5289] 0 pages HighMem/MovableOnly [ 806.946740][ T5289] 318829 pages reserved [ 806.979896][ T5289] 0 pages cma reserved [ 806.983997][ T5289] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=9445,uid=0 [ 806.999847][ T5289] Out of memory: Killed process 9445 (syz-executor.0) total-vm:85476kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 807.311717][ T364] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 807.345641][ T364] CPU: 1 PID: 364 Comm: syz-executor.4 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 807.355636][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.365856][ T364] Call Trace: [ 807.369150][ T364] dump_stack+0x14a/0x1ce [ 807.373564][ T364] ? devkmsg_release+0x11c/0x11c [ 807.378731][ T364] ? show_regs_print_info+0x12/0x12 [ 807.384369][ T364] ? radix_tree_cpu_dead+0x160/0x160 [ 807.389647][ T364] ? _raw_spin_lock+0xa1/0x170 [ 807.394506][ T364] ? _raw_spin_trylock_bh+0x190/0x190 [ 807.399867][ T364] dump_header+0xdb/0x700 [ 807.404191][ T364] oom_kill_process+0xd3/0x280 [ 807.408947][ T364] out_of_memory+0x5b6/0x890 [ 807.413782][ T364] ? unregister_oom_notifier+0x20/0x20 [ 807.419231][ T364] __alloc_pages_slowpath+0x16c2/0x1e50 [ 807.424792][ T364] ? get_page_from_freelist+0x7c0/0x7c0 [ 807.430330][ T364] ? __zone_watermark_ok+0x91/0x280 [ 807.435523][ T364] __alloc_pages_nodemask+0x5cb/0x7c0 [ 807.440939][ T364] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 807.446469][ T364] ? lockref_get+0x1c2/0x2b0 [ 807.451056][ T364] ? blk_crypto_keyslot_evict+0x160/0x160 [ 807.456760][ T364] ? find_inode_fast+0x3f9/0x4b0 [ 807.461675][ T364] __get_free_pages+0xa/0x30 [ 807.466239][ T364] inode_doinit_with_dentry+0x950/0x10e0 [ 807.471844][ T364] ? __wake_up_bit+0x180/0x180 [ 807.476668][ T364] ? sb_finish_set_opts+0x7e0/0x7e0 [ 807.481850][ T364] ? current_time+0x1be/0x2f0 [ 807.486502][ T364] ? atime_needs_update+0x570/0x570 [ 807.491672][ T364] security_d_instantiate+0x90/0xf0 [ 807.496855][ T364] d_splice_alias+0x71/0x590 [ 807.501422][ T364] kernfs_iop_lookup+0x17a/0x1f0 [ 807.506331][ T364] __lookup_slow+0x312/0x490 [ 807.510892][ T364] ? lookup_one_len2+0x2d0/0x2d0 [ 807.515801][ T364] path_mountpoint+0x2ac/0x7a0 [ 807.523141][ T364] ? success_walk_trace+0x430/0x430 [ 807.528397][ T364] filename_mountpoint+0x239/0x680 [ 807.533478][ T364] ? user_path_mountpoint_at+0x40/0x40 [ 807.538910][ T364] ? getname_flags+0x20d/0x610 [ 807.543665][ T364] ksys_umount+0x167/0xff0 [ 807.549968][ T364] ? namespace_unlock+0x4e0/0x4e0 [ 807.554962][ T364] ? fillonedir+0x260/0x260 [ 807.559548][ T364] ? do_user_addr_fault+0x55c/0x9f0 [ 807.564718][ T364] __x64_sys_umount+0x56/0x60 [ 807.569364][ T364] do_syscall_64+0xcb/0x150 [ 807.573837][ T364] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 807.579701][ T364] RIP: 0033:0x45fc67 [ 807.583666][ T364] Code: Bad RIP value. [ 807.587706][ T364] RSP: 002b:00007ffe1c1b7a98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 807.596175][ T364] RAX: ffffffffffffffda RBX: 00000000000c4a0e RCX: 000000000045fc67 [ 807.604727][ T364] RDX: 0000000000402fd8 RSI: 0000000000000002 RDI: 00007ffe1c1b7b40 [ 807.612674][ T364] RBP: 0000000000000957 R08: 0000000000000000 R09: 000000000000000c [ 807.620618][ T364] R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffe1c1b8bd0 [ 807.628598][ T364] R13: 0000000003145940 R14: 0000000000000000 R15: 00007ffe1c1b8bd0 [ 807.640409][ T364] Mem-Info: [ 807.643559][ T364] active_anon:1401831 inactive_anon:10891 isolated_anon:0 [ 807.643559][ T364] active_file:236 inactive_file:199 isolated_file:35 [ 807.643559][ T364] unevictable:0 dirty:12 writeback:0 unstable:0 [ 807.643559][ T364] slab_reclaimable:6638 slab_unreclaimable:79423 [ 807.643559][ T364] mapped:60083 shmem:10956 pagetables:42364 bounce:0 [ 807.643559][ T364] free:15494 free_pcp:346 free_cma:0 [ 807.682649][ T364] Node 0 active_anon:5607324kB inactive_anon:43564kB active_file:824kB inactive_file:896kB unevictable:0kB isolated(anon):0kB isolated(file):140kB mapped:240232kB dirty:48kB writeback:0kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 807.706926][ T364] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 807.733226][ T364] lowmem_reserve[]: 0 2912 6416 6416 [ 807.738536][ T364] DMA32 free:28984kB min:20548kB low:23528kB high:26508kB active_anon:2746424kB inactive_anon:12752kB active_file:48kB inactive_file:100kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23840kB pagetables:54628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 807.777927][ T364] lowmem_reserve[]: 0 0 3504 3504 [ 807.789857][ T364] Normal free:20112kB min:5592kB low:9180kB high:12768kB active_anon:2860876kB inactive_anon:30812kB active_file:592kB inactive_file:356kB unevictable:0kB writepending:48kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25824kB pagetables:114828kB bounce:0kB free_pcp:292kB local_pcp:0kB free_cma:0kB [ 807.829831][ T364] lowmem_reserve[]: 0 0 0 0 [ 807.834361][ T364] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 807.847711][ T364] DMA32: 284*4kB (UM) 225*8kB (UE) 904*16kB (UE) 162*32kB (UE) 109*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29560kB [ 807.862725][ T364] Normal: 333*4kB (UEH) 54*8kB (UEH) 27*16kB (UMEH) 278*32kB (UEH) 49*64kB (UMEH) 8*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15252kB [ 807.877669][ T364] 12230 total pagecache pages [ 807.882341][ T364] 0 pages in swap cache [ 807.886475][ T364] Swap cache stats: add 0, delete 0, find 0/0 [ 807.893571][ T364] Free swap = 0kB [ 807.897414][ T364] Total swap = 0kB [ 807.908370][ T364] 1965979 pages RAM 12:57:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:53 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) 12:57:53 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:53 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500001101000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:53 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 807.912542][ T364] 0 pages HighMem/MovableOnly [ 807.917549][ T364] 318829 pages reserved [ 807.922554][ T364] 0 pages cma reserved [ 807.927724][ T364] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=5295,uid=0 [ 807.942024][ T364] Out of memory: Killed process 5295 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34840kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 807.960341][ T23] oom_reaper: reaped process 5295 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 808.070443][ T5314] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 808.078389][ T5314] loop4: partition table partially beyond EOD, truncated [ 808.086822][ T5314] loop4: p1 start 1 is beyond EOD, truncated [ 808.093209][ T5314] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 808.103074][ T5314] loop4: p3 size 2 extends beyond EOD, truncated [ 808.110631][ T5314] loop4: p4 size 32768 extends beyond EOD, truncated [ 808.118310][ T5314] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 808.126586][ T5314] loop4: p6 size 32768 extends beyond EOD, truncated [ 808.144336][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 808.153443][ T154] loop4: partition table partially beyond EOD, truncated 12:57:54 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 808.176212][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 808.200294][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 808.218137][ T154] loop4: p3 size 2 extends beyond EOD, truncated 12:57:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 808.237922][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 808.257812][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 808.266012][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 808.299854][ T5988] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 808.353922][ T5314] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 808.362919][ T5314] loop4: partition table partially beyond EOD, truncated [ 808.386196][ T5314] loop4: p1 start 1 is beyond EOD, truncated 12:57:54 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) [ 808.415445][ T5314] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 808.454146][ T5314] loop4: p3 size 2 extends beyond EOD, truncated 12:57:54 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500001201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 808.481288][ T5314] loop4: p4 size 32768 extends beyond EOD, truncated [ 808.492855][ T5314] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 808.503240][ T5314] loop4: p6 size 32768 extends beyond EOD, truncated [ 808.559218][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 808.564676][ T154] loop4: partition table partially beyond EOD, truncated [ 808.572384][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 808.578617][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 808.587408][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 808.598188][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 808.606314][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 808.615037][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 808.729864][ T5988] usb 1-1: unable to get BOS descriptor or descriptor too short [ 808.809845][ T5988] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 12:57:54 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x0, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 808.975486][ T5361] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 808.985435][ T5361] loop4: partition table partially beyond EOD, truncated [ 808.992886][ T5361] loop4: p1 start 1 is beyond EOD, truncated [ 808.998902][ T5361] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 809.006318][ T5988] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 809.015719][ T5988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.024761][ T5361] loop4: p3 size 2 extends beyond EOD, truncated [ 809.027798][ T5988] usb 1-1: Product: syz [ 809.035473][ T5988] usb 1-1: Manufacturer: syz [ 809.040656][ T5988] usb 1-1: SerialNumber: syz [ 809.040882][ T5361] loop4: p4 size 32768 extends beyond EOD, truncated [ 809.053619][ T5361] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 809.062300][ T5361] loop4: p6 size 32768 extends beyond EOD, truncated [ 809.072157][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 809.077893][ T154] loop4: partition table partially beyond EOD, truncated [ 809.086982][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 809.105323][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 809.156320][ T19] kdevtmpfs invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 809.168007][ T19] CPU: 0 PID: 19 Comm: kdevtmpfs Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 809.178454][ T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.188529][ T19] Call Trace: [ 809.191817][ T19] dump_stack+0x14a/0x1ce [ 809.196142][ T19] ? devkmsg_release+0x11c/0x11c [ 809.201076][ T19] ? show_regs_print_info+0x12/0x12 [ 809.206269][ T19] ? radix_tree_cpu_dead+0x160/0x160 [ 809.211550][ T19] ? _raw_spin_lock+0xa1/0x170 [ 809.216315][ T19] ? _raw_spin_trylock_bh+0x190/0x190 [ 809.221686][ T19] dump_header+0xdb/0x700 [ 809.226016][ T19] oom_kill_process+0xd3/0x280 [ 809.230775][ T19] out_of_memory+0x5b6/0x890 [ 809.235360][ T19] ? unregister_oom_notifier+0x20/0x20 [ 809.240842][ T19] __alloc_pages_slowpath+0x16c2/0x1e50 [ 809.246390][ T19] ? get_page_from_freelist+0x7c0/0x7c0 [ 809.251932][ T19] ? __zone_watermark_ok+0x91/0x280 [ 809.257128][ T19] __alloc_pages_nodemask+0x5cb/0x7c0 [ 809.262506][ T19] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 809.268046][ T19] ? __perf_event_task_sched_in+0x4f7/0x560 [ 809.274100][ T19] ? perf_pmu_sched_task+0x370/0x370 [ 809.279381][ T19] ? switch_mm_irqs_off+0x30a/0x9a0 [ 809.284573][ T19] alloc_slab_page+0x3a/0x3a0 [ 809.289247][ T19] new_slab+0x408/0x450 [ 809.293395][ T19] ___slab_alloc+0x2e0/0x450 [ 809.297976][ T19] ? getname_kernel+0x55/0x2f0 [ 809.302735][ T19] ? getname_kernel+0x55/0x2f0 [ 809.307489][ T19] kmem_cache_alloc+0x23f/0x260 [ 809.312341][ T19] ? _raw_spin_lock+0xa1/0x170 [ 809.317099][ T19] getname_kernel+0x55/0x2f0 [ 809.321682][ T19] kern_path_create+0x1e/0x40 [ 809.326386][ T19] devtmpfsd+0x482/0x13f0 [ 809.330705][ T19] ? devtmpfs_mount+0xa0/0xa0 [ 809.335373][ T19] ? newidle_balance+0x7a3/0x9a0 [ 809.340336][ T19] ? __rcu_read_lock+0x50/0x50 [ 809.345179][ T19] ? find_next_bit+0xf7/0x120 [ 809.349849][ T19] ? _raw_spin_unlock_irq+0x5/0x20 [ 809.354953][ T19] ? _raw_spin_lock_irqsave+0xfc/0x1e0 [ 809.360407][ T19] ? _raw_spin_lock+0x170/0x170 [ 809.365343][ T19] ? __wake_up_locked+0xc2/0x120 [ 809.368232][ T5988] usb 1-1: USB disconnect, device number 16 [ 809.370271][ T19] ? __kthread_parkme+0xb1/0x180 [ 809.370277][ T19] kthread+0x2df/0x300 [ 809.370285][ T19] ? devtmpfs_mount+0xa0/0xa0 [ 809.370291][ T19] ? kthread_destroy_worker+0x280/0x280 [ 809.370304][ T19] ret_from_fork+0x1f/0x30 [ 809.432855][ T19] Mem-Info: [ 809.440720][ T19] active_anon:1402336 inactive_anon:10891 isolated_anon:0 [ 809.440720][ T19] active_file:798 inactive_file:797 isolated_file:0 [ 809.440720][ T19] unevictable:0 dirty:84 writeback:0 unstable:0 [ 809.440720][ T19] slab_reclaimable:6645 slab_unreclaimable:79367 [ 809.440720][ T19] mapped:61073 shmem:10957 pagetables:42468 bounce:0 [ 809.440720][ T19] free:14050 free_pcp:141 free_cma:0 [ 809.492524][ T19] Node 0 active_anon:5606444kB inactive_anon:43564kB active_file:3292kB inactive_file:3188kB unevictable:0kB isolated(anon):48kB isolated(file):0kB mapped:244292kB dirty:336kB writeback:0kB shmem:43828kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 809.518075][ T19] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 809.544979][ T19] lowmem_reserve[]: 0 2912 6416 6416 [ 809.550747][ T19] DMA32 free:28732kB min:4644kB low:7624kB high:10604kB active_anon:2746304kB inactive_anon:12732kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:23712kB pagetables:54628kB bounce:0kB free_pcp:1276kB local_pcp:0kB free_cma:0kB [ 809.581107][ T19] lowmem_reserve[]: 0 0 3504 3504 [ 809.586143][ T19] Normal free:18868kB min:5592kB low:9180kB high:12768kB active_anon:2853772kB inactive_anon:30832kB active_file:3192kB inactive_file:3752kB unevictable:0kB writepending:336kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26016kB pagetables:115244kB bounce:0kB free_pcp:800kB local_pcp:372kB free_cma:0kB [ 809.616853][ T19] lowmem_reserve[]: 0 0 0 0 [ 809.621659][ T19] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 809.635233][ T19] DMA32: 189*4kB (UME) 160*8kB (UME) 904*16kB (UE) 181*32kB (UE) 109*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29268kB [ 809.649873][ T19] Normal: 893*4kB (UMEH) 222*8kB (UMEH) 99*16kB (UMH) 273*32kB (UMH) 20*64kB (UMH) 15*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18868kB [ 809.665347][ T19] 12838 total pagecache pages [ 809.670387][ T19] 0 pages in swap cache [ 809.674532][ T19] Swap cache stats: add 0, delete 0, find 0/0 [ 809.681989][ T19] Free swap = 0kB [ 809.685702][ T19] Total swap = 0kB [ 809.689399][ T19] 1965979 pages RAM [ 809.693814][ T19] 0 pages HighMem/MovableOnly [ 809.698500][ T19] 318829 pages reserved [ 809.703110][ T19] 0 pages cma reserved [ 809.707174][ T19] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=9184,uid=0 [ 809.721597][ T19] Out of memory: Killed process 9184 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 809.741310][ T23] oom_reaper: reaped process 9184 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 809.747723][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 809.759299][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 809.766453][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 809.774380][ T154] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) 12:57:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:56 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:57:56 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500001201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:56 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500001301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:57:56 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 811.030214][ T5380] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 811.035621][ T5380] loop0: partition table partially beyond EOD, truncated [ 811.052848][ T5380] loop0: p1 start 1 is beyond EOD, truncated [ 811.058941][ T5380] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 811.067159][ T5384] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 811.073069][ T5384] loop4: partition table partially beyond EOD, truncated [ 811.080543][ T5380] loop0: p3 size 2 extends beyond EOD, truncated [ 811.081287][ T5384] loop4: p1 start 1 is beyond EOD, truncated [ 811.093883][ T5380] loop0: p4 size 32768 extends beyond EOD, truncated [ 811.093944][ T5384] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 811.110163][ T5384] loop4: p3 size 2 extends beyond EOD, truncated [ 811.116847][ T5380] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 811.129058][ T5384] loop4: p4 size 32768 extends beyond EOD, truncated [ 811.145974][ T5380] loop0: p6 size 32768 extends beyond EOD, truncated [ 811.155986][ T5384] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:57:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 811.199474][ T5384] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 811.391769][ T5384] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 811.397010][ T5384] loop4: partition table partially beyond EOD, truncated [ 811.405109][ T5384] loop4: p1 start 1 is beyond EOD, truncated [ 811.431790][ T5384] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:57:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 811.449748][ T5384] loop4: p3 size 2 extends beyond EOD, truncated [ 811.469936][ T5384] loop4: p4 size 32768 extends beyond EOD, truncated [ 811.516856][ T5384] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 811.534864][ T5384] loop4: p6 size 32768 extends beyond EOD, truncated [ 811.552960][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 811.560244][ T154] loop4: partition table partially beyond EOD, truncated [ 811.576001][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 811.596055][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 811.620587][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 811.643139][ T154] loop4: p4 size 32768 extends beyond EOD, truncated 12:57:57 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500be1401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 811.675793][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 811.695030][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 811.839573][ T3766] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 811.968863][ T5418] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 811.999319][ T5418] CPU: 1 PID: 5418 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 812.009408][ T5418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.019446][ T5418] Call Trace: [ 812.022721][ T5418] dump_stack+0x14a/0x1ce [ 812.027041][ T5418] ? devkmsg_release+0x11c/0x11c [ 812.031950][ T5418] ? show_regs_print_info+0x12/0x12 [ 812.037119][ T5418] ? radix_tree_cpu_dead+0x160/0x160 [ 812.042380][ T5418] ? _raw_spin_lock+0xa1/0x170 [ 812.047118][ T5418] ? _raw_spin_trylock_bh+0x190/0x190 [ 812.052463][ T5418] dump_header+0xdb/0x700 [ 812.056782][ T5418] oom_kill_process+0xd3/0x280 [ 812.061519][ T5418] out_of_memory+0x5b6/0x890 [ 812.066101][ T5418] ? unregister_oom_notifier+0x20/0x20 [ 812.071533][ T5418] __alloc_pages_slowpath+0x16c2/0x1e50 [ 812.077061][ T5418] ? get_page_from_freelist+0x7c0/0x7c0 [ 812.082581][ T5418] __alloc_pages_nodemask+0x5cb/0x7c0 [ 812.087943][ T5418] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 812.093474][ T5418] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 812.099650][ T5418] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 812.105710][ T5418] ? __perf_event_task_sched_in+0x4f7/0x560 [ 812.111578][ T5418] wp_page_copy+0x1cb/0x1120 [ 812.116155][ T5418] ? perf_pmu_sched_task+0x370/0x370 [ 812.121411][ T5418] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 812.126589][ T5418] ? add_mm_rss_vec+0x270/0x270 [ 812.131410][ T5418] ? _raw_spin_unlock_irq+0x5/0x20 [ 812.136495][ T5418] ? finish_task_switch+0x235/0x4c0 [ 812.141684][ T5418] ? vm_normal_page+0x1c9/0x1d0 [ 812.146557][ T5418] do_wp_page+0x4c1/0x1530 [ 812.150946][ T5418] ? _raw_spin_lock+0xa1/0x170 [ 812.155695][ T5418] ? do_swap_page+0x1560/0x1560 [ 812.160529][ T5418] ? ttwu_do_wakeup+0x154/0x5b0 [ 812.165374][ T5418] handle_mm_fault+0xfa5/0x41e0 [ 812.170206][ T5418] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 812.175899][ T5418] ? finish_fault+0x230/0x230 [ 812.180549][ T5418] ? update_curr+0x584/0x740 [ 812.185112][ T5418] ? down_read_trylock+0x17a/0x1d0 [ 812.190197][ T5418] ? _raw_spin_unlock_irq+0x5/0x20 [ 812.195298][ T5418] ? vmacache_find+0x47a/0x4b0 [ 812.200816][ T5418] do_user_addr_fault+0x48a/0x9f0 [ 812.205827][ T5418] page_fault+0x2f/0x40 [ 812.209959][ T5418] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 812.216519][ T5418] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 812.236098][ T5418] RSP: 0018:ffff888055c1f888 EFLAGS: 00010206 [ 812.242150][ T5418] RAX: ffffffff81f86901 RBX: 00000000202c3500 RCX: 0000000000000500 [ 812.250098][ T5418] RDX: 0000000000001000 RSI: ffff88818d5d4b00 RDI: 00000000202c3000 [ 812.258130][ T5418] RBP: ffff888055c1fda8 R08: dffffc0000000000 R09: ffffed1031abaa00 [ 812.266092][ T5418] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 812.274038][ T5418] R13: 0000000000001000 R14: ffff88818d5d4000 R15: 00000000202c2500 [ 812.282218][ T5418] ? copyout+0x51/0xb0 [ 812.286272][ T5418] copyout+0x8e/0xb0 [ 812.290168][ T5418] copy_page_to_iter+0x393/0xbd0 [ 812.295190][ T5418] pipe_to_user+0xa3/0x130 [ 812.299664][ T5418] __splice_from_pipe+0x2d3/0x870 [ 812.304678][ T5418] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 812.310228][ T5418] do_vmsplice+0x252/0xee0 [ 812.314636][ T5418] ? avc_ss_reset+0x3a0/0x3a0 [ 812.319296][ T5418] ? write_pipe_buf+0x1d0/0x1d0 [ 812.324127][ T5418] ? __rcu_read_lock+0x50/0x50 [ 812.328863][ T5418] ? check_stack_object+0x5a/0x90 [ 812.334120][ T5418] ? _copy_from_user+0xa4/0xe0 [ 812.338870][ T5418] ? rw_copy_check_uvector+0x2b3/0x310 [ 812.344321][ T5418] ? import_iovec+0x1c2/0x380 [ 812.348981][ T5418] ? dup_iter+0x110/0x110 [ 812.353644][ T5418] ? do_vfs_ioctl+0x780/0x1750 [ 812.358385][ T5418] __se_sys_vmsplice+0x1fb/0x300 [ 812.363408][ T5418] ? __x64_sys_vmsplice+0xa0/0xa0 [ 812.368405][ T5418] ? put_timespec64+0x109/0x150 [ 812.373316][ T5418] ? __x64_sys_clock_gettime+0x20d/0x260 [ 812.379023][ T5418] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 812.384732][ T5418] do_syscall_64+0xcb/0x150 [ 812.389231][ T5418] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 812.395094][ T5418] RIP: 0033:0x45d239 [ 812.398973][ T5418] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 812.418549][ T5418] RSP: 002b:00007f4b5e188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 812.426931][ T5418] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 812.434874][ T5418] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 812.442913][ T5418] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 812.450880][ T5418] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 812.458910][ T5418] R13: 00007ffeae16178f R14: 00007f4b5e1899c0 R15: 000000000118d08c [ 812.649750][ T3766] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 812.808754][ T5418] Mem-Info: [ 812.812254][ T5418] active_anon:1402638 inactive_anon:10889 isolated_anon:0 [ 812.812254][ T5418] active_file:304 inactive_file:300 isolated_file:46 [ 812.812254][ T5418] unevictable:0 dirty:2 writeback:0 unstable:0 [ 812.812254][ T5418] slab_reclaimable:6629 slab_unreclaimable:79382 [ 812.812254][ T5418] mapped:60338 shmem:10955 pagetables:42500 bounce:0 [ 812.812254][ T5418] free:14396 free_pcp:306 free_cma:0 [ 812.829602][ T3766] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 812.852801][ T5418] Node 0 active_anon:5610552kB inactive_anon:43556kB active_file:1216kB inactive_file:1200kB unevictable:0kB isolated(anon):0kB isolated(file):184kB mapped:241352kB dirty:8kB writeback:0kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 812.926439][ T3766] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.938886][ T3766] usb 6-1: Product: syz [ 812.943332][ T3766] usb 6-1: Manufacturer: syz [ 812.948096][ T3766] usb 6-1: SerialNumber: syz [ 812.953194][ T5418] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 812.979693][ T5418] lowmem_reserve[]: 0 2912 6416 6416 [ 812.985341][ T5418] DMA32 free:33944kB min:20548kB low:23528kB high:26508kB active_anon:2747216kB inactive_anon:12732kB active_file:0kB inactive_file:124kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24320kB pagetables:54640kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 813.022283][ T5418] lowmem_reserve[]: 0 0 3504 3504 [ 813.027467][ T5418] Normal free:9832kB min:5592kB low:9180kB high:12768kB active_anon:2863336kB inactive_anon:30824kB active_file:644kB inactive_file:740kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25664kB pagetables:115360kB bounce:0kB free_pcp:644kB local_pcp:108kB free_cma:0kB [ 813.069268][ T5418] lowmem_reserve[]: 0 0 0 0 [ 813.074695][ T5418] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 813.101020][ T5418] DMA32: 46*4kB (U) 207*8kB (UE) 929*16kB (UE) 297*32kB (UE) 114*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33504kB [ 813.154991][ T5418] Normal: 582*4kB (UEH) 132*8kB (UMEH) 98*16kB (UH) 32*32kB (UMH) 4*64kB (MH) 4*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6744kB [ 813.188588][ T5418] 12057 total pagecache pages [ 813.199514][ T5418] 0 pages in swap cache [ 813.203971][ T5418] Swap cache stats: add 0, delete 0, find 0/0 [ 813.225397][ T5418] Free swap = 0kB [ 813.229147][ T5418] Total swap = 0kB [ 813.233057][ T5418] 1965979 pages RAM [ 813.236954][ T5418] 0 pages HighMem/MovableOnly [ 813.241758][ T5418] 318829 pages reserved [ 813.245902][ T5418] 0 pages cma reserved [ 813.250072][ T5418] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=27026,uid=0 [ 813.264358][ T5418] Out of memory: Killed process 27026 (syz-executor.0) total-vm:85344kB, anon-rss:16552kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 813.290409][ T23] oom_reaper: reaped process 27026 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:57:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:57:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 813.439943][ T5434] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 813.445491][ T5434] loop4: partition table partially beyond EOD, truncated [ 813.454763][ T5434] loop4: p1 start 1 is beyond EOD, truncated [ 813.461153][ T5434] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 813.472682][ T5434] loop4: p3 size 2 extends beyond EOD, truncated [ 813.479786][ T5434] loop4: p4 size 32768 extends beyond EOD, truncated [ 813.487059][ T5434] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 813.495216][ T5434] loop4: p6 size 32768 extends beyond EOD, truncated 12:57:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 813.560151][ T5988] usb 6-1: USB disconnect, device number 35 12:57:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 813.616433][ T5434] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 813.630223][ T5434] loop4: partition table partially beyond EOD, truncated [ 813.681207][ T5434] loop4: p1 start 1 is beyond EOD, truncated [ 813.699253][ T5434] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 813.713496][ T5434] loop4: p3 size 2 extends beyond EOD, truncated [ 813.721758][ T5434] loop4: p4 size 32768 extends beyond EOD, truncated [ 813.730257][ T5434] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 813.738858][ T5434] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:00 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:58:00 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:00 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500021c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:00 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 814.690559][ T5475] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 814.700711][ T5475] loop4: partition table partially beyond EOD, truncated [ 814.717156][ T5475] loop4: p1 start 1 is beyond EOD, truncated [ 814.726677][ T5475] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 814.738382][ T5475] loop4: p3 size 2 extends beyond EOD, truncated [ 814.748037][ T5475] loop4: p4 size 32768 extends beyond EOD, truncated [ 814.757901][ T5475] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 814.775044][ T5475] loop4: p6 size 32768 extends beyond EOD, truncated [ 814.919373][ T3766] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 815.299468][ T3766] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 815.489411][ T3766] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 815.512656][ T3766] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 815.543101][ T3766] usb 6-1: Product: syz [ 815.580722][ T3766] usb 6-1: Manufacturer: syz [ 815.606140][ T3766] usb 6-1: SerialNumber: syz 12:58:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:01 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:01 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500001f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 816.357901][ T5503] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 816.370794][ T5503] loop4: partition table partially beyond EOD, truncated [ 816.383109][ T5503] loop4: p1 start 1 is beyond EOD, truncated [ 816.408952][ T3766] usb 6-1: USB disconnect, device number 36 [ 816.450064][ T5503] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 816.714635][ T5503] loop4: p3 size 2 extends beyond EOD, truncated [ 816.998339][ T5503] loop4: p4 size 32768 extends beyond EOD, truncated [ 817.013621][ T5503] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 817.025384][ T5503] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:03 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500002001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:03 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 817.839974][ T5525] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 817.863898][ T5525] loop4: partition table partially beyond EOD, truncated [ 817.876966][ T4317] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 817.892891][ T5525] loop4: p1 start 1 is beyond EOD, truncated [ 817.896980][ T4317] CPU: 0 PID: 4317 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 817.908848][ T4317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.918894][ T4317] Call Trace: [ 817.922218][ T4317] dump_stack+0x14a/0x1ce [ 817.925146][ T5525] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 817.926715][ T4317] ? devkmsg_release+0x11c/0x11c [ 817.926731][ T4317] ? show_regs_print_info+0x12/0x12 [ 817.943943][ T4317] ? radix_tree_cpu_dead+0x160/0x160 [ 817.950004][ T4317] ? _raw_spin_lock+0xa1/0x170 [ 817.954767][ T4317] ? _raw_spin_trylock_bh+0x190/0x190 [ 817.960147][ T4317] dump_header+0xdb/0x700 [ 817.964482][ T4317] oom_kill_process+0xd3/0x280 [ 817.969239][ T4317] out_of_memory+0x5b6/0x890 [ 817.973829][ T4317] ? unregister_oom_notifier+0x20/0x20 [ 817.979290][ T4317] __alloc_pages_slowpath+0x16c2/0x1e50 [ 817.984835][ T4317] ? get_page_from_freelist+0x7c0/0x7c0 [ 817.990373][ T4317] ? __zone_watermark_ok+0x91/0x280 [ 817.995575][ T4317] __alloc_pages_nodemask+0x5cb/0x7c0 [ 818.000942][ T4317] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 818.006476][ T4317] ? stack_trace_save+0x1f0/0x1f0 [ 818.011505][ T4317] ? avc_has_perm_noaudit+0x30c/0x400 [ 818.016871][ T4317] alloc_slab_page+0x3a/0x3a0 [ 818.021630][ T4317] new_slab+0x408/0x450 [ 818.025779][ T4317] ? should_fail+0x18e/0x860 [ 818.030365][ T4317] ___slab_alloc+0x2e0/0x450 [ 818.035073][ T4317] ? avc_has_perm+0xd5/0x280 [ 818.039663][ T4317] ? avc_has_perm+0x176/0x280 [ 818.044337][ T4317] ? kvmalloc_node+0xc2/0x120 [ 818.049096][ T4317] __kmalloc+0x2ac/0x2d0 [ 818.049468][ T5525] loop4: p3 size 2 extends beyond EOD, truncated [ 818.053325][ T4317] ? kvmalloc_node+0xc2/0x120 [ 818.053333][ T4317] kvmalloc_node+0xc2/0x120 [ 818.053340][ T4317] seq_read+0x217/0xd30 [ 818.053355][ T4317] ? __secure_computing+0x250/0x250 [ 818.075493][ T5525] loop4: p4 size 32768 extends beyond EOD, truncated [ 818.078116][ T4317] ? kernfs_notify_workfn+0x570/0x570 [ 818.078123][ T4317] __vfs_read+0xfa/0x710 [ 818.078136][ T4317] ? rw_verify_area+0x340/0x340 [ 818.098134][ T5525] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 818.099180][ T4317] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 818.099187][ T4317] ? __fsnotify_parent+0x310/0x310 [ 818.099196][ T4317] ? security_file_permission+0x1e9/0x300 [ 818.099203][ T4317] vfs_read+0x166/0x380 [ 818.099215][ T4317] ksys_read+0x18c/0x2c0 [ 818.116636][ T5525] loop4: p6 size 32768 extends beyond EOD, truncated [ 818.118228][ T4317] ? do_syscall_64+0x150/0x150 [ 818.118237][ T4317] ? vfs_write+0x4f0/0x4f0 [ 818.118251][ T4317] do_syscall_64+0xcb/0x150 [ 818.152585][ T4317] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 818.158469][ T4317] RIP: 0033:0x7f106ca35910 [ 818.162883][ T4317] Code: Bad RIP value. [ 818.166947][ T4317] RSP: 002b:00007ffc17d81ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 818.175348][ T4317] RAX: ffffffffffffffda RBX: 00005629ca559d90 RCX: 00007f106ca35910 [ 818.183319][ T4317] RDX: 0000000000001000 RSI: 00005629ca559fc0 RDI: 0000000000000007 [ 818.191284][ T4317] RBP: 00007f106ccf0440 R08: 00007f106ccf4308 R09: 0000000000001010 [ 818.199262][ T4317] R10: 00005629ca559d90 R11: 0000000000000246 R12: 0000000000001000 [ 818.207665][ T4317] R13: 0000000000000d68 R14: 00005629ca559fc0 R15: 00007f106ccef900 [ 818.238078][ T4317] Mem-Info: [ 818.241364][ T4317] active_anon:1403760 inactive_anon:10886 isolated_anon:0 [ 818.241364][ T4317] active_file:247 inactive_file:270 isolated_file:90 [ 818.241364][ T4317] unevictable:0 dirty:7 writeback:0 unstable:0 [ 818.241364][ T4317] slab_reclaimable:6622 slab_unreclaimable:79015 [ 818.241364][ T4317] mapped:60206 shmem:10951 pagetables:42527 bounce:0 [ 818.241364][ T4317] free:13974 free_pcp:0 free_cma:0 [ 818.279069][ T4317] Node 0 active_anon:5615040kB inactive_anon:43544kB active_file:988kB inactive_file:1080kB unevictable:0kB isolated(anon):0kB isolated(file):232kB mapped:240824kB dirty:28kB writeback:0kB shmem:43804kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 818.303395][ T4317] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 818.355439][ T4317] lowmem_reserve[]: 0 2912 6416 6416 [ 818.360863][ T4317] DMA32 free:31036kB min:20548kB low:23528kB high:26508kB active_anon:2745572kB inactive_anon:12756kB active_file:888kB inactive_file:788kB unevictable:0kB writepending:8kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24352kB pagetables:54964kB bounce:0kB free_pcp:104kB local_pcp:60kB free_cma:0kB [ 818.417118][ T4317] lowmem_reserve[]: 0 0 3504 3504 [ 818.439121][ T4317] Normal free:9460kB min:24744kB low:28332kB high:31920kB active_anon:2868872kB inactive_anon:30788kB active_file:352kB inactive_file:484kB unevictable:0kB writepending:20kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25696kB pagetables:115144kB bounce:0kB free_pcp:104kB local_pcp:28kB free_cma:0kB [ 818.473580][ T4317] lowmem_reserve[]: 0 0 0 0 [ 818.478102][ T4317] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 818.491648][ T4317] DMA32: 153*4kB (UM) 165*8kB (UM) 920*16kB (UME) 233*32kB (UE) 117*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 31596kB [ 818.505897][ T4317] Normal: 254*4kB (UMEH) 160*8kB (UMEH) 117*16kB (UMH) 159*32kB (UMH) 3*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9576kB [ 818.520683][ T4317] 11240 total pagecache pages [ 818.525483][ T4317] 0 pages in swap cache [ 818.529640][ T4317] Swap cache stats: add 0, delete 0, find 0/0 [ 818.535844][ T4317] Free swap = 0kB [ 818.539561][ T4317] Total swap = 0kB [ 818.543257][ T4317] 1965979 pages RAM [ 818.547033][ T4317] 0 pages HighMem/MovableOnly [ 818.551693][ T4317] 318829 pages reserved [ 818.555824][ T4317] 0 pages cma reserved [ 818.559978][ T4317] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=30984,uid=0 [ 818.574079][ T4317] Out of memory: Killed process 30984 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:58:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:58:04 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500002501000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 818.761177][ T5537] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 818.781170][ T5537] loop4: partition table partially beyond EOD, truncated [ 818.834458][ T5537] loop4: p1 start 1 is beyond EOD, truncated [ 818.868784][ T5537] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:58:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 818.914479][ T5537] loop4: p3 size 2 extends beyond EOD, truncated [ 818.953672][ T5537] loop4: p4 size 32768 extends beyond EOD, truncated [ 818.966141][ T5537] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 818.979118][ T5988] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 819.010259][ T5537] loop4: p6 size 32768 extends beyond EOD, truncated [ 819.087231][ T2] kthreadd invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 819.106620][ T2] CPU: 1 PID: 2 Comm: kthreadd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 819.115930][ T2] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.126064][ T2] Call Trace: [ 819.129386][ T2] dump_stack+0x14a/0x1ce [ 819.133707][ T2] ? devkmsg_release+0x11c/0x11c [ 819.138636][ T2] ? show_regs_print_info+0x12/0x12 [ 819.143822][ T2] ? radix_tree_cpu_dead+0x160/0x160 [ 819.149095][ T2] ? _raw_spin_lock+0xa1/0x170 [ 819.153910][ T2] ? _raw_spin_trylock_bh+0x190/0x190 [ 819.159357][ T2] dump_header+0xdb/0x700 [ 819.163676][ T2] oom_kill_process+0xd3/0x280 [ 819.168537][ T2] out_of_memory+0x5b6/0x890 [ 819.173119][ T2] ? unregister_oom_notifier+0x20/0x20 [ 819.178741][ T2] __alloc_pages_slowpath+0x16c2/0x1e50 [ 819.184728][ T2] ? get_page_from_freelist+0x7c0/0x7c0 [ 819.190349][ T2] ? __zone_watermark_ok+0x91/0x280 [ 819.195555][ T2] __alloc_pages_nodemask+0x5cb/0x7c0 [ 819.201097][ T2] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 819.206639][ T2] ? copy_process+0x5a4/0x5110 [ 819.211485][ T2] ? kmem_cache_alloc+0x1d5/0x260 [ 819.216515][ T2] copy_process+0x5f3/0x5110 [ 819.221101][ T2] ? native_apic_mem_read+0x40/0x40 [ 819.226294][ T2] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 819.232356][ T2] ? fork_idle+0x290/0x290 [ 819.236763][ T2] ? speculation_ctrl_update_tif+0xe0/0xe0 [ 819.242652][ T2] _do_fork+0x196/0x920 [ 819.246806][ T2] ? dup_mm+0x300/0x300 [ 819.250955][ T2] kernel_thread+0x161/0x1c0 [ 819.255559][ T2] ? kthread_destroy_worker+0x280/0x280 [ 819.261098][ T2] ? legacy_clone_args_valid+0x50/0x50 [ 819.266550][ T2] ? kthread_destroy_worker+0x280/0x280 [ 819.272085][ T2] ? kthreadd+0x3f9/0x530 [ 819.276403][ T2] kthreadd+0x3ed/0x530 [ 819.280590][ T2] ? kthread_stop+0x3d0/0x3d0 [ 819.285515][ T2] ? recalc_sigpending+0x199/0x220 [ 819.290617][ T2] ? kthread_stop+0x3d0/0x3d0 [ 819.295282][ T2] ret_from_fork+0x1f/0x30 [ 819.315871][ T2] Mem-Info: [ 819.327068][ T2] active_anon:1402866 inactive_anon:10888 isolated_anon:3 [ 819.327068][ T2] active_file:928 inactive_file:922 isolated_file:104 [ 819.327068][ T2] unevictable:0 dirty:49 writeback:0 unstable:0 [ 819.327068][ T2] slab_reclaimable:6626 slab_unreclaimable:78755 [ 819.327068][ T2] mapped:61625 shmem:10952 pagetables:42535 bounce:0 [ 819.327068][ T2] free:13177 free_pcp:273 free_cma:0 [ 819.386247][ T2] Node 0 active_anon:5611464kB inactive_anon:43552kB active_file:3052kB inactive_file:3016kB unevictable:0kB isolated(anon):12kB isolated(file):128kB mapped:245100kB dirty:196kB writeback:0kB shmem:43808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 819.424853][ T2] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 819.498114][ T2] lowmem_reserve[]: 0 2912 6416 6416 [ 819.529054][ T2] DMA32 free:32412kB min:20548kB low:23528kB high:26508kB active_anon:2741172kB inactive_anon:12760kB active_file:1884kB inactive_file:2052kB unevictable:0kB writepending:76kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24480kB pagetables:55116kB bounce:0kB free_pcp:436kB local_pcp:364kB free_cma:0kB [ 819.567588][ T2] lowmem_reserve[]: 0 0 3504 3504 [ 819.589043][ T2] Normal free:9936kB min:24744kB low:28332kB high:31920kB active_anon:2869640kB inactive_anon:30792kB active_file:308kB inactive_file:200kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25696kB pagetables:115024kB bounce:0kB free_pcp:52kB local_pcp:0kB free_cma:0kB [ 819.635476][ T2] lowmem_reserve[]: 0 0 0 0 [ 819.640424][ T2] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 819.654126][ T2] DMA32: 810*4kB (UM) 362*8kB (UME) 795*16kB (UME) 225*32kB (UME) 109*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 33032kB [ 819.670699][ T2] Normal: 67*4kB (UH) 90*8kB (UMH) 116*16kB (UH) 207*32kB (UH) 3*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9788kB [ 819.715010][ T2] 11543 total pagecache pages [ 819.727370][ T2] 0 pages in swap cache [ 819.732262][ T2] Swap cache stats: add 0, delete 0, find 0/0 [ 819.738510][ T2] Free swap = 0kB [ 819.751137][ T2] Total swap = 0kB [ 819.755548][ T2] 1965979 pages RAM [ 819.760267][ T2] 0 pages HighMem/MovableOnly [ 819.765684][ T2] 318829 pages reserved [ 819.773371][ T2] 0 pages cma reserved [ 819.778349][ T2] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=28183,uid=0 [ 819.793425][ T2] Out of memory: Killed process 28183 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 819.816036][ T23] oom_reaper: reaped process 28183 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:58:05 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bf2601000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 819.939185][ T5988] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 12:58:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 820.092229][ T5564] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 820.097445][ T5564] loop4: partition table partially beyond EOD, truncated [ 820.112975][ T5564] loop4: p1 start 1 is beyond EOD, truncated [ 820.128881][ T5564] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:58:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 820.153246][ T5564] loop4: p3 size 2 extends beyond EOD, truncated [ 820.184744][ T5564] loop4: p4 size 32768 extends beyond EOD, truncated [ 820.197417][ T5564] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 820.199131][ T5988] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 820.216423][ T5564] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 820.252920][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 820.283875][ T5988] usb 6-1: Product: syz [ 820.288911][ T5988] usb 6-1: Manufacturer: syz [ 820.294513][ T5988] usb 6-1: SerialNumber: syz [ 820.393002][ T5564] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 820.408511][ T5564] loop4: partition table partially beyond EOD, truncated [ 820.426436][ T5564] loop4: p1 start 1 is beyond EOD, truncated [ 820.442823][ T5564] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 820.462016][ T5564] loop4: p3 size 2 extends beyond EOD, truncated [ 820.479881][ T5564] loop4: p4 size 32768 extends beyond EOD, truncated [ 820.517904][ T5564] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 820.557396][ T5564] loop4: p6 size 32768 extends beyond EOD, truncated [ 820.711124][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 820.716362][ T154] loop4: partition table partially beyond EOD, truncated [ 820.722314][ T5988] usb 6-1: USB disconnect, device number 37 [ 820.749209][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 820.755694][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 820.764792][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 820.773146][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 820.781967][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 820.790790][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 821.243767][ T339] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 821.264029][ T339] CPU: 0 PID: 339 Comm: syz-fuzzer Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 821.273817][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.283860][ T339] Call Trace: [ 821.287141][ T339] dump_stack+0x14a/0x1ce [ 821.291458][ T339] ? devkmsg_release+0x11c/0x11c [ 821.296387][ T339] ? show_regs_print_info+0x12/0x12 [ 821.301575][ T339] ? radix_tree_cpu_dead+0x160/0x160 [ 821.307491][ T339] ? _raw_spin_lock+0xa1/0x170 [ 821.312247][ T339] ? _raw_spin_trylock_bh+0x190/0x190 [ 821.317608][ T339] dump_header+0xdb/0x700 [ 821.321929][ T339] oom_kill_process+0xd3/0x280 [ 821.326681][ T339] out_of_memory+0x5b6/0x890 [ 821.331267][ T339] ? unregister_oom_notifier+0x20/0x20 [ 821.336835][ T339] __alloc_pages_slowpath+0x16c2/0x1e50 [ 821.342366][ T339] ? get_page_from_freelist+0x7c0/0x7c0 [ 821.347901][ T339] __alloc_pages_nodemask+0x5cb/0x7c0 [ 821.353789][ T339] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 821.359412][ T339] pagecache_get_page+0x50f/0x880 [ 821.364408][ T339] filemap_fault+0x14cb/0x1a30 [ 821.369316][ T339] ? __down_read+0xf1/0x210 [ 821.373820][ T339] ? generic_file_read_iter+0x20b0/0x20b0 [ 821.379511][ T339] ext4_filemap_fault+0x7b/0x90 [ 821.384356][ T339] handle_mm_fault+0x29ca/0x41e0 [ 821.391001][ T339] ? finish_fault+0x230/0x230 [ 821.395654][ T339] ? down_read_trylock+0x17a/0x1d0 [ 821.400745][ T339] ? fput_many+0x42/0x1a0 [ 821.405046][ T339] ? vmacache_find+0x205/0x4b0 [ 821.409778][ T339] do_user_addr_fault+0x48a/0x9f0 [ 821.414771][ T339] page_fault+0x2f/0x40 [ 821.418911][ T339] RIP: 0033:0x4e29f0 [ 821.422803][ T339] Code: Bad RIP value. [ 821.426860][ T339] RSP: 002b:000000c00066f4a0 EFLAGS: 00010206 [ 821.432910][ T339] RAX: 000000c00ae8e9c0 RBX: 000000c00ae8e9c0 RCX: 0000000000000001 [ 821.440853][ T339] RDX: 000000000090f7a0 RSI: 0000000000000010 RDI: 000000c0044ae9e0 [ 821.448793][ T339] RBP: 000000c00066f500 R08: 0000000000000059 R09: 0000000000000048 [ 821.457874][ T339] R10: 0000000000ad85a8 R11: 0000000000000001 R12: ffffffffffffffff [ 821.465912][ T339] R13: 000000000000009f R14: 000000000000009e R15: 0000000000000200 [ 821.475601][ T339] Mem-Info: [ 821.481286][ T339] active_anon:1402568 inactive_anon:10890 isolated_anon:0 [ 821.481286][ T339] active_file:466 inactive_file:480 isolated_file:64 [ 821.481286][ T339] unevictable:0 dirty:29 writeback:0 unstable:0 [ 821.481286][ T339] slab_reclaimable:6650 slab_unreclaimable:78613 [ 821.481286][ T339] mapped:60676 shmem:10956 pagetables:42616 bounce:0 [ 821.481286][ T339] free:14702 free_pcp:2 free_cma:0 [ 821.519860][ T339] Node 0 active_anon:5610272kB inactive_anon:43560kB active_file:1864kB inactive_file:1920kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:242604kB dirty:116kB writeback:0kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 821.545548][ T339] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 821.572178][ T339] lowmem_reserve[]: 0 2912 6416 6416 [ 821.577694][ T339] DMA32 free:28840kB min:16452kB low:19432kB high:22412kB active_anon:2743572kB inactive_anon:12748kB active_file:1436kB inactive_file:1712kB unevictable:0kB writepending:104kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24320kB pagetables:55356kB bounce:0kB free_pcp:352kB local_pcp:132kB free_cma:0kB [ 821.636651][ T339] lowmem_reserve[]: 0 0 3504 3504 [ 821.642360][ T339] Normal free:13412kB min:5592kB low:9180kB high:12768kB active_anon:2866824kB inactive_anon:30812kB active_file:660kB inactive_file:692kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25664kB pagetables:115108kB bounce:0kB free_pcp:580kB local_pcp:500kB free_cma:0kB [ 821.708926][ T339] lowmem_reserve[]: 0 0 0 0 [ 821.714125][ T339] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 821.728103][ T339] DMA32: 293*4kB (UME) 210*8kB (UME) 764*16kB (UME) 229*32kB (UME) 112*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29572kB [ 821.743103][ T339] Normal: 145*4kB (UH) 113*8kB (UEH) 113*16kB (UH) 258*32kB (UEH) 2*64kB (H) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11804kB [ 821.757949][ T339] 12056 total pagecache pages [ 821.762941][ T339] 0 pages in swap cache [ 821.767093][ T339] Swap cache stats: add 0, delete 0, find 0/0 [ 821.773690][ T339] Free swap = 0kB [ 821.777425][ T339] Total swap = 0kB [ 821.798573][ T339] 1965979 pages RAM [ 821.802784][ T339] 0 pages HighMem/MovableOnly [ 821.807457][ T339] 318829 pages reserved [ 821.812114][ T339] 0 pages cma reserved [ 821.816182][ T339] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=26810,uid=0 [ 821.833707][ T339] Out of memory: Killed process 26810 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:58:07 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:07 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500002801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 821.857851][ T23] oom_reaper: reaped process 26810 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:58:07 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:58:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 822.001905][ T5599] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 822.009251][ T5599] loop4: partition table partially beyond EOD, truncated [ 822.027380][ T5599] loop4: p1 start 1 is beyond EOD, truncated [ 822.033968][ T5599] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 822.043028][ T5599] loop4: p3 size 2 extends beyond EOD, truncated 12:58:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) [ 822.051254][ T5599] loop4: p4 size 32768 extends beyond EOD, truncated [ 822.058694][ T5599] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 822.068416][ T5599] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 822.212774][ T5599] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 822.218085][ T5599] loop4: partition table partially beyond EOD, truncated [ 822.240656][ T5599] loop4: p1 start 1 is beyond EOD, truncated 12:58:08 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500012a01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 822.258687][ T5599] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 822.280162][ T5599] loop4: p3 size 2 extends beyond EOD, truncated [ 822.289643][ T5599] loop4: p4 size 32768 extends beyond EOD, truncated [ 822.298386][ T5599] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 822.308210][ T5599] loop4: p6 size 32768 extends beyond EOD, truncated [ 822.378861][ T3766] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 822.398928][ T4631] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 822.447572][ T5632] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 822.453192][ T5632] loop4: partition table partially beyond EOD, truncated [ 822.461432][ T5632] loop4: p1 start 1 is beyond EOD, truncated [ 822.467755][ T5632] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 822.475774][ T5632] loop4: p3 size 2 extends beyond EOD, truncated [ 822.483076][ T5632] loop4: p4 size 32768 extends beyond EOD, truncated 12:58:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 822.491345][ T5632] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 822.500298][ T5632] loop4: p6 size 32768 extends beyond EOD, truncated [ 822.510127][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 822.515856][ T154] loop4: partition table partially beyond EOD, truncated [ 822.524076][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 822.530872][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:58:08 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500023c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 822.542329][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 822.555601][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 822.563348][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 822.571823][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 822.648824][ T3766] usb 6-1: device descriptor read/64, error 18 [ 822.758937][ T4631] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 822.967639][ T4631] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 822.979560][ T4631] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 822.987979][ T4631] usb 1-1: Product: syz [ 823.001752][ T4631] usb 1-1: Manufacturer: syz [ 823.006369][ T4631] usb 1-1: SerialNumber: syz [ 823.038848][ T3766] usb 6-1: device descriptor read/64, error 18 [ 823.039490][ T5644] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 823.072085][ T5644] loop4: partition table partially beyond EOD, truncated [ 823.079635][ T5644] loop4: p1 start 1 is beyond EOD, truncated 12:58:09 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 823.085896][ T5644] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 823.093908][ T5644] loop4: p3 size 2 extends beyond EOD, truncated [ 823.101105][ T5644] loop4: p4 size 32768 extends beyond EOD, truncated [ 823.109410][ T5644] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 823.117293][ T5644] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:09 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bd3c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 823.232501][ T5655] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 823.248413][ T5655] loop4: partition table partially beyond EOD, truncated [ 823.256566][ T5655] loop4: p1 start 1 is beyond EOD, truncated [ 823.263121][ T5655] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 823.271660][ T5655] loop4: p3 size 2 extends beyond EOD, truncated [ 823.276725][ T5988] usb 1-1: USB disconnect, device number 17 [ 823.278563][ T5655] loop4: p4 size 32768 extends beyond EOD, truncated [ 823.302659][ T5655] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 823.309895][ T3766] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 823.327681][ T5655] loop4: p6 size 32768 extends beyond EOD, truncated [ 823.337424][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 823.344548][ T154] loop4: partition table partially beyond EOD, truncated [ 823.353000][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 823.359371][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 823.367301][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 823.374834][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 823.382474][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 823.390448][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 823.481881][ T5655] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 823.487297][ T5655] loop4: partition table partially beyond EOD, truncated [ 823.496777][ T5655] loop4: p1 start 1 is beyond EOD, truncated [ 823.508296][ T5655] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 823.523677][ T5655] loop4: p3 size 2 extends beyond EOD, truncated [ 823.534067][ T5655] loop4: p4 size 32768 extends beyond EOD, truncated [ 823.549195][ T5655] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 823.559347][ T5655] loop4: p6 size 32768 extends beyond EOD, truncated [ 823.588799][ T3766] usb 6-1: device descriptor read/64, error 18 [ 823.601209][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 823.607259][ T154] loop4: partition table partially beyond EOD, truncated [ 823.614933][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 823.621076][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 823.628638][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 823.635606][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 823.642897][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 823.650635][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 823.978774][ T3766] usb 6-1: device descriptor read/64, error 18 [ 824.098819][ T3766] usb usb6-port1: attempt power cycle [ 824.808730][ T3766] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 824.898728][ T3766] usb 6-1: Invalid ep0 maxpacket: 0 12:58:10 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:10 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:58:10 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bf2601000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 825.048706][ T3766] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 825.168680][ T3766] usb 6-1: device descriptor read/8, error -71 [ 825.223882][ T5674] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 825.231397][ T5674] loop4: partition table partially beyond EOD, truncated [ 825.265293][ T5674] loop4: p1 start 1 is beyond EOD, truncated [ 825.293537][ T5674] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 825.327362][ T5674] loop4: p3 size 2 extends beyond EOD, truncated [ 825.362390][ T5678] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 825.368419][ T5678] loop0: partition table partially beyond EOD, truncated 12:58:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 825.378680][ T3766] usb 6-1: device descriptor read/8, error -71 [ 825.386709][ T5674] loop4: p4 size 32768 extends beyond EOD, truncated [ 825.416277][ T5674] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:58:11 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, 0x0) preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 825.422852][ T5678] loop0: p1 start 1 is beyond EOD, truncated [ 825.427687][ T5674] loop4: p6 size 32768 extends beyond EOD, truncated [ 825.455526][ T5678] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 825.466633][ T5678] loop0: p3 size 2 extends beyond EOD, truncated [ 825.477943][ T5678] loop0: p4 size 32768 extends beyond EOD, truncated [ 825.498830][ T3766] usb usb6-port1: unable to enumerate USB device [ 825.571105][ T5678] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 825.586056][ T5674] __loop_clr_fd: partition scan of loop4 failed (rc=-16) [ 825.608190][ T5678] loop0: p6 size 32768 extends beyond EOD, truncated [ 825.660464][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 825.666430][ T154] loop4: partition table partially beyond EOD, truncated [ 825.687888][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 825.713298][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 825.759129][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 825.848640][ T3766] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 825.958690][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 825.978778][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 825.989898][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 826.006807][ T5674] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 826.013396][ T5674] loop4: partition table partially beyond EOD, truncated [ 826.028260][ T5674] loop4: p1 start 1 is beyond EOD, truncated [ 826.059165][ T5674] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 826.074015][ T5674] loop4: p3 size 2 extends beyond EOD, truncated [ 826.081954][ T5674] loop4: p4 size 32768 extends beyond EOD, truncated [ 826.108952][ T5674] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 826.118586][ T3766] usb 6-1: device descriptor read/64, error 18 [ 826.129530][ T5674] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:12 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:12 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:12 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500004001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 826.508573][ T3766] usb 6-1: device descriptor read/64, error 18 [ 826.529002][ T5712] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 826.540763][ T5712] loop4: partition table partially beyond EOD, truncated [ 826.568617][ T5712] loop4: p1 start 1 is beyond EOD, truncated [ 826.590654][ T5713] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 826.596547][ T5713] loop0: partition table partially beyond EOD, truncated [ 826.607602][ T5712] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 826.624796][ T5713] loop0: p1 start 1 is beyond EOD, truncated [ 826.637826][ T5712] loop4: p3 size 2 extends beyond EOD, truncated [ 826.650783][ T5713] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 826.663605][ T5712] loop4: p4 size 32768 extends beyond EOD, truncated [ 826.703362][ T5713] loop0: p3 size 2 extends beyond EOD, truncated [ 826.715998][ T5712] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 826.724993][ T5713] loop0: p4 size 32768 extends beyond EOD, truncated [ 826.746945][ T5713] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 826.752524][ T5712] loop4: p6 size 32768 extends beyond EOD, truncated [ 826.770410][ T5713] loop0: p6 size 32768 extends beyond EOD, truncated [ 826.778550][ T3766] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 827.058520][ T3766] usb 6-1: device descriptor read/64, error 18 12:58:14 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:14 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:14 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500024201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x16, 0x0}) 12:58:15 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 829.278856][ T5740] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 829.284284][ T5740] loop0: partition table partially beyond EOD, truncated [ 829.292123][ T5740] loop0: p1 start 1 is beyond EOD, truncated [ 829.298683][ T5740] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 829.322340][ T5740] loop0: p3 size 2 extends beyond EOD, truncated 12:58:15 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 829.631824][ T5750] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 829.637377][ T5750] loop4: partition table partially beyond EOD, truncated [ 829.688541][ T3766] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 829.689140][ T5740] loop0: p4 size 32768 extends beyond EOD, truncated [ 829.715183][ T5750] loop4: p1 start 1 is beyond EOD, truncated [ 829.733029][ T5740] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 829.742342][ T5750] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 829.757391][ T5740] loop0: p6 size 32768 extends beyond EOD, truncated [ 829.772685][ T5750] loop4: p3 size 2 extends beyond EOD, truncated [ 829.809451][ T5750] loop4: p4 size 32768 extends beyond EOD, truncated [ 829.841949][ T5750] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 829.869440][ T5750] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:15 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 829.958338][ T3766] usb 6-1: device descriptor read/64, error 18 [ 829.999504][ T5750] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 830.004724][ T5750] loop4: partition table partially beyond EOD, truncated [ 830.029020][ T5750] loop4: p1 start 1 is beyond EOD, truncated [ 830.036898][ T5750] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:58:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 830.047825][ T5750] loop4: p3 size 2 extends beyond EOD, truncated [ 830.055435][ T5750] loop4: p4 size 32768 extends beyond EOD, truncated [ 830.063900][ T5750] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 830.089553][ T5750] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:16 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:16 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500004801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 830.332874][ T5763] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 830.348669][ T5763] loop0: partition table partially beyond EOD, truncated [ 830.358423][ T3766] usb 6-1: device descriptor read/64, error 18 [ 830.365337][ T5763] loop0: p1 start 1 is beyond EOD, truncated [ 830.372498][ T5763] loop0: p2 size 1073741824 extends beyond EOD, truncated 12:58:16 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500034a01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 830.412473][ T5763] loop0: p3 size 2 extends beyond EOD, truncated [ 830.440816][ T5763] loop0: p4 size 32768 extends beyond EOD, truncated 12:58:16 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500004c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 830.484247][ T5763] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 830.504048][ T5763] loop0: p6 size 32768 extends beyond EOD, truncated [ 830.515276][ T154] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 830.526966][ T154] loop0: partition table partially beyond EOD, truncated [ 830.543549][ T154] loop0: p1 start 1 is beyond EOD, truncated [ 830.550175][ T154] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 830.579070][ T154] loop0: p3 size 2 extends beyond EOD, truncated 12:58:16 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500be4c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 830.594863][ T154] loop0: p4 size 32768 extends beyond EOD, truncated [ 830.628365][ T3766] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 830.637659][ T154] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 830.799729][ T154] loop0: p6 size 32768 extends beyond EOD, truncated [ 830.918256][ T3766] usb 6-1: device descriptor read/64, error 18 [ 831.338236][ T3766] usb 6-1: device descriptor read/64, error 18 [ 831.458305][ T3766] usb usb6-port1: attempt power cycle [ 832.168180][ T3766] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 832.298280][ T3766] usb 6-1: device descriptor read/8, error -71 [ 832.508195][ T3766] usb 6-1: device descriptor read/8, error -71 12:58:19 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) 12:58:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:19 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:58:19 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500006001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:19 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 833.418129][ T5795] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 833.424020][ T5795] loop0: partition table partially beyond EOD, truncated [ 833.447848][ T5795] loop0: p1 start 1 is beyond EOD, truncated [ 833.456263][ T5795] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 833.488660][ T5795] loop0: p3 size 2 extends beyond EOD, truncated [ 833.505038][ T5795] loop0: p4 size 32768 extends beyond EOD, truncated [ 833.738113][ T3766] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 833.958175][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 834.038078][ T3766] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 834.053633][ T3766] usb 6-1: can't read configurations, error -71 [ 834.073969][ T3766] usb usb6-port1: unable to enumerate USB device [ 834.082943][ T5795] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 834.098556][ T5795] loop0: p6 size 32768 extends beyond EOD, truncated [ 834.142489][ T5803] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 834.157151][ T5803] loop4: partition table partially beyond EOD, truncated [ 834.167441][ T5803] loop4: p1 start 1 is beyond EOD, truncated [ 834.175350][ T5803] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 834.186110][ T5803] loop4: p3 size 2 extends beyond EOD, truncated [ 834.194835][ T5803] loop4: p4 size 32768 extends beyond EOD, truncated [ 834.204847][ T5803] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 834.222294][ T5803] loop4: p6 size 32768 extends beyond EOD, truncated [ 834.738229][ T5803] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 834.744587][ T5803] loop4: partition table partially beyond EOD, truncated [ 834.753660][ T5803] loop4: p1 start 1 is beyond EOD, truncated [ 834.761170][ T5803] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 836.109640][ T5803] loop4: p3 size 2 extends beyond EOD, truncated [ 836.145012][ T5803] loop4: p4 size 32768 extends beyond EOD, truncated [ 836.167586][ T5803] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 836.187465][ T5803] loop4: p6 size 32768 extends beyond EOD, truncated [ 864.357777][ T339] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 864.369190][ T339] CPU: 1 PID: 339 Comm: syz-fuzzer Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 864.378813][ T339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 864.388840][ T339] Call Trace: [ 864.392120][ T339] dump_stack+0x14a/0x1ce [ 864.396429][ T339] ? devkmsg_release+0x11c/0x11c [ 864.401339][ T339] ? show_regs_print_info+0x12/0x12 [ 864.406527][ T339] ? radix_tree_cpu_dead+0x160/0x160 [ 864.411782][ T339] ? _raw_spin_lock+0xa1/0x170 [ 864.416521][ T339] ? _raw_spin_trylock_bh+0x190/0x190 [ 864.421865][ T339] dump_header+0xdb/0x700 [ 864.426165][ T339] oom_kill_process+0xd3/0x280 [ 864.432315][ T339] out_of_memory+0x5b6/0x890 [ 864.436908][ T339] ? unregister_oom_notifier+0x20/0x20 [ 864.442444][ T339] __alloc_pages_slowpath+0x16c2/0x1e50 [ 864.447975][ T339] ? get_page_from_freelist+0x7c0/0x7c0 [ 864.453491][ T339] __alloc_pages_nodemask+0x5cb/0x7c0 [ 864.458835][ T339] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 864.464349][ T339] pagecache_get_page+0x50f/0x880 [ 864.469352][ T339] filemap_fault+0x14cb/0x1a30 [ 864.474081][ T339] ? __down_read+0xf1/0x210 [ 864.478555][ T339] ? generic_file_read_iter+0x20b0/0x20b0 [ 864.484251][ T339] ext4_filemap_fault+0x7b/0x90 [ 864.489071][ T339] handle_mm_fault+0x29ca/0x41e0 [ 864.493980][ T339] ? finish_fault+0x230/0x230 [ 864.498640][ T339] ? __ia32_sys_sigaltstack+0x60/0x60 [ 864.503978][ T339] ? down_read_trylock+0x17a/0x1d0 [ 864.509055][ T339] ? vmacache_find+0x2d2/0x4b0 [ 864.513786][ T339] do_user_addr_fault+0x48a/0x9f0 [ 864.518778][ T339] page_fault+0x2f/0x40 [ 864.522900][ T339] RIP: 0033:0x410871 [ 864.526772][ T339] Code: Bad RIP value. [ 864.530806][ T339] RSP: 002b:000000c00066f738 EFLAGS: 00010206 [ 864.536849][ T339] RAX: 000000c0000e8ab0 RBX: 0000000000410939 RCX: 00000000008e74a0 [ 864.545049][ T339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 864.553000][ T339] RBP: 000000c00066f750 R08: 00007ffc99455001 R09: 00007ffc994550b8 [ 864.560938][ T339] R10: 0000000000027e78 R11: 000000000000035f R12: 000000c7cacadc41 [ 864.568892][ T339] R13: 0000000000000001 R14: 000000c7cacadc41 R15: 0000000000000200 [ 864.578039][ T339] Mem-Info: [ 864.581990][ T339] active_anon:1403883 inactive_anon:10882 isolated_anon:0 [ 864.581990][ T339] active_file:37 inactive_file:155 isolated_file:32 [ 864.581990][ T339] unevictable:0 dirty:0 writeback:0 unstable:0 [ 864.581990][ T339] slab_reclaimable:6721 slab_unreclaimable:81891 [ 864.581990][ T339] mapped:59889 shmem:10950 pagetables:42791 bounce:0 [ 864.581990][ T339] free:10907 free_pcp:342 free_cma:0 [ 864.623076][ T339] Node 0 active_anon:5615532kB inactive_anon:43528kB active_file:468kB inactive_file:436kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:239856kB dirty:0kB writeback:0kB shmem:43800kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 864.647722][ T339] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 864.673759][ T339] lowmem_reserve[]: 0 2912 6416 6416 [ 864.679147][ T339] DMA32 free:18288kB min:4644kB low:7624kB high:10604kB active_anon:2743200kB inactive_anon:12736kB active_file:104kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24320kB pagetables:55260kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 864.708346][ T339] lowmem_reserve[]: 0 0 3504 3504 [ 864.713524][ T339] Normal free:8856kB min:24744kB low:28332kB high:31920kB active_anon:2872332kB inactive_anon:30792kB active_file:264kB inactive_file:224kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25664kB pagetables:115904kB bounce:0kB free_pcp:68kB local_pcp:0kB free_cma:0kB [ 864.743263][ T339] lowmem_reserve[]: 0 0 0 0 [ 864.747875][ T339] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 864.761460][ T339] DMA32: 518*4kB (UM) 239*8kB (UME) 63*16kB (UME) 267*32kB (UME) 74*64kB (UM) 4*128kB (ME) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18784kB [ 864.776232][ T339] Normal: 160*4kB (UMH) 93*8kB (UMH) 50*16kB (UMH) 160*32kB (UMH) 26*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9096kB [ 864.790840][ T339] 11115 total pagecache pages [ 864.795606][ T339] 0 pages in swap cache [ 864.799926][ T339] Swap cache stats: add 0, delete 0, find 0/0 [ 864.806122][ T339] Free swap = 0kB [ 864.809886][ T339] Total swap = 0kB [ 864.813652][ T339] 1965979 pages RAM [ 864.817536][ T339] 0 pages HighMem/MovableOnly [ 864.822257][ T339] 318829 pages reserved [ 864.826884][ T339] 0 pages cma reserved [ 864.831466][ T339] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=22965,uid=0 [ 864.846029][ T339] Out of memory: Killed process 22965 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 864.867703][ T23] oom_reaper: reaped process 22965 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:58:50 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) 12:58:50 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bc6401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:51 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:58:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 865.456221][ T5823] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 865.461594][ T5823] loop0: partition table partially beyond EOD, truncated [ 865.471354][ T5823] loop0: p1 start 1 is beyond EOD, truncated [ 865.479796][ T5823] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 865.489799][ T5823] loop0: p3 size 2 extends beyond EOD, truncated [ 865.498681][ T5825] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 865.506320][ T5825] loop4: partition table partially beyond EOD, truncated [ 865.507584][ T5823] loop0: p4 size 32768 extends beyond EOD, truncated [ 865.514193][ T5825] loop4: p1 start 1 is beyond EOD, truncated [ 865.524834][ T5823] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 865.528816][ T5825] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 865.536519][ T5823] loop0: p6 size 32768 extends beyond EOD, truncated 12:58:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, 0x0, 0x0, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 865.561428][ T5825] loop4: p3 size 2 extends beyond EOD, truncated [ 865.587282][ T5825] loop4: p4 size 32768 extends beyond EOD, truncated 12:58:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:51 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) [ 865.614506][ T5825] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 865.636122][ T5825] loop4: p6 size 32768 extends beyond EOD, truncated [ 865.680071][ T3766] usb 6-1: new high-speed USB device number 48 using dummy_hcd 12:58:51 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500006801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 865.811101][ T5845] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 865.816346][ T5845] loop0: partition table partially beyond EOD, truncated [ 865.823528][ T5845] loop0: p1 start 1 is beyond EOD, truncated [ 865.831320][ T5845] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 865.918483][ T5845] loop0: p3 size 2 extends beyond EOD, truncated [ 865.928679][ T5845] loop0: p4 size 32768 extends beyond EOD, truncated [ 865.943584][ T5845] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 865.952624][ T5845] loop0: p6 size 32768 extends beyond EOD, truncated [ 865.960464][ T5854] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 865.966216][ T5854] loop4: partition table partially beyond EOD, truncated [ 865.976564][ T154] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 865.982334][ T154] loop0: partition table partially beyond EOD, truncated [ 865.990197][ T5854] loop4: p1 start 1 is beyond EOD, truncated [ 865.996984][ T154] loop0: p1 start 1 is beyond EOD, truncated [ 866.003604][ T5854] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 866.011513][ T154] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 866.020689][ T5854] loop4: p3 size 2 extends beyond EOD, truncated [ 866.029154][ T154] loop0: p3 size 2 extends beyond EOD, truncated [ 866.076043][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 866.089312][ T154] loop0: p4 size 32768 extends beyond EOD, truncated [ 866.103539][ T154] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 866.118888][ T154] loop0: p6 size 32768 extends beyond EOD, truncated 12:58:52 executing program 0: syz_read_part_table(0x0, 0x0, 0x0) [ 866.155888][ T3766] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 866.164462][ T3766] usb 6-1: can't read configurations, error -71 [ 866.308209][ T5854] loop4: p4 size 32768 extends beyond EOD, truncated [ 866.326560][ T5854] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 866.345037][ T5854] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 12:58:52 executing program 0: syz_read_part_table(0x0, 0x0, 0x0) [ 866.736421][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 866.741918][ T154] loop4: partition table partially beyond EOD, truncated [ 866.752119][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 866.761397][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 866.787901][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 866.797876][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 866.817487][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 866.826164][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 869.634955][ T154] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 869.646305][ T154] CPU: 0 PID: 154 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 869.656816][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 869.666954][ T154] Call Trace: [ 869.670245][ T154] dump_stack+0x14a/0x1ce [ 869.674660][ T154] ? devkmsg_release+0x11c/0x11c [ 869.679626][ T154] ? show_regs_print_info+0x12/0x12 [ 869.684823][ T154] ? radix_tree_cpu_dead+0x160/0x160 [ 869.690102][ T154] ? _raw_spin_lock+0xa1/0x170 [ 869.694871][ T154] ? _raw_spin_trylock_bh+0x190/0x190 [ 869.700243][ T154] dump_header+0xdb/0x700 [ 869.704570][ T154] oom_kill_process+0xd3/0x280 [ 869.709330][ T154] out_of_memory+0x5b6/0x890 [ 869.713916][ T154] ? unregister_oom_notifier+0x20/0x20 [ 869.719367][ T154] __alloc_pages_slowpath+0x16c2/0x1e50 [ 869.724989][ T154] ? get_page_from_freelist+0x7c0/0x7c0 [ 869.730531][ T154] __alloc_pages_nodemask+0x5cb/0x7c0 [ 869.735893][ T154] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 869.741435][ T154] pagecache_get_page+0x50f/0x880 [ 869.746453][ T154] filemap_fault+0x14cb/0x1a30 [ 869.751212][ T154] ? __down_read+0xf1/0x210 [ 869.755733][ T154] ? generic_file_read_iter+0x20b0/0x20b0 [ 869.761440][ T154] ? mm_trace_rss_stat+0x41/0x1a0 [ 869.766456][ T154] ext4_filemap_fault+0x7b/0x90 [ 869.771298][ T154] handle_mm_fault+0x29ca/0x41e0 [ 869.776229][ T154] ? _copy_to_user+0x8e/0xb0 [ 869.781076][ T154] ? finish_fault+0x230/0x230 [ 869.785891][ T154] ? down_read_trylock+0x17a/0x1d0 [ 869.791001][ T154] ? vmacache_find+0x205/0x4b0 [ 869.795762][ T154] do_user_addr_fault+0x48a/0x9f0 [ 869.800780][ T154] page_fault+0x2f/0x40 [ 869.804930][ T154] RIP: 0033:0x7f106c9d5510 [ 869.809348][ T154] Code: Bad RIP value. [ 869.813403][ T154] RSP: 002b:00007ffc17d866a8 EFLAGS: 00010246 [ 869.819458][ T154] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 869.827424][ T154] RDX: 00005629cabe7bd0 RSI: 0000000000000000 RDI: 0000000000000000 [ 869.835419][ T154] RBP: 00007ffc17d86720 R08: 0000000000000000 R09: 00005629ca536cb0 [ 869.843416][ T154] R10: 000000000000000f R11: 00005629c851d9a0 R12: 00005629ca96a2c0 [ 869.851379][ T154] R13: 00005629ca96a2c0 R14: 00005629ca524e70 R15: 00005629ca96a2c0 [ 869.888325][ T154] Mem-Info: [ 869.891486][ T154] active_anon:1406015 inactive_anon:10890 isolated_anon:0 [ 869.891486][ T154] active_file:121 inactive_file:151 isolated_file:32 [ 869.891486][ T154] unevictable:0 dirty:3 writeback:0 unstable:0 [ 869.891486][ T154] slab_reclaimable:6761 slab_unreclaimable:78454 [ 869.891486][ T154] mapped:60105 shmem:10955 pagetables:42927 bounce:0 [ 869.891486][ T154] free:11492 free_pcp:549 free_cma:0 [ 869.929513][ T154] Node 0 active_anon:5624116kB inactive_anon:43560kB active_file:516kB inactive_file:424kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:240348kB dirty:12kB writeback:0kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 869.953840][ T154] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 869.979801][ T154] lowmem_reserve[]: 0 2912 6416 6416 [ 869.985226][ T154] DMA32 free:18164kB min:4644kB low:7624kB high:10604kB active_anon:2748300kB inactive_anon:12764kB active_file:408kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24672kB pagetables:55684kB bounce:0kB free_pcp:596kB local_pcp:16kB free_cma:0kB [ 870.026230][ T154] lowmem_reserve[]: 0 0 3504 3504 [ 870.031525][ T154] Normal free:11612kB min:5592kB low:9180kB high:12768kB active_anon:2875816kB inactive_anon:30796kB active_file:108kB inactive_file:436kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25728kB pagetables:116028kB bounce:0kB free_pcp:1648kB local_pcp:184kB free_cma:0kB [ 870.061692][ T154] lowmem_reserve[]: 0 0 0 0 [ 870.066568][ T154] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 870.079900][ T154] DMA32: 1*4kB (E) 10*8kB (UE) 8*16kB (UME) 363*32kB (UME) 81*64kB (UM) 3*128kB (ME) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18164kB [ 870.094342][ T154] Normal: 0*4kB 0*8kB 1*16kB (M) 304*32kB (UE) 28*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11536kB [ 870.106965][ T154] 11174 total pagecache pages [ 870.111629][ T154] 0 pages in swap cache [ 870.115926][ T154] Swap cache stats: add 0, delete 0, find 0/0 [ 870.121976][ T154] Free swap = 0kB [ 870.126662][ T154] Total swap = 0kB [ 870.130375][ T154] 1965979 pages RAM [ 870.134173][ T154] 0 pages HighMem/MovableOnly [ 870.138868][ T154] 318829 pages reserved [ 870.143009][ T154] 0 pages cma reserved [ 870.147093][ T154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=22378,uid=0 [ 870.161275][ T154] Out of memory: Killed process 22378 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 870.178794][ T23] oom_reaper: reaped process 22378 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:58:56 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:58:56 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500006c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:56 executing program 0: syz_read_part_table(0x0, 0x0, 0x0) 12:58:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 870.629390][ T5894] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 870.637932][ T5894] loop4: partition table partially beyond EOD, truncated [ 870.650596][ T5894] loop4: p1 start 1 is beyond EOD, truncated [ 870.656961][ T5894] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 870.664638][ T5894] loop4: p3 size 2 extends beyond EOD, truncated [ 870.672072][ T5894] loop4: p4 size 32768 extends beyond EOD, truncated 12:58:56 executing program 0: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) [ 870.680399][ T5894] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 870.689155][ T5894] loop4: p6 size 32768 extends beyond EOD, truncated [ 870.855515][ T3766] usb 6-1: new high-speed USB device number 50 using dummy_hcd [ 870.946677][ T5894] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 870.952023][ T5894] loop4: partition table partially beyond EOD, truncated [ 870.973321][ T5894] loop4: p1 start 1 is beyond EOD, truncated [ 870.988766][ T5894] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:58:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:56 executing program 0: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) [ 871.026732][ T5894] loop4: p3 size 2 extends beyond EOD, truncated [ 871.036362][ T5894] loop4: p4 size 32768 extends beyond EOD, truncated [ 871.049169][ T5894] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 871.061402][ T5894] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:57 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500027201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:58:57 executing program 3: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) [ 871.131484][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 871.140515][ T154] loop4: partition table partially beyond EOD, truncated [ 871.150117][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 871.161414][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:58:57 executing program 0: syz_read_part_table(0x0, 0x0, &(0x7f0000000080)) [ 871.176504][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 871.184199][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 871.193385][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 871.203512][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 871.225517][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 871.285690][ T3766] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 871.294109][ T3766] usb 6-1: can't read configurations, error -71 [ 871.486160][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 871.491464][ T154] loop4: partition table partially beyond EOD, truncated [ 871.498604][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 871.504572][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 871.512734][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 871.519690][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 871.527108][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 871.534718][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 871.544121][ T5931] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 871.549581][ T5931] loop4: partition table partially beyond EOD, truncated [ 871.557637][ T5931] loop4: p1 start 1 is beyond EOD, truncated [ 871.563893][ T5931] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 871.572332][ T5931] loop4: p3 size 2 extends beyond EOD, truncated [ 871.579708][ T5931] loop4: p4 size 32768 extends beyond EOD, truncated [ 871.587605][ T5931] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 871.595272][ T5931] loop4: p6 size 32768 extends beyond EOD, truncated [ 871.604345][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 871.609687][ T154] loop4: partition table partially beyond EOD, truncated [ 871.617317][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 871.623284][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 871.631277][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 871.638495][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 871.646144][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 871.653690][ T154] loop4: p6 size 32768 extends beyond EOD, truncated 12:58:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 12:58:59 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) 12:58:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:58:59 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:58:59 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500037201000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 874.181275][ T5958] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 874.196708][ T5958] CPU: 1 PID: 5958 Comm: syz-executor.1 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 874.206891][ T5958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.216948][ T5958] Call Trace: [ 874.220334][ T5958] dump_stack+0x14a/0x1ce [ 874.224656][ T5958] ? devkmsg_release+0x11c/0x11c [ 874.229720][ T5958] ? show_regs_print_info+0x12/0x12 [ 874.234910][ T5958] ? radix_tree_cpu_dead+0x160/0x160 [ 874.240187][ T5958] ? _raw_spin_lock+0xa1/0x170 [ 874.244943][ T5958] ? _raw_spin_trylock_bh+0x190/0x190 [ 874.250309][ T5958] dump_header+0xdb/0x700 [ 874.254638][ T5958] oom_kill_process+0xd3/0x280 [ 874.259403][ T5958] out_of_memory+0x5b6/0x890 [ 874.263997][ T5958] ? unregister_oom_notifier+0x20/0x20 [ 874.269451][ T5958] __alloc_pages_slowpath+0x16c2/0x1e50 [ 874.274993][ T5958] ? get_page_from_freelist+0x7c0/0x7c0 [ 874.280625][ T5958] __alloc_pages_nodemask+0x5cb/0x7c0 [ 874.285993][ T5958] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 874.291638][ T5958] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 874.297817][ T5958] ? __perf_event_task_sched_in+0x4f7/0x560 [ 874.304145][ T5958] wp_page_copy+0x1cb/0x1120 [ 874.308738][ T5958] ? perf_pmu_sched_task+0x370/0x370 [ 874.314015][ T5958] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 874.319212][ T5958] ? add_mm_rss_vec+0x270/0x270 [ 874.324057][ T5958] ? _raw_spin_unlock_irq+0x5/0x20 [ 874.329264][ T5958] ? finish_task_switch+0x235/0x4c0 [ 874.334557][ T5958] ? vm_normal_page+0x1c9/0x1d0 [ 874.339931][ T5958] do_wp_page+0x4c1/0x1530 [ 874.344348][ T5958] ? _raw_spin_lock+0xa1/0x170 [ 874.349112][ T5958] ? do_swap_page+0x1560/0x1560 [ 874.353958][ T5958] ? ttwu_do_wakeup+0x154/0x5b0 [ 874.358813][ T5958] handle_mm_fault+0xfa5/0x41e0 [ 874.363668][ T5958] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 874.369386][ T5958] ? finish_fault+0x230/0x230 [ 874.374058][ T5958] ? update_curr+0x584/0x740 [ 874.378634][ T5958] ? down_read_trylock+0x17a/0x1d0 [ 874.383727][ T5958] ? _raw_spin_unlock_irq+0x5/0x20 [ 874.389252][ T5958] ? vmacache_find+0x47a/0x4b0 [ 874.394014][ T5958] do_user_addr_fault+0x48a/0x9f0 [ 874.399024][ T5958] page_fault+0x2f/0x40 [ 874.403154][ T5958] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 874.409715][ T5958] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 874.429569][ T5958] RSP: 0018:ffff8880adc17888 EFLAGS: 00010206 [ 874.435607][ T5958] RAX: ffffffff81f86901 RBX: 0000000020203500 RCX: 0000000000000500 [ 874.443572][ T5958] RDX: 0000000000001000 RSI: ffff8881c8572b00 RDI: 0000000020203000 [ 874.451535][ T5958] RBP: ffff8880adc17da8 R08: dffffc0000000000 R09: ffffed10390ae600 [ 874.459478][ T5958] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 874.467422][ T5958] R13: 0000000000001000 R14: ffff8881c8572000 R15: 0000000020202500 [ 874.475378][ T5958] ? copyout+0x51/0xb0 [ 874.479519][ T5958] copyout+0x8e/0xb0 [ 874.484171][ T5958] copy_page_to_iter+0x393/0xbd0 [ 874.489168][ T5958] pipe_to_user+0xa3/0x130 [ 874.493556][ T5958] __splice_from_pipe+0x2d3/0x870 [ 874.498554][ T5958] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 874.504084][ T5958] do_vmsplice+0x252/0xee0 [ 874.508475][ T5958] ? futex_exit_release+0xc0/0xc0 [ 874.513656][ T5958] ? avc_ss_reset+0x3a0/0x3a0 [ 874.518307][ T5958] ? write_pipe_buf+0x1d0/0x1d0 [ 874.523332][ T5958] ? __rcu_read_lock+0x50/0x50 [ 874.528066][ T5958] ? check_stack_object+0x5a/0x90 [ 874.533160][ T5958] ? _copy_from_user+0xa4/0xe0 [ 874.537912][ T5958] ? rw_copy_check_uvector+0x2b3/0x310 [ 874.543346][ T5958] ? import_iovec+0x1c2/0x380 [ 874.547995][ T5958] ? dup_iter+0x110/0x110 [ 874.552316][ T5958] ? do_vfs_ioctl+0x780/0x1750 [ 874.557052][ T5958] __se_sys_vmsplice+0x1fb/0x300 [ 874.561975][ T5958] ? __x64_sys_vmsplice+0xa0/0xa0 [ 874.566988][ T5958] ? put_timespec64+0x109/0x150 [ 874.571813][ T5958] ? __x64_sys_clock_gettime+0x20d/0x260 [ 874.577432][ T5958] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 874.583134][ T5958] ? __fdget+0x187/0x200 [ 874.587351][ T5958] do_syscall_64+0xcb/0x150 [ 874.591913][ T5958] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 874.597865][ T5958] RIP: 0033:0x45d239 [ 874.601733][ T5958] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 874.621327][ T5958] RSP: 002b:00007fe4de147c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 874.629712][ T5958] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 874.637660][ T5958] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 874.645620][ T5958] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 874.654094][ T5958] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 874.662036][ T5958] R13: 00007ffea068e98f R14: 00007fe4de1489c0 R15: 000000000118d08c [ 874.885264][ T5958] Mem-Info: [ 874.888754][ T5958] active_anon:1404538 inactive_anon:10888 isolated_anon:0 [ 874.888754][ T5958] active_file:145 inactive_file:122 isolated_file:32 [ 874.888754][ T5958] unevictable:0 dirty:0 writeback:0 unstable:0 [ 874.888754][ T5958] slab_reclaimable:6636 slab_unreclaimable:79325 [ 874.888754][ T5958] mapped:60189 shmem:10952 pagetables:43039 bounce:0 [ 874.888754][ T5958] free:11855 free_pcp:345 free_cma:0 [ 874.933988][ T5958] Node 0 active_anon:5618152kB inactive_anon:43552kB active_file:292kB inactive_file:788kB unevictable:0kB isolated(anon):0kB isolated(file):252kB mapped:240656kB dirty:0kB writeback:0kB shmem:43808kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 874.959261][ T5958] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 874.986389][ T5958] lowmem_reserve[]: 0 2912 6416 6416 [ 874.992764][ T5958] DMA32 free:22548kB min:4644kB low:7624kB high:10604kB active_anon:2742068kB inactive_anon:12756kB active_file:80kB inactive_file:736kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24608kB pagetables:55776kB bounce:0kB free_pcp:1448kB local_pcp:236kB free_cma:0kB [ 875.023205][ T5958] lowmem_reserve[]: 0 0 3504 3504 [ 875.029355][ T5958] Normal free:9312kB min:5592kB low:9180kB high:12768kB active_anon:2876128kB inactive_anon:30792kB active_file:60kB inactive_file:260kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26144kB pagetables:116572kB bounce:0kB free_pcp:404kB local_pcp:252kB free_cma:0kB [ 875.067316][ T5958] lowmem_reserve[]: 0 0 0 0 [ 875.072562][ T5958] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 875.088955][ T5958] DMA32: 835*4kB (UM) 487*8kB (UME) 891*16kB (UME) 27*32kB (UME) 3*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22548kB [ 875.104164][ T5958] Normal: 485*4kB (UE) 219*8kB (UE) 282*16kB (U) 19*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8812kB [ 875.123005][ T5958] 11221 total pagecache pages [ 875.128990][ T5958] 0 pages in swap cache [ 875.134317][ T5958] Swap cache stats: add 0, delete 0, find 0/0 [ 875.142824][ T5958] Free swap = 0kB [ 875.147608][ T5958] Total swap = 0kB [ 875.153827][ T5958] 1965979 pages RAM [ 875.159500][ T5958] 0 pages HighMem/MovableOnly [ 875.165318][ T5958] 318829 pages reserved [ 875.170906][ T5958] 0 pages cma reserved [ 875.176016][ T5958] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=22332,uid=0 [ 875.191564][ T5958] Out of memory: Killed process 22332 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:01 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:01 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) 12:59:01 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x1c0}]) [ 875.544667][ T5952] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 875.565219][ T5952] loop4: partition table partially beyond EOD, truncated [ 875.605228][ T5952] loop4: p1 start 1 is beyond EOD, truncated 12:59:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 875.611266][ T5952] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 875.649645][ T5952] loop4: p3 size 2 extends beyond EOD, truncated [ 875.743179][ T5952] loop4: p4 size 32768 extends beyond EOD, truncated [ 875.753862][ T5952] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 875.776146][ T5952] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:02 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500007401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:02 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000000), 0x0, 0x1c0}]) 12:59:02 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:02 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 876.885746][ T6003] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 876.895670][ T6003] loop4: partition table partially beyond EOD, truncated [ 876.912550][ T6003] loop4: p1 start 1 is beyond EOD, truncated [ 876.928667][ T6003] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 876.939831][ T6003] loop4: p3 size 2 extends beyond EOD, truncated [ 876.948653][ T6003] loop4: p4 size 32768 extends beyond EOD, truncated [ 876.958721][ T6003] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 876.969718][ T6003] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:03 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:03 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:03 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000000), 0x0, 0x1c0}]) 12:59:03 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500007a01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:03 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:03 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, 0x0) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 878.276484][ T6034] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 878.287171][ T6034] loop4: partition table partially beyond EOD, truncated [ 878.296971][ T6034] loop4: p1 start 1 is beyond EOD, truncated [ 878.303668][ T6034] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 878.314425][ T6034] loop4: p3 size 2 extends beyond EOD, truncated [ 878.323681][ T6034] loop4: p4 size 32768 extends beyond EOD, truncated [ 878.335361][ T6034] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 878.346413][ T6034] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:04 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{}]) 12:59:04 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:04 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500007c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:04 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 879.305904][ T6064] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 879.317471][ T6064] loop4: partition table partially beyond EOD, truncated [ 879.325856][ T6064] loop4: p1 start 1 is beyond EOD, truncated [ 879.351376][ T6064] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 879.586823][ T6064] loop4: p3 size 2 extends beyond EOD, truncated [ 880.088846][ T6064] loop4: p4 size 32768 extends beyond EOD, truncated [ 880.096886][ T6064] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 880.105333][ T6064] loop4: p6 size 32768 extends beyond EOD, truncated [ 880.225333][T19612] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 880.236586][T19612] CPU: 0 PID: 19612 Comm: syz-fuzzer Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 880.246392][T19612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.256426][T19612] Call Trace: [ 880.259698][T19612] dump_stack+0x14a/0x1ce [ 880.264014][T19612] ? devkmsg_release+0x11c/0x11c [ 880.270051][T19612] ? show_regs_print_info+0x12/0x12 [ 880.275221][T19612] ? radix_tree_cpu_dead+0x160/0x160 [ 880.280499][T19612] ? _raw_spin_lock+0xa1/0x170 [ 880.285234][T19612] ? _raw_spin_trylock_bh+0x190/0x190 [ 880.290578][T19612] dump_header+0xdb/0x700 [ 880.294990][T19612] oom_kill_process+0xd3/0x280 [ 880.299825][T19612] out_of_memory+0x5b6/0x890 [ 880.304385][T19612] ? unregister_oom_notifier+0x20/0x20 [ 880.309815][T19612] __alloc_pages_slowpath+0x16c2/0x1e50 [ 880.315346][T19612] ? get_page_from_freelist+0x7c0/0x7c0 [ 880.320863][T19612] __alloc_pages_nodemask+0x5cb/0x7c0 [ 880.326217][T19612] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 880.331748][T19612] pagecache_get_page+0x50f/0x880 [ 880.336760][T19612] filemap_fault+0x14cb/0x1a30 [ 880.341513][T19612] ? __down_read+0xf1/0x210 [ 880.345996][T19612] ? generic_file_read_iter+0x20b0/0x20b0 [ 880.351706][T19612] ? mm_trace_rss_stat+0x41/0x1a0 [ 880.356743][T19612] ext4_filemap_fault+0x7b/0x90 [ 880.361574][T19612] handle_mm_fault+0x29ca/0x41e0 [ 880.366488][T19612] ? finish_fault+0x230/0x230 [ 880.371152][T19612] ? __ia32_sys_sigaltstack+0x60/0x60 [ 880.376758][T19612] ? down_read_trylock+0x17a/0x1d0 [ 880.382137][T19612] ? fput_many+0x42/0x1a0 [ 880.386459][T19612] ? vmacache_find+0x47a/0x4b0 [ 880.391196][T19612] do_user_addr_fault+0x48a/0x9f0 [ 880.396198][T19612] page_fault+0x2f/0x40 [ 880.400326][T19612] RIP: 0033:0x7a5250 [ 880.404202][T19612] Code: Bad RIP value. [ 880.408260][T19612] RSP: 002b:000000c000265290 EFLAGS: 00010246 [ 880.414294][T19612] RAX: 000000c004cd8d00 RBX: 000000c009543e10 RCX: 0000000000b1c020 [ 880.422236][T19612] RDX: 000000c000265498 RSI: 00000000007a5250 RDI: 000000c000265420 [ 880.430180][T19612] RBP: 000000c000265428 R08: 00007fddb0306c69 R09: 0000000000203001 [ 880.438154][T19612] R10: 0000000000000002 R11: 0000000000000011 R12: 00000000000000f1 [ 880.446099][T19612] R13: 0000000000000000 R14: 0000000000ad85ba R15: 0000000000000000 [ 880.455042][T19612] Mem-Info: [ 880.458212][T19612] active_anon:1405812 inactive_anon:10891 isolated_anon:0 [ 880.458212][T19612] active_file:155 inactive_file:169 isolated_file:32 [ 880.458212][T19612] unevictable:0 dirty:0 writeback:0 unstable:0 [ 880.458212][T19612] slab_reclaimable:6663 slab_unreclaimable:78549 [ 880.458212][T19612] mapped:60271 shmem:10960 pagetables:43199 bounce:0 [ 880.458212][T19612] free:11606 free_pcp:29 free_cma:0 [ 880.496710][T19612] Node 0 active_anon:5623248kB inactive_anon:43564kB active_file:620kB inactive_file:504kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:240884kB dirty:0kB writeback:0kB shmem:43840kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 880.520870][T19612] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 880.546846][T19612] lowmem_reserve[]: 0 2912 6416 6416 [ 880.552154][T19612] DMA32 free:19168kB min:4644kB low:7624kB high:10604kB active_anon:2745620kB inactive_anon:12780kB active_file:508kB inactive_file:808kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24960kB pagetables:56524kB bounce:0kB free_pcp:268kB local_pcp:0kB free_cma:0kB [ 880.581474][T19612] lowmem_reserve[]: 0 0 3504 3504 [ 880.586536][T19612] Normal free:11352kB min:5592kB low:9180kB high:12768kB active_anon:2877132kB inactive_anon:30784kB active_file:236kB inactive_file:108kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25728kB pagetables:116272kB bounce:0kB free_pcp:212kB local_pcp:0kB free_cma:0kB [ 880.616438][T19612] lowmem_reserve[]: 0 0 0 0 [ 880.621105][T19612] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 880.634571][T19612] DMA32: 244*4kB (UM) 228*8kB (UME) 835*16kB (UME) 88*32kB (UME) 11*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19680kB [ 880.649171][T19612] Normal: 346*4kB (U) 226*8kB (UE) 258*16kB (U) 99*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10488kB [ 880.663395][T19612] 11159 total pagecache pages [ 880.668518][T19612] 0 pages in swap cache [ 880.672993][T19612] Swap cache stats: add 0, delete 0, find 0/0 [ 880.683361][T19612] Free swap = 0kB [ 880.687115][T19612] Total swap = 0kB [ 880.690821][T19612] 1965979 pages RAM [ 880.694612][T19612] 0 pages HighMem/MovableOnly [ 880.712089][T19612] 318829 pages reserved [ 880.716274][T19612] 0 pages cma reserved [ 880.720326][T19612] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=22214,uid=0 [ 880.734433][T19612] Out of memory: Killed process 22214 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:06 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{}]) 12:59:06 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:06 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:59:06 executing program 0: syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{}]) 12:59:06 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 881.095553][ T6064] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 881.101010][ T6064] loop4: partition table partially beyond EOD, truncated [ 881.108626][ T6064] loop4: p1 start 1 is beyond EOD, truncated [ 881.114690][ T6064] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 881.122810][ T6064] loop4: p3 size 2 extends beyond EOD, truncated [ 881.129954][ T6064] loop4: p4 size 32768 extends beyond EOD, truncated 12:59:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:59:07 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:07 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500048001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:07 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:59:07 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:07 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 881.155162][ T6064] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 881.168396][ T6064] loop4: p6 size 32768 extends beyond EOD, truncated [ 881.174788][ T3766] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 881.345207][ T6115] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 881.358037][ T6115] loop4: partition table partially beyond EOD, truncated [ 881.378014][ T6115] loop4: p1 start 1 is beyond EOD, truncated [ 881.384528][ T6115] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 881.393662][ T6115] loop4: p3 size 2 extends beyond EOD, truncated [ 881.477108][ T139] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 881.504433][ T139] CPU: 1 PID: 139 Comm: systemd-journal Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 881.507511][ T4631] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 881.514512][ T139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.514516][ T139] Call Trace: [ 881.514533][ T139] dump_stack+0x14a/0x1ce [ 881.514541][ T139] ? devkmsg_release+0x11c/0x11c [ 881.514548][ T139] ? show_regs_print_info+0x12/0x12 [ 881.514560][ T139] ? radix_tree_cpu_dead+0x160/0x160 [ 881.555269][ T139] ? _raw_spin_lock+0xa1/0x170 [ 881.560026][ T139] ? _raw_spin_trylock_bh+0x190/0x190 [ 881.564793][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 881.565386][ T139] dump_header+0xdb/0x700 [ 881.565394][ T139] oom_kill_process+0xd3/0x280 [ 881.565407][ T139] out_of_memory+0x5b6/0x890 [ 881.586640][ T139] ? unregister_oom_notifier+0x20/0x20 [ 881.592097][ T139] __alloc_pages_slowpath+0x16c2/0x1e50 [ 881.597638][ T139] ? get_page_from_freelist+0x7c0/0x7c0 [ 881.603178][ T139] ? __zone_watermark_ok+0x91/0x280 [ 881.608369][ T139] __alloc_pages_nodemask+0x5cb/0x7c0 [ 881.613824][ T139] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 881.619450][ T139] ? __secure_computing+0x250/0x250 [ 881.624644][ T139] alloc_slab_page+0x3a/0x3a0 [ 881.629323][ T139] new_slab+0x408/0x450 [ 881.633473][ T139] ___slab_alloc+0x2e0/0x450 [ 881.634935][ T3766] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 881.638053][ T139] ? slab_free_freelist_hook+0xd0/0x150 [ 881.638063][ T139] ? getname_flags+0xb8/0x610 [ 881.638068][ T139] ? getname_flags+0xb8/0x610 [ 881.638082][ T139] kmem_cache_alloc+0x23f/0x260 [ 881.665310][ T139] ? __secure_computing+0x1b6/0x250 [ 881.670525][ T139] getname_flags+0xb8/0x610 [ 881.675022][ T139] do_mkdirat+0xa1/0x310 [ 881.679256][ T139] ? do_syscall_64+0x150/0x150 [ 881.683166][ T3766] usb 6-1: can't read configurations, error -71 [ 881.684004][ T139] ? vfs_mkdir+0x30/0x30 [ 881.684011][ T139] do_syscall_64+0xcb/0x150 [ 881.684025][ T139] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 881.704871][ T139] RIP: 0033:0x7f1664483687 [ 881.709274][ T139] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 881.728866][ T139] RSP: 002b:00007fff31017578 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 881.737267][ T139] RAX: ffffffffffffffda RBX: 00007fff3101a5e0 RCX: 00007f1664483687 [ 881.745227][ T139] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 0000556289b828c0 [ 881.753192][ T139] RBP: 00007fff310175b0 R08: 0000556288b803e5 R09: 0000000000000018 [ 881.761156][ T139] R10: 0000000000000060 R11: 0000000000000293 R12: 0000000000000000 [ 881.769425][ T139] R13: 0000000000000001 R14: 0000556289b828c0 R15: 00007fff31017bf0 [ 881.842083][ T139] Mem-Info: [ 881.846406][ T139] active_anon:1403697 inactive_anon:10891 isolated_anon:0 [ 881.846406][ T139] active_file:621 inactive_file:626 isolated_file:78 [ 881.846406][ T139] unevictable:0 dirty:53 writeback:0 unstable:0 [ 881.846406][ T139] slab_reclaimable:6676 slab_unreclaimable:78117 [ 881.846406][ T139] mapped:61206 shmem:10960 pagetables:43246 bounce:0 [ 881.846406][ T139] free:12814 free_pcp:54 free_cma:0 [ 881.940389][ T139] Node 0 active_anon:5614856kB inactive_anon:43568kB active_file:2180kB inactive_file:2096kB unevictable:0kB isolated(anon):0kB isolated(file):236kB mapped:244100kB dirty:176kB writeback:4kB shmem:43844kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 881.989087][ T139] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 882.015466][ T139] lowmem_reserve[]: 0 2912 6416 6416 [ 882.020931][ T139] DMA32 free:25164kB min:20548kB low:23528kB high:26508kB active_anon:2737448kB inactive_anon:12784kB active_file:2020kB inactive_file:1836kB unevictable:0kB writepending:152kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25120kB pagetables:56528kB bounce:0kB free_pcp:1344kB local_pcp:640kB free_cma:0kB [ 882.051260][ T139] lowmem_reserve[]: 0 0 3504 3504 [ 882.056818][ T139] Normal free:10384kB min:24744kB low:28332kB high:31920kB active_anon:2877336kB inactive_anon:30784kB active_file:652kB inactive_file:344kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25760kB pagetables:116364kB bounce:0kB free_pcp:368kB local_pcp:152kB free_cma:0kB [ 882.094733][ T139] lowmem_reserve[]: 0 0 0 0 [ 882.099703][ T139] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 882.132084][ T139] DMA32: 631*4kB (UMEH) 426*8kB (UMEH) 894*16kB (UME) 171*32kB (UMEH) 12*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 26604kB [ 882.175904][ T139] Normal: 478*4kB (UME) 234*8kB (UME) 252*16kB (UM) 103*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11112kB [ 882.190429][ T139] 11571 total pagecache pages [ 882.195832][ T139] 0 pages in swap cache [ 882.200515][ T139] Swap cache stats: add 0, delete 0, find 0/0 [ 882.207387][ T139] Free swap = 0kB [ 882.211587][ T139] Total swap = 0kB [ 882.215869][ T139] 1965979 pages RAM [ 882.220115][ T139] 0 pages HighMem/MovableOnly [ 882.232698][ T139] 318829 pages reserved [ 882.238074][ T139] 0 pages cma reserved [ 882.247961][ T139] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=22184,uid=0 [ 882.302712][ T139] Out of memory: Killed process 22184 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 882.461163][ T6115] loop4: p4 size 32768 extends beyond EOD, truncated [ 882.477271][ T6115] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 882.486597][ T6115] loop4: p6 size 32768 extends beyond EOD, truncated [ 882.498444][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 882.503947][ T154] loop4: partition table partially beyond EOD, truncated [ 882.511516][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 882.517904][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 882.545866][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 882.553014][ T154] loop4: p4 size 32768 extends beyond EOD, truncated 12:59:08 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:59:08 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 882.561135][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 882.574286][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 882.705217][ T6115] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 882.714751][ T4631] usb 1-1: unable to get BOS descriptor or descriptor too short [ 882.715976][ T6115] loop4: partition table partially beyond EOD, truncated [ 882.731360][ T6115] loop4: p1 start 1 is beyond EOD, truncated [ 882.738446][ T6115] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 882.747530][ T6115] loop4: p3 size 2 extends beyond EOD, truncated 12:59:08 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 882.780251][ T6115] loop4: p4 size 32768 extends beyond EOD, truncated [ 882.787119][ T4631] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 882.799292][ T4631] usb 1-1: can't read configurations, error -71 12:59:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:08 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bd8801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 882.821832][ T6115] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 882.841090][ T6115] loop4: p6 size 32768 extends beyond EOD, truncated [ 882.901192][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 882.906823][ T154] loop4: partition table partially beyond EOD, truncated [ 882.913926][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 882.935024][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 882.943253][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 882.952426][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 882.961396][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 882.971564][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 883.064656][ T3766] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 883.080492][ T6154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 883.086473][ T6154] loop4: partition table partially beyond EOD, truncated 12:59:09 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500003f01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) 12:59:09 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500007c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 883.114891][ T6154] loop4: p1 start 1 is beyond EOD, truncated [ 883.135423][ T6154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 883.166596][ T6154] loop4: p3 size 2 extends beyond EOD, truncated [ 883.201135][ T6154] loop4: p4 size 32768 extends beyond EOD, truncated [ 883.239277][ T6154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 883.278550][ T6152] syz-executor.1 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 883.329129][ T6152] CPU: 0 PID: 6152 Comm: syz-executor.1 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 883.339211][ T6152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 883.349397][ T6152] Call Trace: [ 883.352681][ T6152] dump_stack+0x14a/0x1ce [ 883.356986][ T6152] ? devkmsg_release+0x11c/0x11c [ 883.362091][ T6152] ? show_regs_print_info+0x12/0x12 [ 883.367299][ T6152] ? radix_tree_cpu_dead+0x160/0x160 [ 883.372719][ T6152] ? _raw_spin_lock+0xa1/0x170 [ 883.377459][ T6152] ? _raw_spin_trylock_bh+0x190/0x190 [ 883.382805][ T6152] dump_header+0xdb/0x700 [ 883.387107][ T6152] oom_kill_process+0xd3/0x280 [ 883.391843][ T6152] out_of_memory+0x5b6/0x890 [ 883.396613][ T6152] ? unregister_oom_notifier+0x20/0x20 [ 883.402049][ T6152] __alloc_pages_slowpath+0x16c2/0x1e50 [ 883.407574][ T6152] ? get_page_from_freelist+0x7c0/0x7c0 [ 883.413094][ T6152] ? flush_tlb_func_common+0x45/0x580 [ 883.418445][ T6152] __alloc_pages_nodemask+0x5cb/0x7c0 [ 883.423789][ T6152] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 883.429480][ T6152] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 883.435168][ T6152] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 883.441201][ T6152] ? __perf_event_task_sched_in+0x4f7/0x560 [ 883.447063][ T6152] wp_page_copy+0x1cb/0x1120 [ 883.451624][ T6152] ? perf_pmu_sched_task+0x370/0x370 [ 883.456878][ T6152] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 883.462061][ T6152] ? add_mm_rss_vec+0x270/0x270 [ 883.466883][ T6152] ? _raw_spin_unlock_irq+0x5/0x20 [ 883.471971][ T6152] ? finish_task_switch+0x235/0x4c0 [ 883.477149][ T6152] ? vm_normal_page+0x1c9/0x1d0 [ 883.481966][ T6152] do_wp_page+0x4c1/0x1530 [ 883.486360][ T6152] ? _raw_spin_lock+0xa1/0x170 [ 883.491092][ T6152] ? do_swap_page+0x1560/0x1560 [ 883.495910][ T6152] ? ttwu_do_wakeup+0x154/0x5b0 [ 883.500733][ T6152] handle_mm_fault+0xfa5/0x41e0 [ 883.505565][ T6152] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 883.511426][ T6152] ? finish_fault+0x230/0x230 [ 883.516510][ T6152] ? update_curr+0x584/0x740 [ 883.521095][ T6152] ? down_read_trylock+0x17a/0x1d0 [ 883.526175][ T6152] ? _raw_spin_unlock_irq+0x5/0x20 [ 883.531254][ T6152] ? vmacache_find+0x3a2/0x4b0 [ 883.535988][ T6152] do_user_addr_fault+0x48a/0x9f0 [ 883.541016][ T6152] page_fault+0x2f/0x40 [ 883.545144][ T6152] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 883.551700][ T6152] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 883.571274][ T6152] RSP: 0018:ffff888195047888 EFLAGS: 00010206 [ 883.577408][ T6152] RAX: ffffffff81f86901 RBX: 0000000020590500 RCX: 0000000000000500 [ 883.585359][ T6152] RDX: 0000000000001000 RSI: ffff8880bb3b6b00 RDI: 0000000020590000 [ 883.593304][ T6152] RBP: ffff888195047da8 R08: dffffc0000000000 R09: ffffed1017676e00 [ 883.601247][ T6152] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 883.611273][ T6152] R13: 0000000000001000 R14: ffff8880bb3b6000 R15: 000000002058f500 [ 883.619224][ T6152] ? copyout+0x51/0xb0 [ 883.623272][ T6152] copyout+0x8e/0xb0 [ 883.627224][ T6152] copy_page_to_iter+0x393/0xbd0 [ 883.632133][ T6152] pipe_to_user+0xa3/0x130 [ 883.636519][ T6152] __splice_from_pipe+0x2d3/0x870 [ 883.641608][ T6152] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 883.647120][ T6152] do_vmsplice+0x252/0xee0 [ 883.651628][ T6152] ? futex_exit_release+0xc0/0xc0 [ 883.656622][ T6152] ? is_mmconf_reserved+0x420/0x420 [ 883.661799][ T6152] ? write_pipe_buf+0x1d0/0x1d0 [ 883.666624][ T6152] ? __rcu_read_lock+0x50/0x50 [ 883.671356][ T6152] ? preempt_schedule+0x110/0x130 [ 883.676351][ T6152] ? check_stack_object+0x5a/0x90 [ 883.681343][ T6152] ? _copy_from_user+0xa4/0xe0 [ 883.686090][ T6152] ? rw_copy_check_uvector+0x2b3/0x310 [ 883.691518][ T6152] ? import_iovec+0x1c2/0x380 [ 883.696174][ T6152] ? dup_iter+0x110/0x110 [ 883.700615][ T6152] ? do_vfs_ioctl+0x780/0x1750 [ 883.705349][ T6152] __se_sys_vmsplice+0x1fb/0x300 [ 883.710255][ T6152] ? __x64_sys_vmsplice+0xa0/0xa0 [ 883.715250][ T6152] ? put_timespec64+0x109/0x150 [ 883.720072][ T6152] ? __x64_sys_clock_gettime+0x20d/0x260 [ 883.725672][ T6152] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 883.731356][ T6152] ? __fdget+0x187/0x200 [ 883.735583][ T6152] do_syscall_64+0xcb/0x150 [ 883.740057][ T6152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 883.746092][ T6152] RIP: 0033:0x45d239 [ 883.749966][ T6152] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 883.769542][ T6152] RSP: 002b:00007fe4de147c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 883.778008][ T6152] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 883.785962][ T6152] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 883.793903][ T6152] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 883.801852][ T6152] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 883.809911][ T6152] R13: 00007ffea068e98f R14: 00007fe4de1489c0 R15: 000000000118d08c [ 883.885639][ T6152] Mem-Info: [ 883.889000][ T6152] active_anon:1403921 inactive_anon:10889 isolated_anon:0 [ 883.889000][ T6152] active_file:598 inactive_file:578 isolated_file:41 [ 883.889000][ T6152] unevictable:0 dirty:43 writeback:0 unstable:0 [ 883.889000][ T6152] slab_reclaimable:6698 slab_unreclaimable:78429 [ 883.889000][ T6152] mapped:61112 shmem:10956 pagetables:43299 bounce:0 [ 883.889000][ T6152] free:12465 free_pcp:0 free_cma:0 [ 883.961862][ T6152] Node 0 active_anon:5615740kB inactive_anon:43564kB active_file:1536kB inactive_file:1580kB unevictable:0kB isolated(anon):0kB isolated(file):276kB mapped:243276kB dirty:96kB writeback:24kB shmem:43832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 884.029327][ T6152] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 884.055688][ T6152] lowmem_reserve[]: 0 2912 6416 6416 [ 884.061361][ T6152] DMA32 free:27024kB min:20548kB low:23528kB high:26508kB active_anon:2738148kB inactive_anon:12792kB active_file:1472kB inactive_file:1680kB unevictable:0kB writepending:76kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24736kB pagetables:56800kB bounce:0kB free_pcp:364kB local_pcp:152kB free_cma:0kB [ 884.101945][ T6152] lowmem_reserve[]: 0 0 3504 3504 [ 884.109059][ T6152] Normal free:9076kB min:24744kB low:28332kB high:31920kB active_anon:2877560kB inactive_anon:30780kB active_file:72kB inactive_file:32kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26048kB pagetables:116408kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 884.152424][ T6152] lowmem_reserve[]: 0 0 0 0 [ 884.176593][ T6152] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 884.197877][ T6152] DMA32: 1149*4kB (UMH) 400*8kB (UMEH) 816*16kB (UME) 206*32kB (UMEH) 16*64kB (UME) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28724kB [ 884.233186][ T6152] Normal: 411*4kB (UME) 211*8kB (UME) 175*16kB (U) 93*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9108kB [ 884.274557][ T6152] 11234 total pagecache pages [ 884.280177][ T6152] 0 pages in swap cache [ 884.284336][ T6152] Swap cache stats: add 0, delete 0, find 0/0 [ 884.300538][ T6152] Free swap = 0kB [ 884.304276][ T6152] Total swap = 0kB [ 884.315664][ T6152] 1965979 pages RAM [ 884.319484][ T6152] 0 pages HighMem/MovableOnly [ 884.331318][ T6152] 318829 pages reserved [ 884.335532][ T6152] 0 pages cma reserved [ 884.339581][ T6152] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=21656,uid=0 [ 884.353741][ T6152] Out of memory: Killed process 21656 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:10 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:59:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 884.526128][ T6154] loop4: p6 size 32768 extends beyond EOD, truncated [ 884.584576][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 884.654580][ T3766] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 884.665709][ T3766] usb 6-1: can't read configurations, error -71 [ 884.708112][ T3766] usb usb6-port1: attempt power cycle [ 884.749688][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 884.765895][ T154] loop4: partition table partially beyond EOD, truncated [ 884.773138][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 884.775146][ T6166] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 884.785226][ T6166] loop3: partition table partially beyond EOD, truncated [ 884.795144][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 884.804782][ T6166] loop3: p1 start 1 is beyond EOD, truncated [ 884.811607][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 884.819028][ T6166] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 884.826283][ T6164] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 884.831515][ T6164] loop0: partition table partially beyond EOD, truncated [ 884.840094][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 884.847980][ T6164] loop0: p1 start 1 is beyond EOD, truncated [ 884.855889][ T6166] loop3: p3 size 2 extends beyond EOD, truncated [ 884.863396][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 884.871160][ T6164] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 884.872188][ T6166] loop3: p4 size 32768 extends beyond EOD, truncated [ 884.886148][ T6164] loop0: p3 size 2 extends beyond EOD, truncated [ 884.886708][ T154] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:10 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500018c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 884.899326][ T6164] loop0: p4 size 32768 extends beyond EOD, truncated [ 884.906704][ T6166] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 884.915055][ T6164] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 884.926774][ T6166] loop3: p6 size 32768 extends beyond EOD, truncated [ 884.935114][ T6164] loop0: p6 size 32768 extends beyond EOD, truncated 12:59:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0) 12:59:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:11 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500be4c01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:11 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500004001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 885.221188][ T6183] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 885.226684][ T6183] loop4: partition table partially beyond EOD, truncated [ 885.240689][ T6183] loop4: p1 start 1 is beyond EOD, truncated [ 885.246737][ T6183] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 885.254431][ T6183] loop4: p3 size 2 extends beyond EOD, truncated [ 885.261713][ T6183] loop4: p4 size 32768 extends beyond EOD, truncated [ 885.265159][ T6189] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 885.275382][ T6183] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 885.275708][ T6189] loop0: partition table partially beyond EOD, truncated [ 885.284339][ T6183] loop4: p6 size 32768 extends beyond EOD, truncated [ 885.291433][ T6189] loop0: p1 start 1 is beyond EOD, truncated [ 885.304006][ T6189] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 885.311999][ T6189] loop0: p3 size 2 extends beyond EOD, truncated 12:59:11 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500009001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 885.319320][ T6189] loop0: p4 size 32768 extends beyond EOD, truncated [ 885.326969][ T6189] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 885.335061][ T6189] loop0: p6 size 32768 extends beyond EOD, truncated [ 885.345334][ T6192] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 885.351161][ T6192] loop3: partition table partially beyond EOD, truncated [ 885.364282][ T154] loop0: p1 < > p2 p3 < p5 p6 > p4 12:59:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 885.367129][ T6192] loop3: p1 start 1 is beyond EOD, truncated [ 885.370402][ T154] loop0: partition table partially beyond EOD, truncated [ 885.386417][ T6192] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 885.387867][ T154] loop0: p1 start 1 is beyond EOD, truncated [ 885.413876][ T6192] loop3: p3 size 2 extends beyond EOD, truncated [ 885.429460][ T154] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 885.435323][ T6192] loop3: p4 size 32768 extends beyond EOD, truncated [ 885.446112][ T154] loop0: p3 size 2 extends beyond EOD, truncated [ 885.446639][ T6192] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 885.460092][ T154] loop0: p4 size 32768 extends beyond EOD, truncated [ 885.466250][ T6192] loop3: p6 size 32768 extends beyond EOD, truncated 12:59:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 885.474859][ T154] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 885.483022][ T154] loop0: p6 size 32768 extends beyond EOD, truncated [ 885.514896][ T6201] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 885.527010][ T6201] loop4: partition table partially beyond EOD, truncated [ 885.537953][ T6201] loop4: p1 start 1 is beyond EOD, truncated [ 885.544988][ T6201] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 885.553772][ T6201] loop4: p3 size 2 extends beyond EOD, truncated [ 885.561792][ T6201] loop4: p4 size 32768 extends beyond EOD, truncated [ 885.569890][ T6201] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:11 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:11 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 885.577950][ T6201] loop4: p6 size 32768 extends beyond EOD, truncated [ 885.705267][ T6201] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 885.710678][ T6201] loop4: partition table partially beyond EOD, truncated [ 885.714516][ T3766] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 885.720055][ T6201] loop4: p1 start 1 is beyond EOD, truncated [ 885.732152][ T6201] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 885.740743][ T6201] loop4: p3 size 2 extends beyond EOD, truncated [ 885.748410][ T6201] loop4: p4 size 32768 extends beyond EOD, truncated [ 885.760274][ T6201] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 885.768906][ T6201] loop4: p6 size 32768 extends beyond EOD, truncated [ 885.833825][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 885.840146][ T154] loop4: partition table partially beyond EOD, truncated [ 885.868623][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 885.900690][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 885.928292][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 885.944769][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 886.016673][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 886.034617][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 886.044875][ T3766] usb 6-1: unable to get BOS descriptor or descriptor too short [ 886.114538][ T3766] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 886.122141][ T3766] usb 6-1: can't read configurations, error -71 [ 886.306532][ T6214] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 886.367105][ T6214] CPU: 0 PID: 6214 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 886.377444][ T6214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 886.387477][ T6214] Call Trace: [ 886.390750][ T6214] dump_stack+0x14a/0x1ce [ 886.395077][ T6214] ? devkmsg_release+0x11c/0x11c [ 886.399987][ T6214] ? show_regs_print_info+0x12/0x12 [ 886.405171][ T6214] ? radix_tree_cpu_dead+0x160/0x160 [ 886.410425][ T6214] ? _raw_spin_lock+0xa1/0x170 [ 886.415255][ T6214] ? _raw_spin_trylock_bh+0x190/0x190 [ 886.420596][ T6214] dump_header+0xdb/0x700 [ 886.424897][ T6214] oom_kill_process+0xd3/0x280 [ 886.429644][ T6214] out_of_memory+0x5b6/0x890 [ 886.434204][ T6214] ? unregister_oom_notifier+0x20/0x20 [ 886.439725][ T6214] __alloc_pages_slowpath+0x16c2/0x1e50 [ 886.445244][ T6214] ? get_page_from_freelist+0x7c0/0x7c0 [ 886.450772][ T6214] ? __zone_watermark_ok+0x91/0x280 [ 886.455951][ T6214] __alloc_pages_nodemask+0x5cb/0x7c0 [ 886.461294][ T6214] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 886.466826][ T6214] ? copy_process+0x5a4/0x5110 [ 886.471647][ T6214] ? copy_process+0x5a4/0x5110 [ 886.476382][ T6214] ? kmem_cache_alloc+0x1d5/0x260 [ 886.481379][ T6214] copy_process+0x5f3/0x5110 [ 886.485941][ T6214] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 886.491630][ T6214] ? _raw_spin_lock+0xa1/0x170 [ 886.496365][ T6214] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 886.502143][ T6214] ? __lru_cache_add+0x1a1/0x1f0 [ 886.507049][ T6214] ? fork_idle+0x290/0x290 [ 886.511436][ T6214] _do_fork+0x196/0x920 [ 886.515578][ T6214] ? finish_fault+0x230/0x230 [ 886.520238][ T6214] ? up_write+0xa1/0x190 [ 886.524450][ T6214] ? dup_mm+0x300/0x300 [ 886.528576][ T6214] __x64_sys_clone+0x25e/0x2c0 [ 886.533314][ T6214] ? __ia32_sys_vfork+0x110/0x110 [ 886.538309][ T6214] ? do_user_addr_fault+0x55c/0x9f0 [ 886.543482][ T6214] do_syscall_64+0xcb/0x150 [ 886.547979][ T6214] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 886.553969][ T6214] RIP: 0033:0x45fc09 [ 886.558709][ T6214] Code: ff 48 85 f6 0f 84 87 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 5e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 886.578290][ T6214] RSP: 002b:00007ffc3e8a7da8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 886.586683][ T6214] RAX: ffffffffffffffda RBX: 00007f85e42f9700 RCX: 000000000045fc09 [ 886.594631][ T6214] RDX: 00007f85e42f99d0 RSI: 00007f85e42f8db0 RDI: 00000000003d0f00 [ 886.602592][ T6214] RBP: 00007ffc3e8a7fd0 R08: 00007f85e42f9700 R09: 00007f85e42f9700 [ 886.610534][ T6214] R10: 00007f85e42f99d0 R11: 0000000000000202 R12: 0000000000000000 [ 886.618475][ T6214] R13: 00007ffc3e8a7e5f R14: 00007f85e42f99c0 R15: 000000000118d1cc [ 886.663578][ T6214] Mem-Info: [ 886.676941][ T6214] active_anon:1404707 inactive_anon:10889 isolated_anon:0 [ 886.676941][ T6214] active_file:267 inactive_file:252 isolated_file:63 [ 886.676941][ T6214] unevictable:0 dirty:32 writeback:25 unstable:0 [ 886.676941][ T6214] slab_reclaimable:6727 slab_unreclaimable:77834 [ 886.676941][ T6214] mapped:60462 shmem:10956 pagetables:43354 bounce:0 [ 886.676941][ T6214] free:12773 free_pcp:28 free_cma:0 [ 886.743424][ T6214] Node 0 active_anon:5618828kB inactive_anon:43556kB active_file:844kB inactive_file:908kB unevictable:0kB isolated(anon):0kB isolated(file):252kB mapped:241248kB dirty:128kB writeback:100kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 886.775549][ T6214] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 886.821602][ T6214] lowmem_reserve[]: 0 2912 6416 6416 [ 886.827123][ T6214] DMA32 free:22872kB min:8740kB low:11720kB high:14700kB active_anon:2741060kB inactive_anon:12776kB active_file:1260kB inactive_file:3552kB unevictable:0kB writepending:404kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24704kB pagetables:56576kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 886.859322][ T6214] lowmem_reserve[]: 0 0 3504 3504 [ 886.869302][ T6214] Normal free:10168kB min:24744kB low:28332kB high:31920kB active_anon:2877600kB inactive_anon:30780kB active_file:140kB inactive_file:84kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26176kB pagetables:116840kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 886.918817][ T6214] lowmem_reserve[]: 0 0 0 0 [ 886.926763][ T6214] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 886.941987][ T6214] DMA32: 216*4kB (UMEH) 184*8kB (UMEH) 728*16kB (UME) 149*32kB (UMEH) 71*64kB (UME) 2*128kB (M) 1*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 24320kB [ 886.958652][ T6214] Normal: 131*4kB (U) 174*8kB (U) 117*16kB (U) 163*32kB (U) 18*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10156kB [ 886.975286][ T6214] 11365 total pagecache pages [ 886.980910][ T6214] 0 pages in swap cache [ 886.986048][ T6214] Swap cache stats: add 0, delete 0, find 0/0 [ 886.992868][ T6214] Free swap = 0kB [ 886.997101][ T6214] Total swap = 0kB [ 887.001277][ T6214] 1965979 pages RAM [ 887.005549][ T6214] 0 pages HighMem/MovableOnly [ 887.010704][ T6214] 318829 pages reserved [ 887.015635][ T6214] 0 pages cma reserved [ 887.054441][ T6214] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=21526,uid=0 [ 887.071797][ T6214] Out of memory: Killed process 21526 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:13 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bcb001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:13 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:13 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:13 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:13 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 887.928497][ T6233] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 887.941584][ T6233] loop4: partition table partially beyond EOD, truncated 12:59:13 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 887.974698][ T6233] loop4: p1 start 1 is beyond EOD, truncated [ 887.980699][ T6233] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 888.001776][ T6233] loop4: p3 size 2 extends beyond EOD, truncated [ 888.009799][ T6233] loop4: p4 size 32768 extends beyond EOD, truncated [ 888.017921][ T6233] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 888.384746][ T6233] loop4: p6 size 32768 extends beyond EOD, truncated [ 888.525420][ T6233] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 888.530786][ T6233] loop4: partition table partially beyond EOD, truncated [ 888.583600][ T6233] loop4: p1 start 1 is beyond EOD, truncated [ 888.596449][ T6233] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:59:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 888.624433][ T6233] loop4: p3 size 2 extends beyond EOD, truncated [ 888.644391][ T6233] loop4: p4 size 32768 extends beyond EOD, truncated [ 888.653406][ T6233] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 888.703641][ T6233] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:14 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r3, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:14 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003b801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 889.921065][ T6270] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 889.943089][ T6270] CPU: 0 PID: 6270 Comm: syz-executor.3 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 889.953186][ T6270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 889.963215][ T6270] Call Trace: [ 889.966480][ T6270] dump_stack+0x14a/0x1ce [ 889.970781][ T6270] ? devkmsg_release+0x11c/0x11c [ 889.975776][ T6270] ? show_regs_print_info+0x12/0x12 [ 889.980946][ T6270] ? radix_tree_cpu_dead+0x160/0x160 [ 889.986199][ T6270] ? _raw_spin_lock+0xa1/0x170 [ 889.990945][ T6270] ? _raw_spin_trylock_bh+0x190/0x190 [ 889.996309][ T6270] dump_header+0xdb/0x700 [ 890.000736][ T6270] oom_kill_process+0xd3/0x280 [ 890.005471][ T6270] out_of_memory+0x5b6/0x890 [ 890.010058][ T6270] ? unregister_oom_notifier+0x20/0x20 [ 890.015491][ T6270] __alloc_pages_slowpath+0x16c2/0x1e50 [ 890.021018][ T6270] ? get_page_from_freelist+0x7c0/0x7c0 [ 890.026538][ T6270] ? __zone_watermark_ok+0x91/0x280 [ 890.031706][ T6270] __alloc_pages_nodemask+0x5cb/0x7c0 [ 890.037050][ T6270] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 890.042570][ T6270] ? copy_process+0x5a4/0x5110 [ 890.047302][ T6270] ? kmem_cache_alloc+0x1d5/0x260 [ 890.052300][ T6270] copy_process+0x5f3/0x5110 [ 890.056864][ T6270] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 890.062559][ T6270] ? _raw_spin_lock+0xa1/0x170 [ 890.067309][ T6270] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 890.073085][ T6270] ? __lru_cache_add+0x1a1/0x1f0 [ 890.077992][ T6270] ? fork_idle+0x290/0x290 [ 890.082380][ T6270] _do_fork+0x196/0x920 [ 890.086515][ T6270] ? finish_fault+0x230/0x230 [ 890.091165][ T6270] ? up_write+0xa1/0x190 [ 890.096677][ T6270] ? dup_mm+0x300/0x300 [ 890.100802][ T6270] __x64_sys_clone+0x25e/0x2c0 [ 890.105545][ T6270] ? __ia32_sys_vfork+0x110/0x110 [ 890.110551][ T6270] ? do_user_addr_fault+0x55c/0x9f0 [ 890.115723][ T6270] do_syscall_64+0xcb/0x150 [ 890.120215][ T6270] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 890.126074][ T6270] RIP: 0033:0x45fc09 [ 890.129950][ T6270] Code: Bad RIP value. [ 890.133987][ T6270] RSP: 002b:00007ffc3e8a7da8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 890.142367][ T6270] RAX: ffffffffffffffda RBX: 00007f85e433b700 RCX: 000000000045fc09 [ 890.150319][ T6270] RDX: 00007f85e433b9d0 RSI: 00007f85e433adb0 RDI: 00000000003d0f00 [ 890.158271][ T6270] RBP: 00007ffc3e8a7fd0 R08: 00007f85e433b700 R09: 00007f85e433b700 [ 890.166223][ T6270] R10: 00007f85e433b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 890.174200][ T6270] R13: 00007ffc3e8a7e5f R14: 00007f85e433b9c0 R15: 000000000118d08c [ 890.199903][ T6270] Mem-Info: [ 890.206682][ T6270] active_anon:1404351 inactive_anon:10891 isolated_anon:0 [ 890.206682][ T6270] active_file:394 inactive_file:392 isolated_file:81 [ 890.206682][ T6270] unevictable:0 dirty:17 writeback:0 unstable:0 [ 890.206682][ T6270] slab_reclaimable:6729 slab_unreclaimable:77663 [ 890.206682][ T6270] mapped:60724 shmem:10958 pagetables:43407 bounce:0 [ 890.206682][ T6270] free:12719 free_pcp:291 free_cma:0 [ 890.274187][ T6270] Node 0 active_anon:5617440kB inactive_anon:43564kB active_file:1944kB inactive_file:2032kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:243360kB dirty:36kB writeback:32kB shmem:43832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 890.299424][ T6270] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 890.334892][ T6270] lowmem_reserve[]: 0 2912 6416 6416 [ 890.341259][ T6270] DMA32 free:19340kB min:4644kB low:7624kB high:10604kB active_anon:2737768kB inactive_anon:12784kB active_file:1052kB inactive_file:1540kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24864kB pagetables:57116kB bounce:0kB free_pcp:588kB local_pcp:272kB free_cma:0kB [ 890.371958][ T6270] lowmem_reserve[]: 0 0 3504 3504 [ 890.377613][ T6270] Normal free:15708kB min:5592kB low:9180kB high:12768kB active_anon:2879760kB inactive_anon:30780kB active_file:792kB inactive_file:668kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26176kB pagetables:116612kB bounce:0kB free_pcp:684kB local_pcp:152kB free_cma:0kB 12:59:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 890.496746][ T6270] lowmem_reserve[]: 0 0 0 0 [ 890.503735][ T6270] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 890.518541][ T6270] DMA32: 73*4kB (UMEH) 100*8kB (UMEH) 690*16kB (UME) 47*32kB (UMEH) 26*64kB (ME) 43*128kB (M) 6*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22340kB [ 890.583765][ T6270] Normal: 108*4kB (UME) 206*8kB (UM) 125*16kB (UM) 306*32kB (U) 18*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 15024kB [ 890.636613][ T6270] 13309 total pagecache pages [ 890.652875][ T6270] 0 pages in swap cache [ 890.668219][ T6270] Swap cache stats: add 0, delete 0, find 0/0 [ 890.686224][ T6270] Free swap = 0kB [ 890.694362][ T6270] Total swap = 0kB [ 890.701350][ T6270] 1965979 pages RAM [ 890.709502][ T6270] 0 pages HighMem/MovableOnly [ 890.719609][ T6270] 318829 pages reserved [ 890.728110][ T6270] 0 pages cma reserved [ 890.736534][ T6270] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=21468,uid=0 [ 890.779815][ T6270] Out of memory: Killed process 21468 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:16 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:18 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:59:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:18 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:18 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bcb001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:18 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050064bc01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:18 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:59:19 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:59:19 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 893.285766][ T6329] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 893.292263][ T6329] loop3: partition table partially beyond EOD, truncated [ 893.311633][ T6329] loop3: p1 start 1 is beyond EOD, truncated [ 893.321369][ T6329] loop3: p2 size 1073741824 extends beyond EOD, truncated 12:59:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 893.339889][ T6329] loop3: p3 size 2 extends beyond EOD, truncated [ 893.362242][ T6329] loop3: p4 size 32768 extends beyond EOD, truncated [ 893.379831][ T6329] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 893.415888][ T6329] loop3: p6 size 32768 extends beyond EOD, truncated [ 893.825078][ T6343] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 893.831245][ T6343] loop4: partition table partially beyond EOD, truncated [ 893.847781][ T6343] loop4: p1 start 1 is beyond EOD, truncated [ 893.862249][ T6343] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 893.906041][ T6343] loop4: p3 size 2 extends beyond EOD, truncated [ 893.934001][ T6343] loop4: p4 size 32768 extends beyond EOD, truncated [ 893.957895][ T6343] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 894.260268][ T6343] loop4: p6 size 32768 extends beyond EOD, truncated [ 895.123604][ T364] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 895.150472][ T364] CPU: 0 PID: 364 Comm: syz-executor.4 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 895.160465][ T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 895.170507][ T364] Call Trace: [ 895.173777][ T364] dump_stack+0x14a/0x1ce [ 895.178088][ T364] ? devkmsg_release+0x11c/0x11c [ 895.182992][ T364] ? show_regs_print_info+0x12/0x12 [ 895.188158][ T364] ? radix_tree_cpu_dead+0x160/0x160 [ 895.193669][ T364] ? _raw_spin_lock+0xa1/0x170 [ 895.198415][ T364] ? _raw_spin_trylock_bh+0x190/0x190 [ 895.203948][ T364] dump_header+0xdb/0x700 [ 895.208251][ T364] oom_kill_process+0xd3/0x280 [ 895.212984][ T364] out_of_memory+0x5b6/0x890 [ 895.217545][ T364] ? unregister_oom_notifier+0x20/0x20 [ 895.222974][ T364] __alloc_pages_slowpath+0x16c2/0x1e50 [ 895.228493][ T364] ? get_page_from_freelist+0x7c0/0x7c0 [ 895.234010][ T364] ? __zone_watermark_ok+0x91/0x280 [ 895.239180][ T364] __alloc_pages_nodemask+0x5cb/0x7c0 [ 895.244533][ T364] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 895.250078][ T364] ? copy_process+0x5a4/0x5110 [ 895.254821][ T364] ? copy_process+0x5a4/0x5110 [ 895.259556][ T364] ? kmem_cache_alloc+0x1d5/0x260 [ 895.264549][ T364] copy_process+0x5f3/0x5110 [ 895.269113][ T364] ? _raw_spin_unlock+0x5/0x20 [ 895.273861][ T364] ? do_swap_page+0x1560/0x1560 [ 895.278704][ T364] ? fork_idle+0x290/0x290 [ 895.283089][ T364] _do_fork+0x196/0x920 [ 895.287229][ T364] ? finish_fault+0x230/0x230 [ 895.291892][ T364] ? dup_mm+0x300/0x300 [ 895.296035][ T364] ? ktime_get_raw+0x130/0x130 [ 895.300777][ T364] __x64_sys_clone+0x25e/0x2c0 [ 895.305516][ T364] ? __ia32_sys_vfork+0x110/0x110 [ 895.310514][ T364] ? __x64_sys_clock_gettime+0x20d/0x260 [ 895.316130][ T364] ? do_user_addr_fault+0x55c/0x9f0 [ 895.321298][ T364] do_syscall_64+0xcb/0x150 [ 895.325772][ T364] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 895.331647][ T364] RIP: 0033:0x45b80a [ 895.335512][ T364] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 895.355084][ T364] RSP: 002b:00007ffe1c1b8b40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 895.363473][ T364] RAX: ffffffffffffffda RBX: 00007ffe1c1b8b40 RCX: 000000000045b80a [ 895.371428][ T364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 895.379520][ T364] RBP: 00007ffe1c1b8b80 R08: 0000000000000001 R09: 0000000003144940 [ 895.387640][ T364] R10: 0000000003144c10 R11: 0000000000000246 R12: 0000000000000001 [ 895.395595][ T364] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe1c1b8bd0 [ 895.433819][ T364] Mem-Info: [ 895.437166][ T364] active_anon:1404998 inactive_anon:10885 isolated_anon:0 [ 895.437166][ T364] active_file:122 inactive_file:116 isolated_file:20 [ 895.437166][ T364] unevictable:0 dirty:11 writeback:0 unstable:0 [ 895.437166][ T364] slab_reclaimable:6731 slab_unreclaimable:77923 [ 895.437166][ T364] mapped:60224 shmem:10954 pagetables:43410 bounce:0 [ 895.437166][ T364] free:12508 free_pcp:275 free_cma:0 [ 895.475651][ T364] Node 0 active_anon:5619992kB inactive_anon:43540kB active_file:384kB inactive_file:360kB unevictable:0kB isolated(anon):0kB isolated(file):80kB mapped:240796kB dirty:44kB writeback:0kB shmem:43816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 895.501349][ T364] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 895.527748][ T364] lowmem_reserve[]: 0 2912 6416 6416 [ 895.533411][ T364] DMA32 free:18600kB min:4644kB low:7624kB high:10604kB active_anon:2738632kB inactive_anon:12760kB active_file:460kB inactive_file:220kB unevictable:0kB writepending:40kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24800kB pagetables:57052kB bounce:0kB free_pcp:1580kB local_pcp:724kB free_cma:0kB [ 895.564293][ T364] lowmem_reserve[]: 0 0 3504 3504 [ 895.570071][ T364] Normal free:14984kB min:5592kB low:9180kB high:12768kB active_anon:2881360kB inactive_anon:30780kB active_file:28kB inactive_file:4kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26144kB pagetables:116588kB bounce:0kB free_pcp:540kB local_pcp:400kB free_cma:0kB [ 895.600241][ T364] lowmem_reserve[]: 0 0 0 0 [ 895.605349][ T364] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 895.619075][ T364] DMA32: 10*4kB (UEH) 14*8kB (MEH) 599*16kB (UME) 59*32kB (UMEH) 23*64kB (UME) 31*128kB (UM) 6*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18600kB [ 895.634724][ T364] Normal: 97*4kB (UE) 169*8kB (UH) 99*16kB (UH) 304*32kB (U) 18*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14204kB [ 895.648957][ T364] 11159 total pagecache pages [ 895.654008][ T364] 0 pages in swap cache [ 895.658448][ T364] Swap cache stats: add 0, delete 0, find 0/0 [ 895.664790][ T364] Free swap = 0kB [ 895.668772][ T364] Total swap = 0kB [ 895.672741][ T364] 1965979 pages RAM [ 895.676804][ T364] 0 pages HighMem/MovableOnly [ 895.681773][ T364] 318829 pages reserved [ 895.704236][ T364] 0 pages cma reserved [ 895.712116][ T364] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=21351,uid=0 12:59:20 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bcb001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:20 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500b0bc01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 895.752425][ T364] Out of memory: Killed process 21351 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 895.930084][ T6357] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 895.936352][ T6357] loop4: partition table partially beyond EOD, truncated [ 895.968520][ T6357] loop4: p1 start 1 is beyond EOD, truncated [ 895.995329][ T6357] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 896.033531][ T6357] loop4: p3 size 2 extends beyond EOD, truncated 12:59:21 executing program 5: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003b801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 896.074322][ T6365] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 896.087021][ T6365] loop3: partition table partially beyond EOD, truncated [ 896.100735][ T6357] loop4: p4 size 32768 extends beyond EOD, truncated 12:59:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 896.142992][ T6357] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 896.168479][ T6365] loop3: p1 start 1 is beyond EOD, truncated [ 896.178416][ T6357] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 896.204372][ T6365] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 896.238213][ T6365] loop3: p3 size 2 extends beyond EOD, truncated 12:59:22 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 896.266897][ T6365] loop3: p4 size 32768 extends beyond EOD, truncated [ 896.278428][ T6365] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 896.304016][ T6365] loop3: p6 size 32768 extends beyond EOD, truncated [ 896.334075][ T6357] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 896.339442][ T6357] loop4: partition table partially beyond EOD, truncated [ 896.352334][ T6357] loop4: p1 start 1 is beyond EOD, truncated [ 896.358812][ T6357] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:59:22 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003b801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:22 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 896.424287][ T6357] loop4: p3 size 2 extends beyond EOD, truncated [ 896.439626][ T6357] loop4: p4 size 32768 extends beyond EOD, truncated [ 896.453251][ T6357] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 896.465824][ T6357] loop4: p6 size 32768 extends beyond EOD, truncated [ 896.494486][ T6379] loop5: p1 < > p2 p3 < p5 p6 > p4 [ 896.509152][ T6379] loop5: partition table partially beyond EOD, truncated [ 896.536744][ T6379] loop5: p1 start 1 is beyond EOD, truncated [ 896.560371][ T6379] loop5: p2 size 1073741824 extends beyond EOD, truncated 12:59:22 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500f8bc01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 896.589953][ T6379] loop5: p3 size 2 extends beyond EOD, truncated [ 896.607479][ T6379] loop5: p4 size 32768 extends beyond EOD, truncated [ 896.630537][ T6379] loop5: p5 size 1073741824 extends beyond EOD, truncated [ 896.643501][ T362] syz-executor.2 invoked oom-killer: gfp_mask=0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=0 [ 896.667994][ T6379] loop5: p6 size 32768 extends beyond EOD, truncated [ 896.682636][ T362] CPU: 0 PID: 362 Comm: syz-executor.2 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 896.692624][ T362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 896.702758][ T362] Call Trace: [ 896.706047][ T362] dump_stack+0x14a/0x1ce [ 896.710367][ T362] ? devkmsg_release+0x11c/0x11c [ 896.715293][ T362] ? show_regs_print_info+0x12/0x12 [ 896.720487][ T362] ? radix_tree_cpu_dead+0x160/0x160 [ 896.725778][ T362] ? _raw_spin_lock+0xa1/0x170 [ 896.730530][ T362] ? _raw_spin_trylock_bh+0x190/0x190 [ 896.735888][ T362] dump_header+0xdb/0x700 [ 896.740210][ T362] oom_kill_process+0xd3/0x280 [ 896.744959][ T362] out_of_memory+0x5b6/0x890 [ 896.749536][ T362] ? unregister_oom_notifier+0x20/0x20 [ 896.754981][ T362] __alloc_pages_slowpath+0x16c2/0x1e50 [ 896.760512][ T362] ? get_page_from_freelist+0x7c0/0x7c0 [ 896.766303][ T362] ? ip_getsockopt+0x13c/0x230 [ 896.771055][ T362] ? __zone_watermark_ok+0x91/0x280 [ 896.776334][ T362] __alloc_pages_nodemask+0x5cb/0x7c0 [ 896.781693][ T362] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 896.787227][ T362] ? __vmalloc_node_range+0x439/0x7b0 [ 896.792595][ T362] ? __kmalloc+0xf7/0x2d0 [ 896.797085][ T362] ? __vmalloc_node_range+0x439/0x7b0 [ 896.802442][ T362] __vmalloc_node_range+0x360/0x7b0 [ 896.807633][ T362] vzalloc+0x70/0x80 [ 896.811517][ T362] ? alloc_counters+0x66/0x520 [ 896.816267][ T362] alloc_counters+0x66/0x520 [ 896.820854][ T362] ? xt_find_table_lock+0x1b0/0x350 [ 896.826042][ T362] do_arpt_get_ctl+0x5b9/0xa10 [ 896.830792][ T362] ? alloc_file+0x81/0x4a0 [ 896.835246][ T362] ? compat_do_arpt_set_ctl+0x24f0/0x24f0 [ 896.840957][ T362] ? memcpy+0x38/0x50 [ 896.844926][ T362] ? mutex_lock+0xa6/0x110 [ 896.849321][ T362] ? __module_get+0x130/0x130 [ 896.853982][ T362] ? memset+0x1f/0x40 [ 896.858111][ T362] ? selinux_socket_getsockopt+0x122/0x340 [ 896.863890][ T362] nf_getsockopt+0x2c1/0x2f0 [ 896.868450][ T362] ip_getsockopt+0x13c/0x230 [ 896.873009][ T362] ? compat_ip_setsockopt+0x100/0x100 [ 896.878349][ T362] ? tcp_getsockopt+0x66/0xd0 [ 896.883007][ T362] __sys_getsockopt+0x240/0x2b0 [ 896.887829][ T362] __x64_sys_getsockopt+0xb1/0xc0 [ 896.892840][ T362] do_syscall_64+0xcb/0x150 [ 896.897404][ T362] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 896.903266][ T362] RIP: 0033:0x45fd4a [ 896.907132][ T362] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 896.926799][ T362] RSP: 002b:00007fff51548128 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 896.935611][ T362] RAX: ffffffffffffffda RBX: 00007fff51548190 RCX: 000000000045fd4a [ 896.943559][ T362] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 896.951499][ T362] RBP: 0000000000000003 R08: 00007fff5154813c R09: 000000000000000a [ 896.959448][ T362] R10: 00007fff51548190 R11: 0000000000000212 R12: 0000000000000000 [ 896.967390][ T362] R13: 00007fff51548810 R14: 00000000000dacb2 R15: 00007fff51548820 [ 896.977590][ T362] Mem-Info: [ 896.982226][ T362] active_anon:1403522 inactive_anon:10886 isolated_anon:0 [ 896.982226][ T362] active_file:585 inactive_file:526 isolated_file:32 [ 896.982226][ T362] unevictable:0 dirty:41 writeback:10 unstable:0 [ 896.982226][ T362] slab_reclaimable:6737 slab_unreclaimable:77806 [ 896.982226][ T362] mapped:61067 shmem:10955 pagetables:43529 bounce:0 [ 896.982226][ T362] free:13021 free_pcp:433 free_cma:0 [ 897.003888][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 897.024884][ T362] Node 0 active_anon:5614024kB inactive_anon:43552kB active_file:2324kB inactive_file:2100kB unevictable:0kB isolated(anon):0kB isolated(file):300kB mapped:244060kB dirty:208kB writeback:0kB shmem:43824kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 897.051626][ T362] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 897.081074][ T154] loop4: partition table partially beyond EOD, truncated [ 897.101295][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 897.108228][ T362] lowmem_reserve[]: 0 2912 6416 6416 [ 897.108258][ T362] DMA32 free:22240kB min:8740kB low:11720kB high:14700kB active_anon:2733192kB inactive_anon:12772kB active_file:1524kB inactive_file:1720kB unevictable:0kB writepending:144kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25216kB pagetables:57220kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 897.108266][ T362] lowmem_reserve[]: 0 0 3504 3504 [ 897.143682][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 897.212243][ T362] Normal free:14432kB min:24744kB low:28332kB high:31920kB active_anon:2881336kB inactive_anon:30780kB active_file:400kB inactive_file:280kB unevictable:0kB writepending:64kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26048kB pagetables:116620kB bounce:0kB free_pcp:44kB local_pcp:0kB free_cma:0kB [ 897.249961][ T362] lowmem_reserve[]: 0 0 0 0 [ 897.257792][ T362] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 897.272153][ T362] DMA32: 567*4kB (UMEH) 224*8kB (UMEH) 766*16kB (UME) 102*32kB (UMEH) 35*64kB (UME) 10*128kB (UME) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23356kB [ 897.288526][ T362] Normal: 155*4kB (UM) 100*8kB (UMH) 114*16kB (UH) 314*32kB (UM) 19*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14508kB [ 897.324307][ T362] 11590 total pagecache pages [ 897.337264][ T362] 0 pages in swap cache [ 897.345995][ T362] Swap cache stats: add 0, delete 0, find 0/0 [ 897.352642][ T362] Free swap = 0kB [ 897.366671][ T362] Total swap = 0kB [ 897.376382][ T362] 1965979 pages RAM [ 897.383769][ T362] 0 pages HighMem/MovableOnly [ 897.388648][ T362] 318829 pages reserved [ 897.392804][ T362] 0 pages cma reserved [ 897.413655][ T362] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=6353,uid=0 [ 897.431549][ T362] Out of memory: Killed process 6353 (syz-executor.1) total-vm:85740kB, anon-rss:16580kB, file-rss:34932kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 897.496985][ T6383] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 897.503447][ T6383] loop3: partition table partially beyond EOD, truncated [ 897.512278][ T6383] loop3: p1 start 1 is beyond EOD, truncated [ 897.518505][ T6383] loop3: p2 size 1073741824 extends beyond EOD, truncated 12:59:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 897.559592][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 897.567939][ T6383] loop3: p3 size 2 extends beyond EOD, truncated [ 897.573874][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 897.583295][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 897.591169][ T6383] loop3: p4 size 32768 extends beyond EOD, truncated [ 897.609370][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 897.617323][ T6383] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 897.626009][ T6383] loop3: p6 size 32768 extends beyond EOD, truncated 12:59:23 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003b801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 897.771503][ T6407] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 897.782984][ T6407] loop4: partition table partially beyond EOD, truncated 12:59:23 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500001101000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 897.843779][ T6407] loop4: p1 start 1 is beyond EOD, truncated 12:59:23 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 897.896545][ T6407] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 897.904333][ T6424] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 897.909536][ T6424] loop3: partition table partially beyond EOD, truncated [ 897.919995][ T6424] loop3: p1 start 1 is beyond EOD, truncated [ 897.927624][ T6424] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 897.950076][ T6407] loop4: p3 size 2 extends beyond EOD, truncated [ 898.100314][ T6424] loop3: p3 size 2 extends beyond EOD, truncated [ 898.107102][ T6407] loop4: p4 size 32768 extends beyond EOD, truncated [ 898.116814][ T6424] loop3: p4 size 32768 extends beyond EOD, truncated [ 898.116910][ T6407] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 898.144034][ T6424] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 898.149022][ T6407] loop4: p6 size 32768 extends beyond EOD, truncated [ 898.163953][ T6424] loop3: p6 size 32768 extends beyond EOD, truncated 12:59:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:24 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105003cbd01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 898.343950][ T6436] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 898.364243][ T6436] loop0: partition table partially beyond EOD, truncated [ 898.408077][ T6436] loop0: p1 start 1 is beyond EOD, truncated [ 898.441438][ T6436] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 898.478637][ T6436] loop0: p3 size 2 extends beyond EOD, truncated [ 898.510924][ T6436] loop0: p4 size 32768 extends beyond EOD, truncated [ 898.541742][ T6436] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 898.574133][ T6436] loop0: p6 size 32768 extends beyond EOD, truncated [ 899.823826][ T6448] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 899.829158][ T6448] loop4: partition table partially beyond EOD, truncated [ 899.838095][ T6448] loop4: p1 start 1 is beyond EOD, truncated [ 899.845231][ T6448] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 899.854520][ T6448] loop4: p3 size 2 extends beyond EOD, truncated [ 899.862313][ T6448] loop4: p4 size 32768 extends beyond EOD, truncated [ 899.878546][ T154] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=-1000 [ 899.882537][ T6448] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 899.913503][ T154] CPU: 1 PID: 154 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 899.923416][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 899.933465][ T154] Call Trace: [ 899.936747][ T154] dump_stack+0x14a/0x1ce [ 899.941045][ T154] ? devkmsg_release+0x11c/0x11c [ 899.945953][ T154] ? show_regs_print_info+0x12/0x12 [ 899.951123][ T154] ? radix_tree_cpu_dead+0x160/0x160 [ 899.956383][ T154] ? _raw_spin_lock+0xa1/0x170 [ 899.961114][ T154] ? _raw_spin_trylock_bh+0x190/0x190 [ 899.966456][ T154] dump_header+0xdb/0x700 [ 899.970757][ T154] oom_kill_process+0xd3/0x280 [ 899.975491][ T154] out_of_memory+0x5b6/0x890 [ 899.980049][ T154] ? unregister_oom_notifier+0x20/0x20 [ 899.986087][ T154] __alloc_pages_slowpath+0x16c2/0x1e50 [ 899.991622][ T154] ? get_page_from_freelist+0x7c0/0x7c0 [ 899.997167][ T154] ? __zone_watermark_ok+0x91/0x280 [ 900.002348][ T154] __alloc_pages_nodemask+0x5cb/0x7c0 [ 900.007704][ T154] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 900.013219][ T154] ? avc_has_perm+0xd5/0x280 [ 900.017780][ T154] ? avc_has_perm+0x176/0x280 [ 900.022427][ T154] alloc_slab_page+0x3a/0x3a0 [ 900.027170][ T154] new_slab+0x408/0x450 [ 900.031300][ T154] ? should_fail+0x18e/0x860 [ 900.035870][ T154] ___slab_alloc+0x2e0/0x450 [ 900.040446][ T154] ? getname_flags+0xb8/0x610 [ 900.045095][ T154] ? getname_flags+0xb8/0x610 [ 900.050001][ T154] kmem_cache_alloc+0x23f/0x260 [ 900.054844][ T154] getname_flags+0xb8/0x610 [ 900.059333][ T154] user_path_at_empty+0x28/0x50 [ 900.064156][ T154] __se_sys_newlstat+0xe4/0x8b0 [ 900.068975][ T154] ? __x64_sys_newlstat+0x60/0x60 [ 900.073972][ T154] ? __secure_computing+0x1b6/0x250 [ 900.079490][ T154] do_syscall_64+0xcb/0x150 [ 900.083965][ T154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 900.089826][ T154] RIP: 0033:0x7f106ca35335 [ 900.094238][ T154] Code: Bad RIP value. [ 900.098290][ T154] RSP: 002b:00007ffc17d862a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 900.106761][ T154] RAX: ffffffffffffffda RBX: 00005629cb2716d0 RCX: 00007f106ca35335 [ 900.114706][ T154] RDX: 00007ffc17d862e0 RSI: 00007ffc17d862e0 RDI: 00005629cb2706d0 [ 900.122653][ T154] RBP: 00007ffc17d863a0 R08: 00005629caf49620 R09: 0000000000001010 [ 900.130602][ T154] R10: 0000000000000020 R11: 0000000000000246 R12: 00005629cb2706d0 [ 900.138547][ T154] R13: 00005629cb2706e4 R14: 00005629ca84172d R15: 00005629ca841734 [ 900.156865][ T154] Mem-Info: [ 900.160377][ T154] active_anon:1404621 inactive_anon:10886 isolated_anon:0 [ 900.160377][ T154] active_file:17 inactive_file:356 isolated_file:46 [ 900.160377][ T154] unevictable:0 dirty:5 writeback:0 unstable:0 [ 900.160377][ T154] slab_reclaimable:6742 slab_unreclaimable:77678 [ 900.160377][ T154] mapped:60424 shmem:10954 pagetables:43544 bounce:0 [ 900.160377][ T154] free:12272 free_pcp:779 free_cma:0 [ 900.198632][ T154] Node 0 active_anon:5618484kB inactive_anon:43544kB active_file:68kB inactive_file:1624kB unevictable:0kB isolated(anon):0kB isolated(file):56kB mapped:241596kB dirty:20kB writeback:0kB shmem:43816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 900.223523][ T154] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 900.249854][ T154] lowmem_reserve[]: 0 2912 6416 6416 [ 900.255673][ T154] DMA32 free:19948kB min:4644kB low:7624kB high:10604kB active_anon:2736996kB inactive_anon:12764kB active_file:432kB inactive_file:1056kB unevictable:0kB writepending:16kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24992kB pagetables:57192kB bounce:0kB free_pcp:2408kB local_pcp:1316kB free_cma:0kB [ 900.290179][ T154] lowmem_reserve[]: 0 0 3504 3504 [ 900.295776][ T154] Normal free:13236kB min:24744kB low:28332kB high:31920kB active_anon:2881488kB inactive_anon:30780kB active_file:232kB inactive_file:208kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26112kB pagetables:116984kB bounce:0kB free_pcp:1152kB local_pcp:568kB free_cma:0kB [ 900.326172][ T154] lowmem_reserve[]: 0 0 0 0 [ 900.331396][ T154] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 900.345436][ T154] DMA32: 296*4kB (UMEH) 151*8kB (UMEH) 691*16kB (UMEH) 145*32kB (UMEH) 25*64kB (UE) 4*128kB (UME) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20200kB [ 900.361003][ T154] Normal: 1*4kB (M) 51*8kB (UH) 68*16kB (UH) 313*32kB (U) 19*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12732kB [ 900.375261][ T154] 11101 total pagecache pages [ 900.380456][ T154] 0 pages in swap cache [ 900.385019][ T154] Swap cache stats: add 0, delete 0, find 0/0 [ 900.391380][ T154] Free swap = 0kB [ 900.395687][ T154] Total swap = 0kB [ 900.399978][ T154] 1965979 pages RAM [ 900.404077][ T154] 0 pages HighMem/MovableOnly [ 900.409231][ T154] 318829 pages reserved [ 900.413788][ T154] 0 pages cma reserved 12:59:26 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 12:59:26 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 12:59:26 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000d0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 900.418199][ T154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=21181,uid=0 [ 900.432750][ T154] Out of memory: Killed process 21181 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 900.450719][ T23] oom_reaper: reaped process 21181 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:59:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 900.543632][ T6448] loop4: p6 size 32768 extends beyond EOD, truncated [ 900.551146][ T6455] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 900.558736][ T6455] loop0: partition table partially beyond EOD, truncated 12:59:26 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 900.610054][ T6455] loop0: p1 start 1 is beyond EOD, truncated [ 900.645696][ T6455] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 900.663788][ T6448] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 900.669060][ T6448] loop4: partition table partially beyond EOD, truncated [ 900.678205][ T6448] loop4: p1 start 1 is beyond EOD, truncated [ 900.682357][ T6455] loop0: p3 size 2 extends beyond EOD, truncated [ 900.688533][ T6448] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 900.704747][ T6455] loop0: p4 size 32768 extends beyond EOD, truncated 12:59:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 900.716640][ T6455] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 900.726042][ T6455] loop0: p6 size 32768 extends beyond EOD, truncated [ 900.731939][ T6448] loop4: p3 size 2 extends beyond EOD, truncated [ 900.748690][ T6448] loop4: p4 size 32768 extends beyond EOD, truncated 12:59:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x0) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:59:26 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050088bd01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 900.765925][ T6448] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 900.785265][ T6448] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:26 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 901.263821][ T6482] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 901.278786][ T6482] CPU: 0 PID: 6482 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 901.288879][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 901.298912][ T6482] Call Trace: [ 901.302198][ T6482] dump_stack+0x14a/0x1ce [ 901.306498][ T6482] ? devkmsg_release+0x11c/0x11c [ 901.311406][ T6482] ? show_regs_print_info+0x12/0x12 [ 901.316602][ T6482] ? radix_tree_cpu_dead+0x160/0x160 [ 901.321857][ T6482] ? _raw_spin_lock+0xa1/0x170 [ 901.326599][ T6482] ? _raw_spin_trylock_bh+0x190/0x190 [ 901.331961][ T6482] dump_header+0xdb/0x700 [ 901.336263][ T6482] oom_kill_process+0xd3/0x280 [ 901.340998][ T6482] out_of_memory+0x5b6/0x890 [ 901.345570][ T6482] ? unregister_oom_notifier+0x20/0x20 [ 901.351002][ T6482] __alloc_pages_slowpath+0x16c2/0x1e50 [ 901.356710][ T6482] ? get_page_from_freelist+0x7c0/0x7c0 [ 901.362226][ T6482] ? __zone_watermark_ok+0x91/0x280 [ 901.367398][ T6482] __alloc_pages_nodemask+0x5cb/0x7c0 [ 901.373013][ T6482] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 901.378546][ T6482] ? copy_process+0x5a4/0x5110 [ 901.383282][ T6482] ? copy_process+0x5a4/0x5110 [ 901.388036][ T6482] ? kmem_cache_alloc+0x1d5/0x260 [ 901.393033][ T6482] copy_process+0x5f3/0x5110 [ 901.397597][ T6482] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 901.403285][ T6482] ? _raw_spin_lock+0xa1/0x170 [ 901.408021][ T6482] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 901.413798][ T6482] ? __lru_cache_add+0x1a1/0x1f0 [ 901.418703][ T6482] ? fork_idle+0x290/0x290 [ 901.423093][ T6482] _do_fork+0x196/0x920 [ 901.427221][ T6482] ? finish_fault+0x230/0x230 [ 901.431867][ T6482] ? up_write+0xa1/0x190 [ 901.436084][ T6482] ? dup_mm+0x300/0x300 [ 901.440211][ T6482] __x64_sys_clone+0x25e/0x2c0 [ 901.444964][ T6482] ? __ia32_sys_vfork+0x110/0x110 [ 901.449979][ T6482] ? do_user_addr_fault+0x55c/0x9f0 [ 901.455164][ T6482] do_syscall_64+0xcb/0x150 [ 901.459641][ T6482] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 901.466806][ T6482] RIP: 0033:0x45fc09 [ 901.470671][ T6482] Code: ff 48 85 f6 0f 84 87 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 5e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 901.490509][ T6482] RSP: 002b:00007ffeae1616d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 901.498895][ T6482] RAX: ffffffffffffffda RBX: 00007f4b5e1cb700 RCX: 000000000045fc09 [ 901.506839][ T6482] RDX: 00007f4b5e1cb9d0 RSI: 00007f4b5e1cadb0 RDI: 00000000003d0f00 [ 901.514781][ T6482] RBP: 00007ffeae161900 R08: 00007f4b5e1cb700 R09: 00007f4b5e1cb700 [ 901.522724][ T6482] R10: 00007f4b5e1cb9d0 R11: 0000000000000202 R12: 0000000000000000 [ 901.530665][ T6482] R13: 00007ffeae16178f R14: 00007f4b5e1cb9c0 R15: 000000000118cf4c [ 901.696975][ T6482] Mem-Info: [ 901.700295][ T6482] active_anon:1404067 inactive_anon:10886 isolated_anon:0 [ 901.700295][ T6482] active_file:416 inactive_file:433 isolated_file:32 [ 901.700295][ T6482] unevictable:0 dirty:43 writeback:8 unstable:0 [ 901.700295][ T6482] slab_reclaimable:6745 slab_unreclaimable:77642 [ 901.700295][ T6482] mapped:60849 shmem:10953 pagetables:43595 bounce:0 [ 901.700295][ T6482] free:12856 free_pcp:219 free_cma:0 [ 901.742791][ T6482] Node 0 active_anon:5616268kB inactive_anon:43544kB active_file:1540kB inactive_file:1592kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:243132kB dirty:156kB writeback:48kB shmem:43812kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 901.769129][ T6482] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 901.815660][ T6482] lowmem_reserve[]: 0 2912 6416 6416 [ 901.831945][ T6482] DMA32 free:22876kB min:8740kB low:11720kB high:14700kB active_anon:2734936kB inactive_anon:12764kB active_file:1220kB inactive_file:1328kB unevictable:0kB writepending:168kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25088kB pagetables:57428kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 901.890754][ T6482] lowmem_reserve[]: 0 0 3504 3504 [ 901.897251][ T6482] Normal free:13804kB min:5592kB low:9180kB high:12768kB active_anon:2881332kB inactive_anon:30780kB active_file:320kB inactive_file:264kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:25952kB pagetables:116952kB bounce:0kB free_pcp:324kB local_pcp:204kB free_cma:0kB [ 901.929421][ T6482] lowmem_reserve[]: 0 0 0 0 [ 901.939712][ T6482] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 901.956206][ T6482] DMA32: 140*4kB (UMH) 164*8kB (UMEH) 759*16kB (UMEH) 186*32kB (UMEH) 31*64kB (UME) 6*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22720kB [ 901.972214][ T6482] Normal: 16*4kB (UE) 94*8kB (UH) 62*16kB (UH) 295*32kB (U) 19*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12464kB 12:59:27 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105003cbd01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 901.988139][ T6482] 11954 total pagecache pages [ 901.993233][ T6482] 0 pages in swap cache [ 901.998063][ T6482] Swap cache stats: add 0, delete 0, find 0/0 [ 902.004837][ T6482] Free swap = 0kB [ 902.008989][ T6482] Total swap = 0kB [ 902.012903][ T6482] 1965979 pages RAM [ 902.017271][ T6482] 0 pages HighMem/MovableOnly [ 902.022649][ T6482] 318829 pages reserved [ 902.065267][ T6482] 0 pages cma reserved [ 902.077399][ T6482] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=20477,uid=0 [ 902.116420][ T6482] Out of memory: Killed process 20477 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 902.293651][ T6492] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 902.299208][ T6492] loop3: partition table partially beyond EOD, truncated [ 902.365940][ T6492] loop3: p1 start 1 is beyond EOD, truncated [ 902.391406][ T6492] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 902.424216][ T6492] loop3: p3 size 2 extends beyond EOD, truncated [ 902.472387][ T6492] loop3: p4 size 32768 extends beyond EOD, truncated [ 902.645086][ T6492] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 902.660444][ T6492] loop3: p6 size 32768 extends beyond EOD, truncated [ 902.679530][ T154] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 902.686472][ T154] loop3: partition table partially beyond EOD, truncated [ 902.704120][ T154] loop3: p1 start 1 is beyond EOD, truncated [ 902.719411][ T154] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 902.738769][ T154] loop3: p3 size 2 extends beyond EOD, truncated [ 902.756157][ T154] loop3: p4 size 32768 extends beyond EOD, truncated [ 902.772761][ T154] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 902.795836][ T154] loop3: p6 size 32768 extends beyond EOD, truncated 12:59:28 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105000b0001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 902.925183][ T6502] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 902.930600][ T6502] loop4: partition table partially beyond EOD, truncated [ 902.959676][ T6502] loop4: p1 start 1 is beyond EOD, truncated [ 902.977071][ T6502] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 902.995856][ T6502] loop4: p3 size 2 extends beyond EOD, truncated [ 903.008859][ T6502] loop4: p4 size 32768 extends beyond EOD, truncated [ 903.026606][ T6502] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 903.035478][ T6502] loop4: p6 size 32768 extends beyond EOD, truncated [ 903.043629][ T6512] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 903.048835][ T6512] loop3: partition table partially beyond EOD, truncated [ 903.057145][ T6512] loop3: p1 start 1 is beyond EOD, truncated [ 903.063176][ T6512] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 903.071318][ T6512] loop3: p3 size 2 extends beyond EOD, truncated [ 903.078463][ T6512] loop3: p4 size 32768 extends beyond EOD, truncated [ 903.089081][ T6502] __loop_clr_fd: partition scan of loop4 failed (rc=-16) [ 903.098905][ T6512] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 903.111032][ T6512] loop3: p6 size 32768 extends beyond EOD, truncated [ 903.172710][ T6502] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 903.184666][ T6502] loop4: partition table partially beyond EOD, truncated [ 903.192003][ T6502] loop4: p1 start 1 is beyond EOD, truncated [ 903.198910][ T6502] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 903.207288][ T6502] loop4: p3 size 2 extends beyond EOD, truncated [ 903.215647][ T6502] loop4: p4 size 32768 extends beyond EOD, truncated [ 903.223080][ T6502] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 903.231569][ T6502] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:29 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, 0x0, 0x0, 0x0) 12:59:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:29 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500c8bd01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:59:29 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, 0x0, 0x0, 0x0) 12:59:29 executing program 2: clone(0x80100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x15c}, 0x20) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000003c0)=""/102400, 0xffffffffffffff3a}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0) ptrace$cont(0x7, 0x0, 0x0, 0x0) 12:59:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:59:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 903.629833][ T6526] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 903.637146][ T6526] loop4: partition table partially beyond EOD, truncated [ 903.669475][ T6526] loop4: p1 start 1 is beyond EOD, truncated [ 903.692256][ T6526] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 903.750097][ T6526] loop4: p3 size 2 extends beyond EOD, truncated [ 903.810375][ T6526] loop4: p4 size 32768 extends beyond EOD, truncated [ 903.857971][ T6526] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 904.223348][ T6526] loop4: p6 size 32768 extends beyond EOD, truncated [ 904.550040][ T6542] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 904.573172][ T6542] CPU: 0 PID: 6542 Comm: syz-executor.5 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 904.583256][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 904.593301][ T6542] Call Trace: [ 904.596597][ T6542] dump_stack+0x14a/0x1ce [ 904.600929][ T6542] ? devkmsg_release+0x11c/0x11c [ 904.605901][ T6542] ? show_regs_print_info+0x12/0x12 [ 904.611114][ T6542] ? radix_tree_cpu_dead+0x160/0x160 [ 904.616475][ T6542] ? _raw_spin_lock+0xa1/0x170 [ 904.621231][ T6542] ? _raw_spin_trylock_bh+0x190/0x190 [ 904.626594][ T6542] dump_header+0xdb/0x700 [ 904.630915][ T6542] oom_kill_process+0xd3/0x280 [ 904.635667][ T6542] out_of_memory+0x5b6/0x890 [ 904.640339][ T6542] ? unregister_oom_notifier+0x20/0x20 [ 904.645790][ T6542] __alloc_pages_slowpath+0x16c2/0x1e50 [ 904.651327][ T6542] ? get_page_from_freelist+0x7c0/0x7c0 [ 904.656867][ T6542] ? __zone_watermark_ok+0x91/0x280 [ 904.662098][ T6542] __alloc_pages_nodemask+0x5cb/0x7c0 [ 904.667488][ T6542] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 904.673021][ T6542] ? copy_process+0x5a4/0x5110 [ 904.677800][ T6542] ? copy_process+0x5a4/0x5110 [ 904.682550][ T6542] ? kmem_cache_alloc+0x1d5/0x260 [ 904.687559][ T6542] copy_process+0x5f3/0x5110 [ 904.692169][ T6542] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 904.697970][ T6542] ? _raw_spin_lock+0xa1/0x170 [ 904.702765][ T6542] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 904.708560][ T6542] ? __lru_cache_add+0x1a1/0x1f0 [ 904.713487][ T6542] ? fork_idle+0x290/0x290 [ 904.717895][ T6542] _do_fork+0x196/0x920 [ 904.722040][ T6542] ? finish_fault+0x230/0x230 [ 904.726702][ T6542] ? up_write+0xa1/0x190 [ 904.730932][ T6542] ? dup_mm+0x300/0x300 [ 904.735075][ T6542] __x64_sys_clone+0x25e/0x2c0 [ 904.739827][ T6542] ? __ia32_sys_vfork+0x110/0x110 [ 904.744843][ T6542] ? do_user_addr_fault+0x55c/0x9f0 [ 904.750119][ T6542] do_syscall_64+0xcb/0x150 [ 904.754616][ T6542] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 904.760498][ T6542] RIP: 0033:0x45fc09 [ 904.764382][ T6542] Code: ff 48 85 f6 0f 84 87 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 5e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 904.783972][ T6542] RSP: 002b:00007ffefe54d618 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 904.792456][ T6542] RAX: ffffffffffffffda RBX: 00007f240ac2c700 RCX: 000000000045fc09 [ 904.800442][ T6542] RDX: 00007f240ac2c9d0 RSI: 00007f240ac2bdb0 RDI: 00000000003d0f00 [ 904.808388][ T6542] RBP: 00007ffefe54d840 R08: 00007f240ac2c700 R09: 00007f240ac2c700 [ 904.816333][ T6542] R10: 00007f240ac2c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 904.824279][ T6542] R13: 00007ffefe54d6cf R14: 00007f240ac2c9c0 R15: 000000000118cfec [ 904.886896][ T6542] Mem-Info: [ 904.890039][ T6542] active_anon:1403000 inactive_anon:10889 isolated_anon:0 [ 904.890039][ T6542] active_file:354 inactive_file:421 isolated_file:0 [ 904.890039][ T6542] unevictable:0 dirty:20 writeback:22 unstable:0 [ 904.890039][ T6542] slab_reclaimable:6742 slab_unreclaimable:77520 [ 904.890039][ T6542] mapped:60801 shmem:10955 pagetables:43647 bounce:0 [ 904.890039][ T6542] free:13927 free_pcp:446 free_cma:0 [ 904.929215][ T6542] Node 0 active_anon:5612000kB inactive_anon:43556kB active_file:1616kB inactive_file:1436kB unevictable:0kB isolated(anon):0kB isolated(file):232kB mapped:243204kB dirty:80kB writeback:88kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 904.954554][ T6542] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 904.981128][ T6542] lowmem_reserve[]: 0 2912 6416 6416 [ 904.989460][ T6542] DMA32 free:18240kB min:4644kB low:7624kB high:10604kB active_anon:2733320kB inactive_anon:12768kB active_file:1104kB inactive_file:672kB unevictable:0kB writepending:80kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24864kB pagetables:57320kB bounce:0kB free_pcp:1912kB local_pcp:992kB free_cma:0kB [ 905.020245][ T6542] lowmem_reserve[]: 0 0 3504 3504 [ 905.026208][ T6542] Normal free:14812kB min:5592kB low:9180kB high:12768kB active_anon:2878748kB inactive_anon:30780kB active_file:724kB inactive_file:5656kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26496kB pagetables:117272kB bounce:0kB free_pcp:588kB local_pcp:272kB free_cma:0kB [ 905.057942][ T6542] lowmem_reserve[]: 0 0 0 0 [ 905.062550][ T6542] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 905.156848][ T6542] DMA32: 171*4kB (UMEH) 71*8kB (UMEH) 682*16kB (UMEH) 50*32kB (UMEH) 25*64kB (UME) 10*128kB (ME) 1*256kB (M) 0*512kB 2*1024kB (M) 0*2048kB 0*4096kB = 18948kB [ 905.239430][ T6542] Normal: 274*4kB (UM) 121*8kB (UMEH) 72*16kB (UMEH) 369*32kB (UMEH) 32*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17200kB [ 905.319206][ T6542] 12296 total pagecache pages [ 905.339176][ T6542] 0 pages in swap cache [ 905.354598][ T6542] Swap cache stats: add 0, delete 0, find 0/0 [ 905.378533][ T6542] Free swap = 0kB [ 905.388406][ T6542] Total swap = 0kB [ 905.397096][ T6542] 1965979 pages RAM [ 905.409324][ T6542] 0 pages HighMem/MovableOnly [ 905.427043][ T6542] 318829 pages reserved [ 905.438759][ T6542] 0 pages cma reserved [ 905.443229][ T6542] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=16764,uid=0 [ 905.458562][ T6542] Out of memory: Killed process 16764 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:30 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050014be01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:59:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 905.645006][ T6558] loop4: p1 < > p2 p3 < p5 p6 > p4 12:59:31 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 905.667587][ T6558] loop4: partition table partially beyond EOD, truncated [ 905.685025][ T6558] loop4: p1 start 1 is beyond EOD, truncated [ 905.691753][ T6558] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 905.708450][ T6558] loop4: p3 size 2 extends beyond EOD, truncated [ 905.716851][ T6558] loop4: p4 size 32768 extends beyond EOD, truncated [ 905.726865][ T6558] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 905.735558][ T6558] loop4: p6 size 32768 extends beyond EOD, truncated [ 905.833634][ T6558] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 905.839282][ T6558] loop4: partition table partially beyond EOD, truncated 12:59:31 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x0, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 905.893696][ T6558] loop4: p1 start 1 is beyond EOD, truncated [ 905.942283][ T6558] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 905.971254][ T6558] loop4: p3 size 2 extends beyond EOD, truncated [ 905.980743][ T6558] loop4: p4 size 32768 extends beyond EOD, truncated [ 905.993103][ T6558] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 906.000935][ T6558] loop4: p6 size 32768 extends beyond EOD, truncated [ 906.082391][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 906.087879][ T154] loop4: partition table partially beyond EOD, truncated [ 906.103648][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 906.124946][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 906.179670][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 906.225698][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 906.242287][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 906.260819][ T6600] syz-executor.0 invoked oom-killer: gfp_mask=0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x1000000), order=0, oom_score_adj=1000 [ 906.263567][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 906.275155][ T6600] CPU: 1 PID: 6600 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 906.291030][ T6600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 906.301065][ T6600] Call Trace: [ 906.304348][ T6600] dump_stack+0x14a/0x1ce [ 906.308675][ T6600] ? devkmsg_release+0x11c/0x11c [ 906.313606][ T6600] ? show_regs_print_info+0x12/0x12 [ 906.318794][ T6600] ? radix_tree_cpu_dead+0x160/0x160 [ 906.324073][ T6600] ? _raw_spin_lock+0xa1/0x170 [ 906.328915][ T6600] ? _raw_spin_trylock_bh+0x190/0x190 [ 906.335062][ T6600] dump_header+0xdb/0x700 [ 906.339437][ T6600] oom_kill_process+0xd3/0x280 [ 906.344199][ T6600] out_of_memory+0x5b6/0x890 [ 906.348785][ T6600] ? unregister_oom_notifier+0x20/0x20 [ 906.354342][ T6600] __alloc_pages_slowpath+0x16c2/0x1e50 [ 906.359883][ T6600] ? get_page_from_freelist+0x7c0/0x7c0 [ 906.365417][ T6600] ? flush_tlb_func_common+0x45/0x580 [ 906.370791][ T6600] __alloc_pages_nodemask+0x5cb/0x7c0 [ 906.376164][ T6600] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 906.381706][ T6600] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 906.387418][ T6600] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 906.393478][ T6600] ? __perf_event_task_sched_in+0x4f7/0x560 [ 906.399359][ T6600] wp_page_copy+0x1cb/0x1120 [ 906.403946][ T6600] ? perf_pmu_sched_task+0x370/0x370 [ 906.409219][ T6600] ? switch_mm_irqs_off+0x2bf/0x9a0 [ 906.414407][ T6600] ? add_mm_rss_vec+0x270/0x270 [ 906.419250][ T6600] ? _raw_spin_unlock_irq+0x5/0x20 [ 906.424350][ T6600] ? finish_task_switch+0x235/0x4c0 [ 906.429538][ T6600] ? vm_normal_page+0x1c9/0x1d0 [ 906.434383][ T6600] do_wp_page+0x4c1/0x1530 [ 906.438790][ T6600] ? _raw_spin_lock+0xa1/0x170 [ 906.443542][ T6600] ? do_swap_page+0x1560/0x1560 [ 906.448376][ T6600] ? ttwu_do_wakeup+0x154/0x5b0 [ 906.453214][ T6600] handle_mm_fault+0xfa5/0x41e0 [ 906.458054][ T6600] ? __cgroup_account_cputime+0x2ba/0x2e0 [ 906.463761][ T6600] ? finish_fault+0x230/0x230 [ 906.468422][ T6600] ? update_curr+0x584/0x740 [ 906.473002][ T6600] ? down_read_trylock+0x17a/0x1d0 [ 906.478107][ T6600] ? _raw_spin_unlock_irq+0x5/0x20 [ 906.483295][ T6600] ? vmacache_find+0x3a2/0x4b0 [ 906.488049][ T6600] do_user_addr_fault+0x48a/0x9f0 [ 906.493062][ T6600] page_fault+0x2f/0x40 [ 906.497279][ T6600] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 906.503850][ T6600] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 906.523442][ T6600] RSP: 0018:ffff88819820f888 EFLAGS: 00010206 [ 906.529534][ T6600] RAX: ffffffff81f86901 RBX: 0000000020502500 RCX: 0000000000000500 [ 906.537492][ T6600] RDX: 0000000000001000 RSI: ffff8881d1ebeb00 RDI: 0000000020502000 [ 906.545440][ T6600] RBP: ffff88819820fda8 R08: dffffc0000000000 R09: ffffed103a3d7e00 [ 906.553384][ T6600] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 906.561378][ T6600] R13: 0000000000001000 R14: ffff8881d1ebe000 R15: 0000000020501500 [ 906.569332][ T6600] ? copyout+0x51/0xb0 [ 906.573375][ T6600] copyout+0x8e/0xb0 [ 906.577241][ T6600] copy_page_to_iter+0x393/0xbd0 [ 906.582151][ T6600] pipe_to_user+0xa3/0x130 [ 906.586543][ T6600] __splice_from_pipe+0x2d3/0x870 [ 906.591544][ T6600] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 906.597583][ T6600] do_vmsplice+0x252/0xee0 [ 906.601970][ T6600] ? futex_exit_release+0xc0/0xc0 [ 906.606966][ T6600] ? avc_ss_reset+0x3a0/0x3a0 [ 906.611617][ T6600] ? write_pipe_buf+0x1d0/0x1d0 [ 906.616454][ T6600] ? __rcu_read_lock+0x50/0x50 [ 906.621189][ T6600] ? check_stack_object+0x5a/0x90 [ 906.626291][ T6600] ? _copy_from_user+0xa4/0xe0 [ 906.631026][ T6600] ? rw_copy_check_uvector+0x2b3/0x310 [ 906.636455][ T6600] ? import_iovec+0x1c2/0x380 [ 906.641103][ T6600] ? dup_iter+0x110/0x110 [ 906.645410][ T6600] ? do_vfs_ioctl+0x780/0x1750 [ 906.650889][ T6600] __se_sys_vmsplice+0x1fb/0x300 [ 906.655799][ T6600] ? __x64_sys_vmsplice+0xa0/0xa0 [ 906.660793][ T6600] ? put_timespec64+0x109/0x150 [ 906.665616][ T6600] ? __x64_sys_clock_gettime+0x20d/0x260 [ 906.671233][ T6600] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 906.676921][ T6600] ? __fdget+0x187/0x200 [ 906.681134][ T6600] do_syscall_64+0xcb/0x150 [ 906.685627][ T6600] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 906.691578][ T6600] RIP: 0033:0x45d239 [ 906.695463][ T6600] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 906.715053][ T6600] RSP: 002b:00007f4b5e188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 906.723457][ T6600] RAX: ffffffffffffffda RBX: 0000000000035800 RCX: 000000000045d239 [ 906.731512][ T6600] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 906.739460][ T6600] RBP: 000000000118d0c8 R08: 0000000000000000 R09: 0000000000000000 [ 906.747410][ T6600] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d08c [ 906.755353][ T6600] R13: 00007ffeae16178f R14: 00007f4b5e1899c0 R15: 000000000118d08c [ 906.771898][ T6600] Mem-Info: [ 906.778175][ T6600] active_anon:1402094 inactive_anon:10888 isolated_anon:0 [ 906.778175][ T6600] active_file:993 inactive_file:1073 isolated_file:32 [ 906.778175][ T6600] unevictable:0 dirty:76 writeback:0 unstable:0 [ 906.778175][ T6600] slab_reclaimable:6775 slab_unreclaimable:77699 [ 906.778175][ T6600] mapped:62042 shmem:10955 pagetables:43644 bounce:0 [ 906.778175][ T6600] free:13075 free_pcp:551 free_cma:0 [ 906.816585][ T6600] Node 0 active_anon:5608376kB inactive_anon:43552kB active_file:3972kB inactive_file:4192kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:248168kB dirty:304kB writeback:0kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 906.871576][ T6600] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 906.898794][ T6600] lowmem_reserve[]: 0 2912 6416 6416 [ 906.904606][ T6600] DMA32 free:19100kB min:4644kB low:7624kB high:10604kB active_anon:2735996kB inactive_anon:12756kB active_file:540kB inactive_file:420kB unevictable:0kB writepending:80kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24928kB pagetables:57412kB bounce:0kB free_pcp:604kB local_pcp:464kB free_cma:0kB [ 907.019628][ T6600] lowmem_reserve[]: 0 0 3504 3504 [ 907.030523][ T6600] Normal free:23624kB min:24744kB low:28332kB high:31920kB active_anon:2872080kB inactive_anon:30808kB active_file:1868kB inactive_file:1956kB unevictable:0kB writepending:228kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26144kB pagetables:117168kB bounce:0kB free_pcp:544kB local_pcp:220kB free_cma:0kB [ 907.089289][ T6600] lowmem_reserve[]: 0 0 0 0 [ 907.094368][ T6600] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 907.109315][ T6600] DMA32: 59*4kB (UMEH) 43*8kB (UMEH) 631*16kB (UMEH) 113*32kB (UMEH) 15*64kB (UME) 11*128kB (ME) 1*256kB (M) 0*512kB 2*1024kB (M) 0*2048kB 0*4096kB = 18964kB 12:59:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x0, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:33 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="020105004cbe01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 907.126452][ T6600] Normal: 617*4kB (UME) 351*8kB (UMEH) 173*16kB (UMEH) 403*32kB (UMEH) 53*64kB (UMEH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24460kB [ 907.143165][ T6600] 11886 total pagecache pages [ 907.148714][ T6600] 0 pages in swap cache [ 907.154207][ T6600] Swap cache stats: add 0, delete 0, find 0/0 [ 907.160652][ T6600] Free swap = 0kB [ 907.165379][ T6600] Total swap = 0kB [ 907.169296][ T6600] 1965979 pages RAM [ 907.174028][ T6600] 0 pages HighMem/MovableOnly [ 907.178946][ T6600] 318829 pages reserved [ 907.183916][ T6600] 0 pages cma reserved 12:59:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x0, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 907.188076][ T6600] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=16643,uid=0 [ 907.204273][ T6600] Out of memory: Killed process 16643 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:33 executing program 2: syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 907.263418][ T6620] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 907.268670][ T6620] loop4: partition table partially beyond EOD, truncated [ 907.283039][ T6620] loop4: p1 start 1 is beyond EOD, truncated [ 907.301884][ T6620] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 907.313572][ T6620] loop4: p3 size 2 extends beyond EOD, truncated [ 907.333735][ T6620] loop4: p4 size 32768 extends beyond EOD, truncated [ 907.342058][ T6620] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 907.358104][ T6620] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:33 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000807e00"}) r1 = syz_open_pts(r0, 0x1) fcntl$setstatus(r1, 0x4, 0x102000) write(r1, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)) 12:59:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x0, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x0, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:33 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050026bf01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 908.264100][ T6655] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 908.279947][ T6655] loop4: partition table partially beyond EOD, truncated 12:59:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:34 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 908.355717][ T6655] loop4: p1 start 1 is beyond EOD, truncated [ 908.361727][ T6655] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 908.875021][ T154] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=-1000 [ 908.903365][ T154] CPU: 0 PID: 154 Comm: systemd-udevd Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 908.913275][ T154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 908.923335][ T154] Call Trace: [ 908.926627][ T154] dump_stack+0x14a/0x1ce [ 908.930945][ T154] ? devkmsg_release+0x11c/0x11c [ 908.935867][ T154] ? show_regs_print_info+0x12/0x12 [ 908.941036][ T154] ? radix_tree_cpu_dead+0x160/0x160 [ 908.946298][ T154] ? _raw_spin_lock+0xa1/0x170 [ 908.951032][ T154] ? _raw_spin_trylock_bh+0x190/0x190 [ 908.956389][ T154] dump_header+0xdb/0x700 [ 908.960692][ T154] oom_kill_process+0xd3/0x280 [ 908.965428][ T154] out_of_memory+0x5b6/0x890 [ 908.969988][ T154] ? unregister_oom_notifier+0x20/0x20 [ 908.975429][ T154] __alloc_pages_slowpath+0x16c2/0x1e50 [ 908.980945][ T154] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 908.986986][ T154] ? get_page_from_freelist+0x7c0/0x7c0 [ 908.992502][ T154] ? arch_stack_walk+0xd8/0x120 [ 908.997325][ T154] ? __zone_watermark_ok+0x91/0x280 [ 909.002503][ T154] __alloc_pages_nodemask+0x5cb/0x7c0 [ 909.007845][ T154] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 909.013399][ T154] ? __seccomp_filter+0xa3f/0x1740 [ 909.018500][ T154] alloc_slab_page+0x3a/0x3a0 [ 909.023151][ T154] new_slab+0x408/0x450 [ 909.027275][ T154] ? should_fail+0x18e/0x860 [ 909.031836][ T154] ___slab_alloc+0x2e0/0x450 [ 909.036425][ T154] ? getname_flags+0xb8/0x610 [ 909.041073][ T154] ? getname_flags+0xb8/0x610 [ 909.045721][ T154] kmem_cache_alloc+0x23f/0x260 [ 909.050542][ T154] getname_flags+0xb8/0x610 [ 909.055031][ T154] ? do_faccessat+0x69c/0x800 [ 909.059685][ T154] user_path_at_empty+0x28/0x50 [ 909.064598][ T154] do_readlinkat+0x119/0x3c0 [ 909.069164][ T154] ? cp_old_stat+0x8a0/0x8a0 [ 909.073726][ T154] ? do_syscall_64+0x150/0x150 [ 909.078467][ T154] ? __fpregs_load_activate+0x2d3/0x390 [ 909.083982][ T154] __x64_sys_readlinkat+0x96/0xb0 [ 909.088990][ T154] do_syscall_64+0xcb/0x150 [ 909.093468][ T154] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 909.099331][ T154] RIP: 0033:0x7f106ca370ba [ 909.103729][ T154] Code: Bad RIP value. [ 909.107766][ T154] RSP: 002b:00007ffc17d863b8 EFLAGS: 00000202 ORIG_RAX: 000000000000010b [ 909.116154][ T154] RAX: ffffffffffffffda RBX: 00005629caccbb80 RCX: 00007f106ca370ba [ 909.124103][ T154] RDX: 00005629caccbb80 RSI: 00007ffc17d86440 RDI: 00000000ffffff9c [ 909.132046][ T154] RBP: 0000000000000064 R08: 00007f106ccf3ba8 R09: 0000000000000070 [ 909.139996][ T154] R10: 0000000000000063 R11: 0000000000000202 R12: 00007ffc17d86440 [ 909.148200][ T154] R13: 00000000ffffff9c R14: 00007ffc17d86410 R15: 0000000000000063 [ 909.353833][ T154] Mem-Info: [ 909.360109][ T154] active_anon:1404726 inactive_anon:10888 isolated_anon:0 [ 909.360109][ T154] active_file:239 inactive_file:517 isolated_file:40 [ 909.360109][ T154] unevictable:0 dirty:11 writeback:1 unstable:0 [ 909.360109][ T154] slab_reclaimable:6868 slab_unreclaimable:77650 [ 909.360109][ T154] mapped:60742 shmem:10955 pagetables:43812 bounce:0 [ 909.360109][ T154] free:11784 free_pcp:146 free_cma:0 [ 909.470354][ T154] Node 0 active_anon:5620304kB inactive_anon:43552kB active_file:1372kB inactive_file:1452kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:243068kB dirty:44kB writeback:4kB shmem:43820kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 909.522431][ T154] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 909.550922][ T154] lowmem_reserve[]: 0 2912 6416 6416 [ 909.558970][ T154] DMA32 free:19444kB min:4644kB low:7624kB high:10604kB active_anon:2740088kB inactive_anon:12768kB active_file:208kB inactive_file:224kB unevictable:0kB writepending:24kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24896kB pagetables:57308kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 909.591277][ T154] lowmem_reserve[]: 0 0 3504 3504 [ 909.597810][ T154] Normal free:9960kB min:5592kB low:9180kB high:12768kB active_anon:2879876kB inactive_anon:30788kB active_file:668kB inactive_file:2604kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26624kB pagetables:117948kB bounce:0kB free_pcp:440kB local_pcp:292kB free_cma:0kB [ 909.629680][ T154] lowmem_reserve[]: 0 0 0 0 [ 909.660398][ T154] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 909.706850][ T154] DMA32: 11*4kB (UH) 23*8kB (UMEH) 595*16kB (UEH) 208*32kB (UMEH) 30*64kB (UME) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 18580kB [ 909.740215][ T154] Normal: 298*4kB (UM) 83*8kB (UMEH) 17*16kB (UMEH) 181*32kB (UMEH) 22*64kB (UMH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9328kB [ 909.770645][ T154] 12114 total pagecache pages [ 909.781135][ T154] 0 pages in swap cache [ 909.790087][ T154] Swap cache stats: add 0, delete 0, find 0/0 [ 909.811220][ T154] Free swap = 0kB [ 909.824094][ T154] Total swap = 0kB [ 909.832440][ T154] 1965979 pages RAM [ 909.840972][ T154] 0 pages HighMem/MovableOnly [ 909.850323][ T154] 318829 pages reserved [ 909.859134][ T154] 0 pages cma reserved [ 909.868241][ T154] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=16504,uid=0 [ 909.898322][ T154] Out of memory: Killed process 16504 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 910.054142][ T6655] loop4: p3 size 2 extends beyond EOD, truncated [ 910.061279][ T6655] loop4: p4 size 32768 extends beyond EOD, truncated [ 910.068879][ T6655] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 910.076738][ T6655] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:36 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bdc801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x0, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 910.545820][ T6680] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 910.551669][ T6680] loop4: partition table partially beyond EOD, truncated [ 910.559807][ T6680] loop4: p1 start 1 is beyond EOD, truncated [ 910.569007][ T6680] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 910.619881][ T6680] loop4: p3 size 2 extends beyond EOD, truncated [ 910.661833][ T6680] loop4: p4 size 32768 extends beyond EOD, truncated [ 910.692890][ T6680] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 910.727919][ T6680] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:37 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500020001000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 911.327381][ T154] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 911.332724][ T154] loop0: partition table partially beyond EOD, truncated [ 911.360593][ T154] loop0: p1 start 1 is beyond EOD, truncated 12:59:37 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d301000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 911.395120][ T154] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 911.424439][ T154] loop0: p3 size 2 extends beyond EOD, truncated 12:59:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 911.471883][ T154] loop0: p4 size 32768 extends beyond EOD, truncated 12:59:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 911.518467][ T154] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 911.546245][ T6718] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 911.551946][ T6718] loop4: partition table partially beyond EOD, truncated 12:59:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 911.577207][ T154] loop0: p6 size 32768 extends beyond EOD, truncated [ 911.601263][ T6695] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 911.605547][ T6718] loop4: p1 start 1 is beyond EOD, truncated [ 911.607554][ T6695] loop0: partition table partially beyond EOD, truncated [ 911.626641][ T6718] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 911.628068][ T6695] loop0: p1 start 1 is beyond EOD, truncated [ 911.662176][ T6695] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 911.682819][ T6718] loop4: p3 size 2 extends beyond EOD, truncated [ 911.706587][ T6695] loop0: p3 size 2 extends beyond EOD, truncated [ 911.724920][ T6718] loop4: p4 size 32768 extends beyond EOD, truncated [ 911.749909][ T6695] loop0: p4 size 32768 extends beyond EOD, truncated [ 911.761440][ T6718] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 911.783252][ T6695] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 911.793872][ T6718] loop4: p6 size 32768 extends beyond EOD, truncated [ 911.813268][ T6695] loop0: p6 size 32768 extends beyond EOD, truncated 12:59:38 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bdc801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 912.338547][ T6716] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 912.362625][ T6716] CPU: 1 PID: 6716 Comm: syz-executor.4 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 912.372807][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 912.383045][ T6716] Call Trace: [ 912.386356][ T6716] dump_stack+0x14a/0x1ce [ 912.390677][ T6716] ? devkmsg_release+0x11c/0x11c [ 912.395601][ T6716] ? show_regs_print_info+0x12/0x12 [ 912.400791][ T6716] ? radix_tree_cpu_dead+0x160/0x160 [ 912.406065][ T6716] ? _raw_spin_lock+0xa1/0x170 [ 912.410819][ T6716] ? _raw_spin_trylock_bh+0x190/0x190 [ 912.416181][ T6716] dump_header+0xdb/0x700 [ 912.420500][ T6716] oom_kill_process+0xd3/0x280 [ 912.425252][ T6716] out_of_memory+0x5b6/0x890 [ 912.429831][ T6716] ? unregister_oom_notifier+0x20/0x20 [ 912.435281][ T6716] __alloc_pages_slowpath+0x16c2/0x1e50 [ 912.440820][ T6716] ? get_page_from_freelist+0x7c0/0x7c0 [ 912.446355][ T6716] ? __zone_watermark_ok+0x91/0x280 [ 912.451550][ T6716] __alloc_pages_nodemask+0x5cb/0x7c0 [ 912.456910][ T6716] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 912.462437][ T6716] ? copy_process+0x5a4/0x5110 [ 912.467301][ T6716] ? kmem_cache_alloc+0x1d5/0x260 [ 912.472296][ T6716] copy_process+0x5f3/0x5110 [ 912.476859][ T6716] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 912.482547][ T6716] ? _raw_spin_lock+0xa1/0x170 [ 912.487444][ T6716] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 912.493340][ T6716] ? __lru_cache_add+0x1a1/0x1f0 [ 912.498248][ T6716] ? fork_idle+0x290/0x290 [ 912.502717][ T6716] _do_fork+0x196/0x920 [ 912.506846][ T6716] ? finish_fault+0x230/0x230 [ 912.511492][ T6716] ? up_write+0xa1/0x190 [ 912.515719][ T6716] ? dup_mm+0x300/0x300 [ 912.519999][ T6716] __x64_sys_clone+0x25e/0x2c0 [ 912.524740][ T6716] ? __ia32_sys_vfork+0x110/0x110 [ 912.529829][ T6716] ? do_user_addr_fault+0x55c/0x9f0 [ 912.534997][ T6716] do_syscall_64+0xcb/0x150 [ 912.539476][ T6716] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 912.545362][ T6716] RIP: 0033:0x45fc09 [ 912.549236][ T6716] Code: Bad RIP value. [ 912.553275][ T6716] RSP: 002b:00007ffe1c1b8898 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 912.561656][ T6716] RAX: ffffffffffffffda RBX: 00007f1e05a0b700 RCX: 000000000045fc09 [ 912.569599][ T6716] RDX: 00007f1e05a0b9d0 RSI: 00007f1e05a0adb0 RDI: 00000000003d0f00 [ 912.577543][ T6716] RBP: 00007ffe1c1b8ac0 R08: 00007f1e05a0b700 R09: 00007f1e05a0b700 [ 912.585594][ T6716] R10: 00007f1e05a0b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 912.593541][ T6716] R13: 00007ffe1c1b894f R14: 00007f1e05a0b9c0 R15: 000000000118cfec [ 912.626779][ T6716] Mem-Info: [ 912.630178][ T6716] active_anon:1406078 inactive_anon:10892 isolated_anon:0 [ 912.630178][ T6716] active_file:45 inactive_file:150 isolated_file:15 [ 912.630178][ T6716] unevictable:0 dirty:0 writeback:6 unstable:0 [ 912.630178][ T6716] slab_reclaimable:6970 slab_unreclaimable:77896 [ 912.630178][ T6716] mapped:60256 shmem:10958 pagetables:43923 bounce:0 [ 912.630178][ T6716] free:10577 free_pcp:199 free_cma:0 [ 912.668451][ T6716] Node 0 active_anon:5624312kB inactive_anon:43568kB active_file:60kB inactive_file:248kB unevictable:0kB isolated(anon):0kB isolated(file):60kB mapped:240624kB dirty:0kB writeback:24kB shmem:43832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 912.692675][ T6716] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 912.718917][ T6716] lowmem_reserve[]: 0 2912 6416 6416 [ 912.724412][ T6716] DMA32 free:19552kB min:4644kB low:7624kB high:10604kB active_anon:2743120kB inactive_anon:12756kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24928kB pagetables:57324kB bounce:0kB free_pcp:152kB local_pcp:0kB free_cma:0kB [ 912.753585][ T6716] lowmem_reserve[]: 0 0 3504 3504 [ 912.758623][ T6716] Normal free:6112kB min:5592kB low:9180kB high:12768kB active_anon:2880716kB inactive_anon:30812kB active_file:820kB inactive_file:664kB unevictable:0kB writepending:20kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26528kB pagetables:118368kB bounce:0kB free_pcp:408kB local_pcp:0kB free_cma:0kB [ 912.788098][ T6716] lowmem_reserve[]: 0 0 0 0 [ 912.792614][ T6716] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 912.805939][ T6716] DMA32: 58*4kB (UMEH) 43*8kB (UMEH) 594*16kB (UEH) 231*32kB (UEH) 37*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 19968kB [ 912.820826][ T6716] Normal: 113*4kB (UM) 72*8kB (UMEH) 57*16kB (UMEH) 44*32kB (UMEH) 15*64kB (UEH) 14*128kB (M) 1*256kB (E) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6356kB [ 912.836060][ T6716] 11269 total pagecache pages [ 912.840806][ T6716] 0 pages in swap cache [ 912.844965][ T6716] Swap cache stats: add 0, delete 0, find 0/0 [ 912.851007][ T6716] Free swap = 0kB [ 912.854746][ T6716] Total swap = 0kB [ 912.859409][ T6716] 1965979 pages RAM [ 912.863218][ T6716] 0 pages HighMem/MovableOnly [ 912.867968][ T6716] 318829 pages reserved [ 912.872105][ T6716] 0 pages cma reserved [ 912.876187][ T6716] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=11348,uid=0 [ 912.890317][ T6716] Out of memory: Killed process 11348 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 912.911222][ T23] oom_reaper: reaped process 11348 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 912.993105][ T6718] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 912.998459][ T6718] loop4: partition table partially beyond EOD, truncated [ 913.016871][ T6718] loop4: p1 start 1 is beyond EOD, truncated [ 913.029002][ T6718] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 913.045786][ T6718] loop4: p3 size 2 extends beyond EOD, truncated [ 913.073519][ T6718] loop4: p4 size 32768 extends beyond EOD, truncated [ 913.081365][ T6718] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:38 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 913.089900][ T6718] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:39 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d401000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 913.293675][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 913.298897][ T154] loop4: partition table partially beyond EOD, truncated [ 913.324620][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 913.351118][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 913.397985][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 913.433976][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 913.461501][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 913.486290][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 913.592424][ T6738] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 913.598102][ T6738] loop4: partition table partially beyond EOD, truncated [ 913.605885][ T6738] loop4: p1 start 1 is beyond EOD, truncated [ 913.612314][ T6738] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 913.629697][ T6738] loop4: p3 size 2 extends beyond EOD, truncated [ 913.645662][ T6738] loop4: p4 size 32768 extends beyond EOD, truncated [ 913.662013][ T6738] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 913.679242][ T6738] loop4: p6 size 32768 extends beyond EOD, truncated [ 914.000445][ T355] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 914.013048][ T355] CPU: 1 PID: 355 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 914.023019][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 914.034715][ T355] Call Trace: [ 914.038074][ T355] dump_stack+0x14a/0x1ce [ 914.042376][ T355] ? devkmsg_release+0x11c/0x11c [ 914.047286][ T355] ? show_regs_print_info+0x12/0x12 [ 914.052471][ T355] ? radix_tree_cpu_dead+0x160/0x160 [ 914.057829][ T355] ? _raw_spin_lock+0xa1/0x170 [ 914.062581][ T355] ? _raw_spin_trylock_bh+0x190/0x190 [ 914.067925][ T355] dump_header+0xdb/0x700 [ 914.072226][ T355] oom_kill_process+0xd3/0x280 [ 914.076977][ T355] out_of_memory+0x5b6/0x890 [ 914.081557][ T355] ? unregister_oom_notifier+0x20/0x20 [ 914.086988][ T355] __alloc_pages_slowpath+0x16c2/0x1e50 [ 914.092511][ T355] ? get_page_from_freelist+0x7c0/0x7c0 [ 914.098044][ T355] ? __zone_watermark_ok+0x91/0x280 [ 914.103213][ T355] __alloc_pages_nodemask+0x5cb/0x7c0 [ 914.108556][ T355] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 914.114609][ T355] ? copy_process+0x5a4/0x5110 [ 914.119405][ T355] ? kmem_cache_alloc+0x1d5/0x260 [ 914.124520][ T355] copy_process+0x5f3/0x5110 [ 914.129084][ T355] ? _raw_spin_unlock+0x5/0x20 [ 914.133833][ T355] ? do_swap_page+0x1560/0x1560 [ 914.138655][ T355] ? fork_idle+0x290/0x290 [ 914.143045][ T355] _do_fork+0x196/0x920 [ 914.147180][ T355] ? finish_fault+0x230/0x230 [ 914.151826][ T355] ? dup_mm+0x300/0x300 [ 914.155959][ T355] ? ktime_get_raw+0x130/0x130 [ 914.160792][ T355] __x64_sys_clone+0x25e/0x2c0 [ 914.165542][ T355] ? __ia32_sys_vfork+0x110/0x110 [ 914.170537][ T355] ? __x64_sys_clock_gettime+0x20d/0x260 [ 914.176143][ T355] ? do_user_addr_fault+0x55c/0x9f0 [ 914.181451][ T355] do_syscall_64+0xcb/0x150 [ 914.185991][ T355] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 914.191869][ T355] RIP: 0033:0x45b80a [ 914.195755][ T355] Code: Bad RIP value. [ 914.199798][ T355] RSP: 002b:00007ffeae161980 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 914.208192][ T355] RAX: ffffffffffffffda RBX: 00007ffeae161980 RCX: 000000000045b80a [ 914.216141][ T355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 914.224086][ T355] RBP: 00007ffeae1619c0 R08: 0000000000000001 R09: 0000000001e60940 [ 914.232033][ T355] R10: 0000000001e60c10 R11: 0000000000000246 R12: 0000000000000001 [ 914.239974][ T355] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffeae161a10 [ 914.249431][ T355] Mem-Info: [ 914.253483][ T355] active_anon:1405461 inactive_anon:10887 isolated_anon:0 [ 914.253483][ T355] active_file:5 inactive_file:247 isolated_file:26 [ 914.253483][ T355] unevictable:0 dirty:9 writeback:0 unstable:0 [ 914.253483][ T355] slab_reclaimable:6969 slab_unreclaimable:77803 [ 914.253483][ T355] mapped:60253 shmem:10954 pagetables:44002 bounce:0 [ 914.253483][ T355] free:11244 free_pcp:111 free_cma:0 [ 914.293539][ T355] Node 0 active_anon:5625144kB inactive_anon:43548kB active_file:120kB inactive_file:736kB unevictable:0kB isolated(anon):0kB isolated(file):104kB mapped:241112kB dirty:36kB writeback:0kB shmem:43816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 914.318110][ T355] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 914.344152][ T355] lowmem_reserve[]: 0 2912 6416 6416 [ 914.349456][ T355] DMA32 free:20208kB min:20548kB low:23528kB high:26508kB active_anon:2743992kB inactive_anon:12756kB active_file:12kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24896kB pagetables:57328kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 914.403066][ T355] lowmem_reserve[]: 0 0 3504 3504 [ 914.408139][ T355] Normal free:5608kB min:5592kB low:9180kB high:12768kB active_anon:2881084kB inactive_anon:30792kB active_file:724kB inactive_file:736kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26816kB pagetables:118680kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB [ 914.442620][ T355] lowmem_reserve[]: 0 0 0 0 [ 914.447141][ T355] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 914.460454][ T355] DMA32: 52*4kB (UMH) 37*8kB (UMEH) 595*16kB (UMEH) 248*32kB (UEH) 37*64kB (UME) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20456kB [ 914.475241][ T355] Normal: 231*4kB (UME) 59*8kB (UMEH) 15*16kB (UMEH) 20*32kB (UEH) 9*64kB (UMEH) 20*128kB (M) 2*256kB (ME) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5924kB [ 914.490625][ T355] 10987 total pagecache pages [ 914.495294][ T355] 0 pages in swap cache [ 914.499938][ T355] Swap cache stats: add 0, delete 0, find 0/0 [ 914.505984][ T355] Free swap = 0kB [ 914.509718][ T355] Total swap = 0kB [ 914.513447][ T355] 1965979 pages RAM [ 914.517322][ T355] 0 pages HighMem/MovableOnly [ 914.522146][ T355] 318829 pages reserved [ 914.526612][ T355] 0 pages cma reserved [ 914.530669][ T355] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=6728,uid=0 [ 914.545050][ T355] Out of memory: Killed process 6728 (syz-executor.3) total-vm:85476kB, anon-rss:16548kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 914.563507][ T23] oom_reaper: reaped process 6728 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:59:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:40 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:40 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d501000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 915.214003][ T6770] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 915.225024][ T6770] loop4: partition table partially beyond EOD, truncated [ 915.322514][ T6770] loop4: p1 start 1 is beyond EOD, truncated [ 915.328798][ T6770] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:59:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 915.369610][ T6770] loop4: p3 size 2 extends beyond EOD, truncated [ 915.409262][ T6770] loop4: p4 size 32768 extends beyond EOD, truncated [ 915.427929][ T6770] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 915.446656][ T6770] loop4: p6 size 32768 extends beyond EOD, truncated [ 915.463930][ T6785] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 915.477918][ T6785] loop0: partition table partially beyond EOD, truncated [ 915.517432][ T6785] loop0: p1 start 1 is beyond EOD, truncated [ 915.537005][ T6785] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 915.545548][ T6785] loop0: p3 size 2 extends beyond EOD, truncated [ 915.554497][ T6785] loop0: p4 size 32768 extends beyond EOD, truncated [ 915.566983][ T6785] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 915.575697][ T6785] loop0: p6 size 32768 extends beyond EOD, truncated [ 915.588996][ T6770] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 915.594754][ T6770] loop4: partition table partially beyond EOD, truncated [ 915.603183][ T6770] loop4: p1 start 1 is beyond EOD, truncated [ 915.610228][ T6770] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 915.629519][ T6770] loop4: p3 size 2 extends beyond EOD, truncated 12:59:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 915.649442][ T6770] loop4: p4 size 32768 extends beyond EOD, truncated [ 915.695458][ T6770] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:41 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d601000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 915.752548][ T6770] loop4: p6 size 32768 extends beyond EOD, truncated [ 915.764580][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 915.774868][ T154] loop4: partition table partially beyond EOD, truncated [ 915.814543][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 915.833776][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 915.859188][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 915.876298][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 915.892491][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 915.908001][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 916.464767][ T6803] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 916.499808][ T6803] CPU: 1 PID: 6803 Comm: syz-executor.5 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 916.510048][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 916.520745][ T6803] Call Trace: [ 916.524117][ T6803] dump_stack+0x14a/0x1ce [ 916.528522][ T6803] ? devkmsg_release+0x11c/0x11c [ 916.533447][ T6803] ? show_regs_print_info+0x12/0x12 [ 916.538850][ T6803] ? radix_tree_cpu_dead+0x160/0x160 [ 916.544416][ T6803] ? _raw_spin_lock+0xa1/0x170 [ 916.549277][ T6803] ? _raw_spin_trylock_bh+0x190/0x190 [ 916.555543][ T6803] dump_header+0xdb/0x700 [ 916.560099][ T6803] oom_kill_process+0xd3/0x280 [ 916.565021][ T6803] out_of_memory+0x5b6/0x890 [ 916.569703][ T6803] ? unregister_oom_notifier+0x20/0x20 [ 916.575283][ T6803] __alloc_pages_slowpath+0x16c2/0x1e50 [ 916.581026][ T6803] ? get_page_from_freelist+0x7c0/0x7c0 [ 916.586987][ T6803] ? __zone_watermark_ok+0x91/0x280 [ 916.592603][ T6803] __alloc_pages_nodemask+0x5cb/0x7c0 [ 916.598194][ T6803] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 916.604073][ T6803] ? copy_process+0x5a4/0x5110 [ 916.609101][ T6803] ? copy_process+0x5a4/0x5110 [ 916.614008][ T6803] ? kmem_cache_alloc+0x1d5/0x260 [ 916.619071][ T6803] copy_process+0x5f3/0x5110 [ 916.623913][ T6803] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 916.629886][ T6803] ? _raw_spin_lock+0xa1/0x170 [ 916.634635][ T6803] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 916.640434][ T6803] ? __lru_cache_add+0x1a1/0x1f0 [ 916.645536][ T6803] ? fork_idle+0x290/0x290 [ 916.650008][ T6803] _do_fork+0x196/0x920 [ 916.654442][ T6803] ? finish_fault+0x230/0x230 [ 916.659323][ T6803] ? up_write+0xa1/0x190 [ 916.663833][ T6803] ? dup_mm+0x300/0x300 [ 916.668056][ T6803] __x64_sys_clone+0x25e/0x2c0 [ 916.674092][ T6803] ? __ia32_sys_vfork+0x110/0x110 [ 916.679554][ T6803] ? do_user_addr_fault+0x55c/0x9f0 [ 916.685200][ T6803] do_syscall_64+0xcb/0x150 [ 916.690034][ T6803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 916.696179][ T6803] RIP: 0033:0x45fc09 [ 916.700590][ T6803] Code: Bad RIP value. [ 916.706684][ T6803] RSP: 002b:00007ffefe54d618 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 916.716238][ T6803] RAX: ffffffffffffffda RBX: 00007f240ac4d700 RCX: 000000000045fc09 [ 916.725341][ T6803] RDX: 00007f240ac4d9d0 RSI: 00007f240ac4cdb0 RDI: 00000000003d0f00 [ 916.733974][ T6803] RBP: 00007ffefe54d840 R08: 00007f240ac4d700 R09: 00007f240ac4d700 [ 916.743019][ T6803] R10: 00007f240ac4d9d0 R11: 0000000000000202 R12: 0000000000000000 [ 916.752211][ T6803] R13: 00007ffefe54d6cf R14: 00007f240ac4d9c0 R15: 000000000118cf4c [ 916.816885][ T6803] Mem-Info: [ 916.832503][ T6803] active_anon:1404521 inactive_anon:10891 isolated_anon:0 [ 916.832503][ T6803] active_file:137 inactive_file:78 isolated_file:29 [ 916.832503][ T6803] unevictable:0 dirty:25 writeback:0 unstable:0 [ 916.832503][ T6803] slab_reclaimable:6973 slab_unreclaimable:77872 [ 916.832503][ T6803] mapped:60299 shmem:10959 pagetables:43969 bounce:0 [ 916.832503][ T6803] free:11454 free_pcp:462 free_cma:0 [ 916.872699][ T6803] Node 0 active_anon:5618096kB inactive_anon:43568kB active_file:468kB inactive_file:388kB unevictable:0kB isolated(anon):0kB isolated(file):244kB mapped:241192kB dirty:100kB writeback:0kB shmem:43836kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 916.904428][ T6803] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 916.935670][ T6803] lowmem_reserve[]: 0 2912 6416 6416 [ 916.942939][ T6803] DMA32 free:22180kB min:4644kB low:7624kB high:10604kB active_anon:2743020kB inactive_anon:12768kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24896kB pagetables:57324kB bounce:0kB free_pcp:312kB local_pcp:312kB free_cma:0kB [ 916.975488][ T6803] lowmem_reserve[]: 0 0 3504 3504 [ 916.983099][ T6803] Normal free:9268kB min:5592kB low:9180kB high:12768kB active_anon:2875124kB inactive_anon:30784kB active_file:500kB inactive_file:368kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26720kB pagetables:118680kB bounce:0kB free_pcp:564kB local_pcp:260kB free_cma:0kB [ 917.016929][ T6803] lowmem_reserve[]: 0 0 0 0 [ 917.026794][ T6803] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 917.041335][ T6803] DMA32: 38*4kB (UEH) 54*8kB (UEH) 607*16kB (UEH) 271*32kB (UEH) 36*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21272kB [ 917.056350][ T6803] Normal: 12*4kB (UE) 61*8kB (U) 61*16kB (UMEH) 51*32kB (UMEH) 18*64kB (UMEH) 29*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8008kB [ 917.073571][ T6803] 11353 total pagecache pages [ 917.079163][ T6803] 0 pages in swap cache [ 917.084456][ T6803] Swap cache stats: add 0, delete 0, find 0/0 [ 917.091863][ T6803] Free swap = 0kB [ 917.097451][ T6803] Total swap = 0kB [ 917.102038][ T6803] 1965979 pages RAM [ 917.107782][ T6803] 0 pages HighMem/MovableOnly [ 917.120246][ T6803] 318829 pages reserved [ 917.138017][ T6803] 0 pages cma reserved [ 917.148433][ T6803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=11651,uid=0 [ 917.182803][ T6803] Out of memory: Killed process 11651 (syz-executor.1) total-vm:85476kB, anon-rss:16504kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:43 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 918.166772][ T6828] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 918.176331][ T6828] loop4: partition table partially beyond EOD, truncated [ 918.185699][ T6828] loop4: p1 start 1 is beyond EOD, truncated [ 918.193974][ T6828] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 918.204425][ T6828] loop4: p3 size 2 extends beyond EOD, truncated [ 918.214388][ T6828] loop4: p4 size 32768 extends beyond EOD, truncated [ 918.222480][ T6828] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 918.231310][ T6828] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:44 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201057ffffffe000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 918.314007][ T6828] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 918.319735][ T6828] loop4: partition table partially beyond EOD, truncated [ 918.372347][ T6828] loop4: p1 start 1 is beyond EOD, truncated [ 918.378888][ T6828] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 918.395997][ T6828] loop4: p3 size 2 extends beyond EOD, truncated [ 918.405627][ T6828] loop4: p4 size 32768 extends beyond EOD, truncated [ 918.432954][ T6828] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 918.441711][ T6828] loop4: p6 size 32768 extends beyond EOD, truncated [ 918.463979][ T154] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 918.469668][ T154] loop4: partition table partially beyond EOD, truncated [ 918.486409][ T154] loop4: p1 start 1 is beyond EOD, truncated [ 918.502595][ T154] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:59:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 918.533309][ T154] loop4: p3 size 2 extends beyond EOD, truncated [ 918.580543][ T154] loop4: p4 size 32768 extends beyond EOD, truncated [ 918.613362][ T154] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:44 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d701000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 918.650661][ T154] loop4: p6 size 32768 extends beyond EOD, truncated [ 918.713134][ T6846] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 918.720675][ T6846] loop3: partition table partially beyond EOD, truncated [ 918.782292][ T6846] loop3: p1 start 254 is beyond EOD, truncated [ 918.788793][ T6846] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 918.839775][ T6846] loop3: p3 size 2 extends beyond EOD, truncated [ 918.892811][ T6846] loop3: p4 size 32768 extends beyond EOD, truncated [ 918.935231][ T6846] loop3: p5 size 1073741824 extends beyond EOD, truncated [ 919.247654][ T6846] loop3: p6 size 32768 extends beyond EOD, truncated [ 919.282666][ T6860] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 919.288892][ T6860] loop4: partition table partially beyond EOD, truncated [ 919.328567][ T6860] loop4: p1 start 1 is beyond EOD, truncated [ 919.361496][ T6860] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 919.401708][ T6860] loop4: p3 size 2 extends beyond EOD, truncated 12:59:45 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 919.588772][ T6860] loop4: p4 size 32768 extends beyond EOD, truncated [ 919.603909][ T6860] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 919.623011][ T6860] loop4: p6 size 32768 extends beyond EOD, truncated [ 919.735789][ T6871] ================================================================== [ 919.745173][ T6871] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x155f/0x2330 [ 919.753941][ T6871] Read of size 8 at addr ffff88816d666718 by task syz-executor.0/6871 [ 919.762643][ T6871] [ 919.764968][ T6871] CPU: 1 PID: 6871 Comm: syz-executor.0 Not tainted 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 919.776640][ T6871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 919.787553][ T6871] Call Trace: [ 919.791268][ T6871] dump_stack+0x14a/0x1ce [ 919.796431][ T6871] ? show_regs_print_info+0x12/0x12 [ 919.803063][ T6871] ? printk+0xd2/0x114 [ 919.808195][ T6871] print_address_description+0x93/0x620 [ 919.815001][ T6871] ? preempt_schedule+0x110/0x130 [ 919.821404][ T6871] ? schedule_preempt_disabled+0x20/0x20 [ 919.827776][ T6871] __kasan_report+0x16d/0x1e0 [ 919.832621][ T6871] ? unwind_next_frame+0x155f/0x2330 [ 919.839147][ T6871] kasan_report+0x36/0x60 [ 919.843477][ T6871] unwind_next_frame+0x155f/0x2330 [ 919.849629][ T6871] ? retint_kernel+0x1b/0x1b [ 919.854393][ T6871] ? unwind_get_return_address_ptr+0x130/0x130 [ 919.860939][ T6871] ? unwind_next_frame+0x2330/0x2330 [ 919.867051][ T6871] ? retint_kernel+0x1b/0x1b [ 919.871783][ T6871] ? __schedule+0x918/0xef0 [ 919.876757][ T6871] ? in_sched_functions+0x9/0x40 [ 919.882108][ T6871] ? stack_trace_save_tsk+0x490/0x490 [ 919.888205][ T6871] arch_stack_walk+0xf4/0x120 [ 919.893309][ T6871] ? retint_kernel+0x1b/0x1b [ 919.898146][ T6871] stack_trace_save_tsk+0x2e7/0x490 [ 919.903435][ T6871] ? stack_trace_consume_entry+0x230/0x230 [ 919.909751][ T6871] ? _raw_spin_lock+0xa1/0x170 [ 919.914756][ T6871] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 919.921524][ T6871] ? __ptrace_may_access+0x2b4/0x530 [ 919.926991][ T6871] ? kmem_cache_alloc_trace+0xc3/0x280 [ 919.933759][ T6871] proc_pid_stack+0x12f/0x1f0 [ 919.938907][ T6871] proc_single_show+0xd3/0x130 [ 919.943745][ T6871] seq_read+0x4aa/0xd30 [ 919.948125][ T6871] do_iter_read+0x43b/0x550 [ 919.952620][ T6871] do_preadv+0x213/0x350 [ 919.957536][ T6871] ? do_writev+0x5b0/0x5b0 [ 919.962427][ T6871] ? __fdget+0x187/0x200 [ 919.966954][ T6871] do_syscall_64+0xcb/0x150 [ 919.971525][ T6871] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 919.978294][ T6871] RIP: 0033:0x45d239 [ 919.982389][ T6871] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 920.003324][ T6871] RSP: 002b:00007f4b5e1a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 920.014587][ T6871] RAX: ffffffffffffffda RBX: 0000000000024ac0 RCX: 000000000045d239 [ 920.022645][ T6871] RDX: 0000000000000375 RSI: 00000000200017c0 RDI: 0000000000000004 [ 920.030989][ T6871] RBP: 000000000118d030 R08: 0000000000000000 R09: 0000000000000000 [ 920.040810][ T6871] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 920.049515][ T6871] R13: 00007ffeae16178f R14: 00007f4b5e1aa9c0 R15: 000000000118cfec [ 920.058850][ T6871] [ 920.061229][ T6871] The buggy address belongs to the page: [ 920.068097][ T6871] page:ffffea0005b59980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 920.080574][ T6871] flags: 0x8000000000000000() [ 920.087302][ T6871] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 920.104897][ T6871] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 920.116054][ T6871] page dumped because: kasan: bad access detected [ 920.124076][ T6871] [ 920.126575][ T6871] Memory state around the buggy address: [ 920.132753][ T6871] ffff88816d666600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 920.141803][ T6871] ffff88816d666680: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 920.150753][ T6871] >ffff88816d666700: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 920.159453][ T6871] ^ [ 920.164681][ T6871] ffff88816d666780: f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 00 00 00 00 [ 920.177297][ T6871] ffff88816d666800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 920.186532][ T6871] ================================================================== [ 920.197391][ T6871] Disabling lock debugging due to kernel taint 12:59:46 executing program 3: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201057ffffff9000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 920.822551][ T6881] loop3: p1 < > p2 p3 < p5 p6 > p4 [ 920.839096][ T6881] loop3: partition table partially beyond EOD, truncated 12:59:46 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:46 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:46 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 921.126455][ T6881] loop3: p1 start 249 is beyond EOD, truncated [ 921.148462][ T6881] loop3: p2 size 1073741824 extends beyond EOD, truncated [ 921.166861][ T6881] loop3: p3 size 2 extends beyond EOD, truncated [ 921.183604][ T6881] loop3: p4 size 32768 extends beyond EOD, truncated [ 921.213586][ T6881] loop3: p5 size 1073741824 extends beyond EOD, truncated 12:59:47 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201057ffffff8000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 921.230164][ T6881] loop3: p6 size 32768 extends beyond EOD, truncated 12:59:47 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x0, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 921.422312][ T6897] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 921.430395][ T6897] loop4: partition table partially beyond EOD, truncated [ 921.438295][ T6897] loop4: p1 start 1 is beyond EOD, truncated [ 921.453219][ T6897] loop4: p2 size 1073741824 extends beyond EOD, truncated 12:59:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 921.512668][ T6897] loop4: p3 size 2 extends beyond EOD, truncated [ 921.535990][ T6897] loop4: p4 size 32768 extends beyond EOD, truncated [ 921.546361][ T6897] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 921.554568][ T6897] loop4: p6 size 32768 extends beyond EOD, truncated [ 921.624713][ T355] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 921.648667][ T355] CPU: 0 PID: 355 Comm: syz-executor.0 Tainted: G B 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 921.660048][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 921.670267][ T355] Call Trace: [ 921.673559][ T355] dump_stack+0x14a/0x1ce [ 921.678065][ T355] ? devkmsg_release+0x11c/0x11c [ 921.682976][ T355] ? show_regs_print_info+0x12/0x12 [ 921.688164][ T355] ? radix_tree_cpu_dead+0x160/0x160 [ 921.693438][ T355] ? _raw_spin_lock+0xa1/0x170 [ 921.698175][ T355] ? _raw_spin_trylock_bh+0x190/0x190 [ 921.703524][ T355] dump_header+0xdb/0x700 [ 921.707828][ T355] oom_kill_process+0xd3/0x280 [ 921.712579][ T355] out_of_memory+0x5b6/0x890 [ 921.717184][ T355] ? unregister_oom_notifier+0x20/0x20 [ 921.722630][ T355] __alloc_pages_slowpath+0x16c2/0x1e50 [ 921.728165][ T355] ? get_page_from_freelist+0x7c0/0x7c0 [ 921.733768][ T355] ? __zone_watermark_ok+0x91/0x280 [ 921.738956][ T355] __alloc_pages_nodemask+0x5cb/0x7c0 [ 921.744299][ T355] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 921.749814][ T355] ? copy_process+0x5a4/0x5110 [ 921.754549][ T355] ? copy_process+0x5a4/0x5110 [ 921.759284][ T355] ? kmem_cache_alloc+0x1d5/0x260 [ 921.764310][ T355] copy_process+0x5f3/0x5110 [ 921.768871][ T355] ? _raw_spin_unlock+0x5/0x20 [ 921.773609][ T355] ? do_swap_page+0x1560/0x1560 [ 921.778514][ T355] ? fork_idle+0x290/0x290 [ 921.782988][ T355] _do_fork+0x196/0x920 [ 921.787123][ T355] ? finish_fault+0x230/0x230 [ 921.791804][ T355] ? dup_mm+0x300/0x300 [ 921.796486][ T355] ? ktime_get_raw+0x130/0x130 [ 921.801222][ T355] __x64_sys_clone+0x25e/0x2c0 [ 921.805957][ T355] ? __ia32_sys_vfork+0x110/0x110 [ 921.811038][ T355] ? __x64_sys_clock_gettime+0x20d/0x260 [ 921.816651][ T355] ? do_user_addr_fault+0x55c/0x9f0 [ 921.821993][ T355] do_syscall_64+0xcb/0x150 [ 921.826479][ T355] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 921.834512][ T355] RIP: 0033:0x45b80a [ 921.838391][ T355] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 921.857973][ T355] RSP: 002b:00007ffeae161980 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 921.866602][ T355] RAX: ffffffffffffffda RBX: 00007ffeae161980 RCX: 000000000045b80a [ 921.874737][ T355] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 921.882773][ T355] RBP: 00007ffeae1619c0 R08: 0000000000000001 R09: 0000000001e60940 [ 921.890989][ T355] R10: 0000000001e60c10 R11: 0000000000000246 R12: 0000000000000001 [ 921.898951][ T355] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffeae161a10 [ 921.925815][ T355] Mem-Info: [ 921.929392][ T355] active_anon:1400693 inactive_anon:10887 isolated_anon:0 [ 921.929392][ T355] active_file:654 inactive_file:496 isolated_file:96 [ 921.929392][ T355] unevictable:0 dirty:27 writeback:0 unstable:0 [ 921.929392][ T355] slab_reclaimable:6954 slab_unreclaimable:77581 [ 921.929392][ T355] mapped:60971 shmem:10954 pagetables:44184 bounce:0 [ 921.929392][ T355] free:14867 free_pcp:0 free_cma:0 [ 921.979295][ T355] Node 0 active_anon:5602772kB inactive_anon:43548kB active_file:1824kB inactive_file:1804kB unevictable:0kB isolated(anon):0kB isolated(file):244kB mapped:243884kB dirty:108kB writeback:0kB shmem:43816kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 922.039163][ T355] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 922.128207][ T355] lowmem_reserve[]: 0 2912 6416 6416 [ 922.139859][ T355] DMA32 free:28748kB min:20548kB low:23528kB high:26508kB active_anon:2741452kB inactive_anon:12756kB active_file:300kB inactive_file:16kB unevictable:0kB writepending:12kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:24928kB pagetables:57424kB bounce:0kB free_pcp:40kB local_pcp:40kB free_cma:0kB [ 922.194089][ T355] lowmem_reserve[]: 0 0 3504 3504 [ 922.201973][ T355] Normal free:13616kB min:13784kB low:17372kB high:20960kB active_anon:2865352kB inactive_anon:30792kB active_file:1284kB inactive_file:928kB unevictable:0kB writepending:96kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26912kB pagetables:119312kB bounce:0kB free_pcp:1124kB local_pcp:500kB free_cma:0kB [ 922.233826][ T355] lowmem_reserve[]: 0 0 0 0 [ 922.238851][ T355] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 922.253840][ T355] DMA32: 290*4kB (UMEH) 127*8kB (UMEH) 697*16kB (UMEH) 384*32kB (UMEH) 54*64kB (UME) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29328kB [ 922.270127][ T355] Normal: 0*4kB 43*8kB (M) 211*16kB (MH) 111*32kB (UMH) 18*64kB (UMH) 40*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13544kB [ 922.284326][ T355] 11662 total pagecache pages [ 922.289125][ T355] 0 pages in swap cache [ 922.293558][ T355] Swap cache stats: add 0, delete 0, find 0/0 [ 922.299637][ T355] Free swap = 0kB [ 922.303382][ T355] Total swap = 0kB [ 922.307087][ T355] 1965979 pages RAM [ 922.311196][ T355] 0 pages HighMem/MovableOnly [ 922.321940][ T355] 318829 pages reserved [ 922.326141][ T355] 0 pages cma reserved [ 922.330196][ T355] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=6832,uid=0 [ 922.345076][ T355] Out of memory: Killed process 6832 (syz-executor.1) total-vm:85476kB, anon-rss:16564kB, file-rss:34900kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 12:59:48 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003d901000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 922.522605][ T6913] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 922.528813][ T6913] loop0: partition table partially beyond EOD, truncated [ 922.538463][ T6913] loop0: p1 start 248 is beyond EOD, truncated [ 922.545129][ T6913] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 922.553795][ T6913] loop0: p3 size 2 extends beyond EOD, truncated [ 922.561138][ T6913] loop0: p4 size 32768 extends beyond EOD, truncated 12:59:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 922.568901][ T6916] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 922.574796][ T6916] loop4: partition table partially beyond EOD, truncated [ 922.582968][ T6916] loop4: p1 start 1 is beyond EOD, truncated [ 922.589114][ T6913] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 922.598888][ T6916] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 922.606299][ T6913] loop0: p6 size 32768 extends beyond EOD, truncated 12:59:48 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050000b8d2000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 922.628271][ T6916] loop4: p3 size 2 extends beyond EOD, truncated [ 922.648910][ T6916] loop4: p4 size 32768 extends beyond EOD, truncated [ 922.696005][ T6916] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:48 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:48 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:48 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003da01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 922.762079][ T6916] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:48 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050003db01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 922.837626][ T6949] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 922.853792][ T6949] loop0: partition table partially beyond EOD, truncated [ 922.875545][ T6949] loop0: p1 start 210 is beyond EOD, truncated 12:59:48 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050001dc01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:48 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 922.893171][ T6949] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 922.921436][ T6949] loop0: p3 size 2 extends beyond EOD, truncated [ 922.943914][ T6949] loop0: p4 size 32768 extends beyond EOD, truncated [ 922.969641][ T6949] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 923.021307][ T6949] loop0: p6 size 32768 extends beyond EOD, truncated [ 923.400250][ T6970] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 923.421414][ T6970] CPU: 0 PID: 6970 Comm: syz-executor.4 Tainted: G B 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 923.432994][ T6970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 923.443047][ T6970] Call Trace: [ 923.446330][ T6970] dump_stack+0x14a/0x1ce [ 923.450657][ T6970] ? devkmsg_release+0x11c/0x11c [ 923.455568][ T6970] ? show_regs_print_info+0x12/0x12 [ 923.460739][ T6970] ? radix_tree_cpu_dead+0x160/0x160 [ 923.465995][ T6970] ? _raw_spin_lock+0xa1/0x170 [ 923.470748][ T6970] ? _raw_spin_trylock_bh+0x190/0x190 [ 923.476098][ T6970] dump_header+0xdb/0x700 [ 923.480401][ T6970] oom_kill_process+0xd3/0x280 [ 923.485152][ T6970] out_of_memory+0x5b6/0x890 [ 923.489718][ T6970] ? unregister_oom_notifier+0x20/0x20 [ 923.495146][ T6970] __alloc_pages_slowpath+0x16c2/0x1e50 [ 923.500664][ T6970] ? get_page_from_freelist+0x7c0/0x7c0 [ 923.506202][ T6970] ? __zone_watermark_ok+0x91/0x280 [ 923.511370][ T6970] __alloc_pages_nodemask+0x5cb/0x7c0 [ 923.516736][ T6970] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 923.522253][ T6970] ? copy_process+0x5a4/0x5110 [ 923.526999][ T6970] ? copy_process+0x5a4/0x5110 [ 923.531751][ T6970] ? kmem_cache_alloc+0x1d5/0x260 [ 923.536760][ T6970] copy_process+0x5f3/0x5110 [ 923.541324][ T6970] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 923.547013][ T6970] ? _raw_spin_lock+0xa1/0x170 [ 923.551761][ T6970] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 923.557538][ T6970] ? __lru_cache_add+0x1a1/0x1f0 [ 923.562462][ T6970] ? fork_idle+0x290/0x290 [ 923.566856][ T6970] _do_fork+0x196/0x920 [ 923.570984][ T6970] ? finish_fault+0x230/0x230 [ 923.575642][ T6970] ? up_write+0xa1/0x190 [ 923.579871][ T6970] ? dup_mm+0x300/0x300 [ 923.583999][ T6970] __x64_sys_clone+0x25e/0x2c0 [ 923.588736][ T6970] ? __ia32_sys_vfork+0x110/0x110 [ 923.593734][ T6970] ? do_user_addr_fault+0x55c/0x9f0 [ 923.598902][ T6970] do_syscall_64+0xcb/0x150 [ 923.603391][ T6970] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 923.609271][ T6970] RIP: 0033:0x45fc09 [ 923.613146][ T6970] Code: ff 48 85 f6 0f 84 87 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 5e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 923.632722][ T6970] RSP: 002b:00007ffe1c1b8898 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 923.641105][ T6970] RAX: ffffffffffffffda RBX: 00007f1e05a0b700 RCX: 000000000045fc09 [ 923.649049][ T6970] RDX: 00007f1e05a0b9d0 RSI: 00007f1e05a0adb0 RDI: 00000000003d0f00 [ 923.657255][ T6970] RBP: 00007ffe1c1b8ac0 R08: 00007f1e05a0b700 R09: 00007f1e05a0b700 [ 923.665198][ T6970] R10: 00007f1e05a0b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 923.673141][ T6970] R13: 00007ffe1c1b894f R14: 00007f1e05a0b9c0 R15: 000000000118cfec [ 923.682561][ T6970] Mem-Info: [ 923.686350][ T6970] active_anon:1404235 inactive_anon:10892 isolated_anon:0 [ 923.686350][ T6970] active_file:339 inactive_file:384 isolated_file:52 [ 923.686350][ T6970] unevictable:0 dirty:16 writeback:0 unstable:0 [ 923.686350][ T6970] slab_reclaimable:6960 slab_unreclaimable:77504 [ 923.686350][ T6970] mapped:60767 shmem:10960 pagetables:44424 bounce:0 [ 923.686350][ T6970] free:11580 free_pcp:43 free_cma:0 [ 923.725116][ T6970] Node 0 active_anon:5616940kB inactive_anon:43568kB active_file:1356kB inactive_file:1636kB unevictable:0kB isolated(anon):0kB isolated(file):208kB mapped:243068kB dirty:64kB writeback:0kB shmem:43840kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 923.750257][ T6970] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 923.776880][ T6970] lowmem_reserve[]: 0 2912 6416 6416 [ 923.782855][ T6970] DMA32 free:24072kB min:20548kB low:23528kB high:26508kB active_anon:2744228kB inactive_anon:12756kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:0kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25568kB pagetables:57652kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 923.842832][ T6970] lowmem_reserve[]: 0 0 3504 3504 [ 923.859518][ T6970] Normal free:5756kB min:5592kB low:9180kB high:12768kB active_anon:2872316kB inactive_anon:30812kB active_file:1224kB inactive_file:1344kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26752kB pagetables:120044kB bounce:0kB free_pcp:604kB local_pcp:548kB free_cma:0kB [ 923.927443][ T6970] lowmem_reserve[]: 0 0 0 0 [ 923.937868][ T6970] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 923.981850][ T6970] DMA32: 170*4kB (UMEH) 105*8kB (UMEH) 605*16kB (UMEH) 307*32kB (UMEH) 48*64kB (UME) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24224kB [ 923.998456][ T6970] Normal: 3*4kB (UE) 3*8kB (UE) 28*16kB (UMEH) 48*32kB (UMEH) 2*64kB (EH) 25*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5348kB [ 924.015481][ T6970] 11505 total pagecache pages [ 924.020788][ T6970] 0 pages in swap cache [ 924.025637][ T6970] Swap cache stats: add 0, delete 0, find 0/0 [ 924.032407][ T6970] Free swap = 0kB [ 924.036787][ T6970] Total swap = 0kB [ 924.041061][ T6970] 1965979 pages RAM [ 924.045658][ T6970] 0 pages HighMem/MovableOnly [ 924.050902][ T6970] 318829 pages reserved [ 924.055790][ T6970] 0 pages cma reserved [ 924.060365][ T6970] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=30602,uid=0 [ 924.075321][ T6970] Out of memory: Killed process 30602 (syz-executor.5) total-vm:85476kB, anon-rss:16432kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:168kB oom_score_adj:1000 [ 924.097313][ T23] oom_reaper: reaped process 30602 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 924.262067][ T6972] loop4: p1 < > p2 p3 < p5 p6 > p4 [ 924.267862][ T6972] loop4: partition table partially beyond EOD, truncated [ 924.308325][ T154] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 924.318142][ T6972] loop4: p1 start 1 is beyond EOD, truncated [ 924.324172][ T154] loop0: partition table partially beyond EOD, truncated [ 924.330370][ T6972] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 924.346384][ T154] loop0: p1 start 210 is beyond EOD, truncated [ 924.379216][ T154] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 924.386824][ T6972] loop4: p3 size 2 extends beyond EOD, truncated 12:59:50 executing program 0: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050000b8cf000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 924.994311][ T355] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 925.005989][ T355] CPU: 1 PID: 355 Comm: syz-executor.0 Tainted: G B 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 925.017351][ T355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 925.027397][ T355] Call Trace: [ 925.030686][ T355] dump_stack+0x14a/0x1ce [ 925.035008][ T355] ? devkmsg_release+0x11c/0x11c [ 925.039931][ T355] ? show_regs_print_info+0x12/0x12 [ 925.045117][ T355] ? radix_tree_cpu_dead+0x160/0x160 [ 925.050387][ T355] ? _raw_spin_lock+0xa1/0x170 [ 925.055142][ T355] ? _raw_spin_trylock_bh+0x190/0x190 [ 925.060600][ T355] dump_header+0xdb/0x700 [ 925.064932][ T355] oom_kill_process+0xd3/0x280 [ 925.069686][ T355] out_of_memory+0x5b6/0x890 [ 925.074267][ T355] ? unregister_oom_notifier+0x20/0x20 [ 925.079714][ T355] __alloc_pages_slowpath+0x16c2/0x1e50 [ 925.085254][ T355] ? get_page_from_freelist+0x7c0/0x7c0 [ 925.090794][ T355] ? __zone_watermark_ok+0x91/0x280 [ 925.095989][ T355] __alloc_pages_nodemask+0x5cb/0x7c0 [ 925.101351][ T355] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 925.107061][ T355] alloc_slab_page+0x3a/0x3a0 [ 925.111728][ T355] new_slab+0x408/0x450 [ 925.115874][ T355] ? should_fail+0x18e/0x860 [ 925.120458][ T355] ___slab_alloc+0x2e0/0x450 [ 925.125042][ T355] ? success_walk_trace+0x430/0x430 [ 925.130230][ T355] ? getname_flags+0xb8/0x610 [ 925.134926][ T355] ? getname_flags+0xb8/0x610 [ 925.139604][ T355] kmem_cache_alloc+0x23f/0x260 [ 925.144430][ T355] getname_flags+0xb8/0x610 [ 925.148905][ T355] ? user_path_mountpoint_at+0x40/0x40 [ 925.154439][ T355] user_path_at_empty+0x28/0x50 [ 925.159365][ T355] __se_sys_newlstat+0xe4/0x8b0 [ 925.164185][ T355] ? __x64_sys_newlstat+0x60/0x60 [ 925.169197][ T355] ? getname_flags+0x20d/0x610 [ 925.173949][ T355] ? getname_flags+0x20d/0x610 [ 925.178699][ T355] do_syscall_64+0xcb/0x150 [ 925.183204][ T355] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 925.189203][ T355] RIP: 0033:0x45c5f5 [ 925.193082][ T355] Code: Bad RIP value. [ 925.197123][ T355] RSP: 002b:00007ffeae1608d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 925.205542][ T355] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c5f5 [ 925.213492][ T355] RDX: 00007ffeae1608f0 RSI: 00007ffeae1608f0 RDI: 00007ffeae160980 [ 925.221448][ T355] RBP: 00000000000017fd R08: 0000000000000000 R09: 000000000000000c [ 925.229392][ T355] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffeae161a10 [ 925.237336][ T355] R13: 0000000001e61940 R14: 0000000000000000 R15: 00007ffeae161a10 [ 925.258450][ T355] Mem-Info: [ 925.261931][ T355] active_anon:1399458 inactive_anon:10892 isolated_anon:0 [ 925.261931][ T355] active_file:74 inactive_file:248 isolated_file:32 [ 925.261931][ T355] unevictable:0 dirty:18 writeback:0 unstable:0 [ 925.261931][ T355] slab_reclaimable:6960 slab_unreclaimable:77395 [ 925.261931][ T355] mapped:60324 shmem:10960 pagetables:44378 bounce:0 [ 925.261931][ T355] free:16303 free_pcp:665 free_cma:0 12:59:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 925.300475][ T355] Node 0 active_anon:5597832kB inactive_anon:43568kB active_file:596kB inactive_file:4292kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:244196kB dirty:72kB writeback:0kB shmem:43840kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 925.325379][ T355] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 925.352847][ T355] lowmem_reserve[]: 0 2912 6416 6416 [ 925.358309][ T355] DMA32 free:28384kB min:4644kB low:7624kB high:10604kB active_anon:2738900kB inactive_anon:12756kB active_file:56kB inactive_file:380kB unevictable:0kB writepending:48kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25536kB pagetables:57640kB bounce:0kB free_pcp:1572kB local_pcp:568kB free_cma:0kB [ 925.411710][ T355] lowmem_reserve[]: 0 0 3504 3504 [ 925.416803][ T355] Normal free:12104kB min:5592kB low:9180kB high:12768kB active_anon:2859304kB inactive_anon:30812kB active_file:196kB inactive_file:8312kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26720kB pagetables:119872kB bounce:0kB free_pcp:732kB local_pcp:344kB free_cma:0kB [ 925.497480][ T355] lowmem_reserve[]: 0 0 0 0 [ 925.523982][ T355] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB 12:59:51 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 925.624984][ T355] DMA32: 9*4kB (H) 34*8kB (UH) 566*16kB (UEH) 324*32kB (UEH) 54*64kB (UE) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23188kB [ 925.649260][ T355] Normal: 4*4kB (UME) 3*8kB (UME) 2*16kB (EH) 20*32kB (UEH) 18*64kB (MEH) 26*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5192kB [ 925.738306][ T355] 12907 total pagecache pages [ 925.752625][ T355] 0 pages in swap cache [ 925.763571][ T355] Swap cache stats: add 0, delete 0, find 0/0 [ 925.777882][ T355] Free swap = 0kB [ 925.786574][ T355] Total swap = 0kB [ 925.795246][ T355] 1965979 pages RAM [ 925.842807][ T355] 0 pages HighMem/MovableOnly [ 925.867176][ T355] 318829 pages reserved [ 925.883301][ T355] 0 pages cma reserved [ 925.899373][ T355] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.2,pid=6953,uid=0 [ 926.108078][ T7005] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 926.135202][ T7005] CPU: 1 PID: 7005 Comm: syz-executor.1 Tainted: G B 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 926.146668][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 926.156713][ T7005] Call Trace: [ 926.160005][ T7005] dump_stack+0x14a/0x1ce [ 926.164331][ T7005] ? devkmsg_release+0x11c/0x11c [ 926.169535][ T7005] ? show_regs_print_info+0x12/0x12 [ 926.174905][ T7005] ? radix_tree_cpu_dead+0x160/0x160 [ 926.180190][ T7005] ? _raw_spin_lock+0xa1/0x170 [ 926.184963][ T7005] ? _raw_spin_trylock_bh+0x190/0x190 [ 926.190340][ T7005] dump_header+0xdb/0x700 [ 926.194674][ T7005] oom_kill_process+0xd3/0x280 [ 926.199417][ T7005] out_of_memory+0x5b6/0x890 [ 926.203980][ T7005] ? unregister_oom_notifier+0x20/0x20 [ 926.209414][ T7005] __alloc_pages_slowpath+0x16c2/0x1e50 [ 926.215079][ T7005] ? get_page_from_freelist+0x7c0/0x7c0 [ 926.220612][ T7005] __alloc_pages_nodemask+0x5cb/0x7c0 [ 926.225966][ T7005] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 926.231489][ T7005] wp_page_copy+0x1fe/0x1120 [ 926.236073][ T7005] ? page_add_file_rmap+0x47/0x180 [ 926.241245][ T7005] ? __rcu_read_lock+0x50/0x50 [ 926.245981][ T7005] ? add_mm_rss_vec+0x270/0x270 [ 926.250805][ T7005] do_wp_page+0x68b/0x1530 [ 926.256169][ T7005] ? do_swap_page+0x1560/0x1560 [ 926.261023][ T7005] handle_mm_fault+0xfa5/0x41e0 [ 926.265870][ T7005] ? finish_fault+0x230/0x230 [ 926.270523][ T7005] ? down_read_trylock+0x17a/0x1d0 [ 926.275611][ T7005] ? vmacache_update+0x9f/0xf0 [ 926.280349][ T7005] do_user_addr_fault+0x48a/0x9f0 [ 926.285348][ T7005] page_fault+0x2f/0x40 [ 926.289496][ T7005] RIP: 0033:0x405a75 [ 926.293377][ T7005] Code: 48 8b 70 30 ff 70 58 4c 8b 48 50 4c 8b 40 48 31 c0 e8 bf 77 05 00 48 89 c5 48 83 fd ff 58 0f 94 c0 38 05 00 e1 29 01 5a 72 0d 16 1d 01 00 48 89 eb e9 30 ff ff ff 48 8b b3 e0 b6 4d 00 bf 11 [ 926.312961][ T7005] RSP: 002b:00007fe4de126c90 EFLAGS: 00010202 [ 926.319004][ T7005] RAX: 0000000000000000 RBX: 0000000000001f40 RCX: 000000000045d239 [ 926.326948][ T7005] RDX: 00000000004056bc RSI: 0000000000000000 RDI: 0000000004084000 [ 926.334895][ T7005] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 926.342838][ T7005] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d12c [ 926.351216][ T7005] R13: 00007ffea068e98f R14: 00007fe4de1279c0 R15: 000000000118d12c [ 926.591641][ T7005] Mem-Info: [ 926.594811][ T7005] active_anon:1404212 inactive_anon:10892 isolated_anon:0 [ 926.594811][ T7005] active_file:118 inactive_file:138 isolated_file:36 [ 926.594811][ T7005] unevictable:0 dirty:27 writeback:0 unstable:0 [ 926.594811][ T7005] slab_reclaimable:6960 slab_unreclaimable:77467 [ 926.594811][ T7005] mapped:60458 shmem:10960 pagetables:44431 bounce:0 [ 926.594811][ T7005] free:11749 free_pcp:117 free_cma:0 [ 926.638750][ T7005] Node 0 active_anon:5616848kB inactive_anon:43568kB active_file:368kB inactive_file:552kB unevictable:0kB isolated(anon):0kB isolated(file):144kB mapped:241632kB dirty:108kB writeback:0kB shmem:43840kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 926.701647][ T7005] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 926.741619][ T7005] lowmem_reserve[]: 0 2912 6416 6416 [ 926.746966][ T7005] DMA32 free:25248kB min:4644kB low:7624kB high:10604kB active_anon:2744456kB inactive_anon:12756kB active_file:208kB inactive_file:88kB unevictable:0kB writepending:64kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25632kB pagetables:57616kB bounce:0kB free_pcp:376kB local_pcp:12kB free_cma:0kB [ 926.800685][ T7005] lowmem_reserve[]: 0 0 3504 3504 [ 926.806146][ T7005] Normal free:9876kB min:5592kB low:9180kB high:12768kB active_anon:2868584kB inactive_anon:30812kB active_file:596kB inactive_file:868kB unevictable:0kB writepending:144kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26656kB pagetables:120108kB bounce:0kB free_pcp:1840kB local_pcp:1540kB free_cma:0kB [ 926.837547][ T7005] lowmem_reserve[]: 0 0 0 0 [ 926.845292][ T154] loop0: p3 size 2 extends beyond EOD, truncated [ 926.852753][ T7005] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 926.858023][ T154] loop0: p4 size 32768 extends beyond EOD, truncated [ 926.866302][ T6972] loop4: p4 size 32768 extends beyond EOD, truncated [ 926.880445][ T7005] DMA32: 315*4kB (UMEH) 159*8kB (UMH) 571*16kB (UMEH) 348*32kB (UMEH) 69*64kB (UME) 5*128kB (UM) 4*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 29396kB 12:59:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0x0, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:52 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 926.883115][ T154] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 926.897030][ T6972] loop4: p5 size 1073741824 extends beyond EOD, truncated [ 926.926629][ T6972] loop4: p6 size 32768 extends beyond EOD, truncated [ 926.935202][ T154] loop0: p6 size 32768 extends beyond EOD, truncated [ 926.963134][ T7005] Normal: 535*4kB (UM) 164*8kB (UM) 15*16kB (MH) 28*32kB (UMH) 19*64kB (MEH) 26*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9132kB [ 926.981313][ T7005] 12835 total pagecache pages [ 926.987022][ T7005] 0 pages in swap cache [ 926.992236][ T7005] Swap cache stats: add 0, delete 0, find 0/0 [ 927.000586][ T7005] Free swap = 0kB 12:59:52 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050004f501000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 927.011863][ T7005] Total swap = 0kB [ 927.018012][ T7005] 1965979 pages RAM [ 927.022544][ T7005] 0 pages HighMem/MovableOnly [ 927.029942][ T7005] 318829 pages reserved [ 927.059969][ T7005] 0 pages cma reserved 12:59:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 927.119290][ T7005] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=31531,uid=0 [ 927.169120][ T7005] Out of memory: Killed process 31531 (syz-executor.1) total-vm:85608kB, anon-rss:16572kB, file-rss:34496kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 12:59:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 927.375106][ T7020] loop0: p1 < > p2 p3 < p5 p6 > p4 [ 927.380855][ T7020] loop0: partition table partially beyond EOD, truncated [ 927.410758][ T7020] loop0: p1 start 207 is beyond EOD, truncated 12:59:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 927.443315][ T7020] loop0: p2 size 1073741824 extends beyond EOD, truncated [ 927.463877][ T7020] loop0: p3 size 2 extends beyond EOD, truncated [ 927.471170][ T7020] loop0: p4 size 32768 extends beyond EOD, truncated 12:59:53 executing program 2: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="0201050001dc01000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) [ 927.556636][ T7020] loop0: p5 size 1073741824 extends beyond EOD, truncated [ 927.602784][ T7020] loop0: p6 size 32768 extends beyond EOD, truncated 12:59:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 927.702116][ T7047] loop2: p1 < > p2 p3 < p5 p6 > p4 [ 927.707743][ T7047] loop2: partition table partially beyond EOD, truncated [ 927.715856][ T7047] loop2: p1 start 1 is beyond EOD, truncated [ 927.722382][ T7047] loop2: p2 size 1073741824 extends beyond EOD, truncated [ 927.730801][ T7047] loop2: p3 size 2 extends beyond EOD, truncated [ 927.739002][ T7047] loop2: p4 size 32768 extends beyond EOD, truncated [ 927.746926][ T7047] loop2: p5 size 1073741824 extends beyond EOD, truncated [ 927.755133][ T7047] loop2: p6 size 32768 extends beyond EOD, truncated [ 927.782017][ T7049] loop4: p1 < > p2 p3 < p5 p6 > p4 12:59:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x0, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:53 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 927.799559][ T7049] loop4: partition table partially beyond EOD, truncated [ 927.822543][ T7049] loop4: p1 start 1 is beyond EOD, truncated [ 927.880779][ T7049] loop4: p2 size 1073741824 extends beyond EOD, truncated [ 927.919543][ T7049] loop4: p3 size 2 extends beyond EOD, truncated [ 927.930197][ T7049] loop4: p4 size 32768 extends beyond EOD, truncated [ 927.942120][ T7049] loop4: p5 size 1073741824 extends beyond EOD, truncated 12:59:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) 12:59:53 executing program 4: syz_read_part_table(0x0, 0x1bf, &(0x7f0000000080)=[{&(0x7f0000000000)="02010500bcf801000000ff07000000fffffffd000800000000000000004000ffffff8500000000000000887700720030b5829237c300000000000080000055aa", 0x40, 0x1c0}]) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 12:59:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 927.987794][ T7049] loop4: p6 size 32768 extends beyond EOD, truncated 12:59:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) [ 928.542844][ T7079] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 928.571940][ T7079] CPU: 0 PID: 7079 Comm: syz-executor.0 Tainted: G B 5.4.58-syzkaller-00208-gfc9e35d72c06 #0 [ 928.583408][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 928.593979][ T7079] Call Trace: [ 928.597275][ T7079] dump_stack+0x14a/0x1ce [ 928.601601][ T7079] ? devkmsg_release+0x11c/0x11c [ 928.606533][ T7079] ? show_regs_print_info+0x12/0x12 [ 928.611728][ T7079] ? radix_tree_cpu_dead+0x160/0x160 [ 928.617009][ T7079] ? _raw_spin_lock+0xa1/0x170 [ 928.621779][ T7079] ? _raw_spin_trylock_bh+0x190/0x190 [ 928.627366][ T7079] dump_header+0xdb/0x700 [ 928.631677][ T7079] oom_kill_process+0xd3/0x280 [ 928.636413][ T7079] out_of_memory+0x5b6/0x890 [ 928.640979][ T7079] ? unregister_oom_notifier+0x20/0x20 [ 928.646412][ T7079] __alloc_pages_slowpath+0x16c2/0x1e50 [ 928.651954][ T7079] ? get_page_from_freelist+0x7c0/0x7c0 [ 928.657495][ T7079] ? __zone_watermark_ok+0x91/0x280 [ 928.662663][ T7079] __alloc_pages_nodemask+0x5cb/0x7c0 [ 928.670887][ T7079] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 928.676406][ T7079] ? copy_process+0x5a4/0x5110 [ 928.681146][ T7079] ? kmem_cache_alloc+0x1d5/0x260 [ 928.686143][ T7079] copy_process+0x5f3/0x5110 [ 928.690707][ T7079] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 928.696514][ T7079] ? _raw_spin_lock+0xa1/0x170 [ 928.701252][ T7079] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 928.707039][ T7079] ? __lru_cache_add+0x1a1/0x1f0 [ 928.711965][ T7079] ? fork_idle+0x290/0x290 [ 928.716354][ T7079] _do_fork+0x196/0x920 [ 928.720483][ T7079] ? finish_fault+0x230/0x230 [ 928.725131][ T7079] ? up_write+0xa1/0x190 [ 928.729346][ T7079] ? dup_mm+0x300/0x300 [ 928.733477][ T7079] __x64_sys_clone+0x25e/0x2c0 [ 928.738217][ T7079] ? __ia32_sys_vfork+0x110/0x110 [ 928.743216][ T7079] ? do_user_addr_fault+0x55c/0x9f0 [ 928.748403][ T7079] do_syscall_64+0xcb/0x150 [ 928.752991][ T7079] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 928.758871][ T7079] RIP: 0033:0x45fc09 [ 928.762739][ T7079] Code: ff 48 85 f6 0f 84 87 8a fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 5e 8a fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 928.782926][ T7079] RSP: 002b:00007ffeae1616d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 928.791322][ T7079] RAX: ffffffffffffffda RBX: 00007f4b5e1cb700 RCX: 000000000045fc09 [ 928.799276][ T7079] RDX: 00007f4b5e1cb9d0 RSI: 00007f4b5e1cadb0 RDI: 00000000003d0f00 [ 928.807234][ T7079] RBP: 00007ffeae161900 R08: 00007f4b5e1cb700 R09: 00007f4b5e1cb700 [ 928.815180][ T7079] R10: 00007f4b5e1cb9d0 R11: 0000000000000202 R12: 0000000000000000 [ 928.823228][ T7079] R13: 00007ffeae16178f R14: 00007f4b5e1cb9c0 R15: 000000000118cf4c [ 928.832185][ T7079] Mem-Info: [ 928.835891][ T7079] active_anon:1401749 inactive_anon:10887 isolated_anon:0 [ 928.835891][ T7079] active_file:194 inactive_file:371 isolated_file:32 [ 928.835891][ T7079] unevictable:0 dirty:0 writeback:25 unstable:0 [ 928.835891][ T7079] slab_reclaimable:6983 slab_unreclaimable:77892 [ 928.835891][ T7079] mapped:60686 shmem:10955 pagetables:44569 bounce:0 [ 928.835891][ T7079] free:13395 free_pcp:21 free_cma:0 [ 928.937808][ T7079] Node 0 active_anon:5607076kB inactive_anon:43544kB active_file:820kB inactive_file:2840kB unevictable:0kB isolated(anon):0kB isolated(file):156kB mapped:243812kB dirty:56kB writeback:44kB shmem:43812kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 929.045777][ T7079] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 929.075087][ T7079] lowmem_reserve[]: 0 2912 6416 6416 [ 929.081337][ T7079] DMA32 free:22992kB min:4644kB low:7624kB high:10604kB active_anon:2741228kB inactive_anon:12752kB active_file:824kB inactive_file:776kB unevictable:0kB writepending:24kB present:3129332kB managed:2983768kB mlocked:0kB kernel_stack:25600kB pagetables:58272kB bounce:0kB free_pcp:608kB local_pcp:192kB free_cma:0kB [ 929.153255][ T7079] lowmem_reserve[]: 0 0 3504 3504 [ 929.158817][ T7079] Normal free:13164kB min:5592kB low:9180kB high:12768kB active_anon:2865848kB inactive_anon:30792kB active_file:464kB inactive_file:504kB unevictable:0kB writepending:120kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:26848kB pagetables:120184kB bounce:0kB free_pcp:428kB local_pcp:56kB free_cma:0kB [ 929.190439][ T7079] lowmem_reserve[]: 0 0 0 0 [ 929.199213][ T7079] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 929.219198][ T7079] DMA32: 348*4kB (UMEH) 151*8kB (UMH) 421*16kB (UMEH) 296*32kB (UMEH) 88*64kB (UME) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24824kB [ 929.235584][ T7079] Normal: 400*4kB (UME) 241*8kB (UME) 125*16kB (UMEH) 54*32kB (UMEH) 21*64kB (MEH) 25*128kB (ME) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11800kB 12:59:55 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x2, &(0x7f00000002c0)=[{0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r2, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:55 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, 0x0}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x5, @remote, 0x156aec58}, 0x1c) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) keyctl$read(0xb, 0x0, &(0x7f0000000000)=""/24, 0x18) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r4, &(0x7f00000017c0), 0x375, 0x0, 0x0) clone(0x4084000, 0x0, 0x0, 0x0, 0x0) 12:59:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x3, &(0x7f00000002c0)=[{0x4, 0x0, 0x81, 0x3}, {0x0, 0x7f, 0x0, 0x4}, {0xec, 0x1f, 0x6, 0x4}]}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0) socket$inet6(0xa, 0x2, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, &(0x7f00000001c0)=0x1) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0x37fd, 0x6}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='stack\x00') preadv(r1, &(0x7f00000017c0), 0x375, 0x0, 0x0) [ 929.253120][ T7079] 12096 total pagecache pages [ 929.258286][ T7079] 0 pages in swap cache [ 929.263078][ T7079] Swap cache stats: add 0, delete 0, find 0/0 [ 929.269643][ T7079] Free swap = 0kB [ 929.282216][ T7079] Total swap = 0kB [ 929.288820][ T7079] 1965979 pages RAM [ 929.297080][ T7079] 0 pages HighMem/MovableOnly [ 929.309570][ T7079] 318829 pages reserved [ 929.318701][ T7079] 0 pages cma reserved [ 929.323414][ T7079] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=2997,uid=0 [ 929.337867][ T7079] Out of memory: Killed process 2997 (syz-executor.1) total-vm:85740kB, anon-rss:16564kB, file-rss:34496kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000