program:
syz_read_part_table(0x1043, &(0x7f0000002c00)="$eJzsz9EJwjAUhtHfQFp1CV2q8yiO4wxO4yKRRME6gIhwzkO5X0kuJPzWPsd1tm3/TmOut5o6pjLydWTE5uPSO8v6/ynn1i5zmw6Ze/fdZbkn2T13LNfvPAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ssjAAD//08+Cgo=")
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f00000001c0)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@errors_continue}, {@orlov}, {@user_xattr}, {@quota}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000540), 0x1, 0x4a3, &(0x7f0000000580)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9IE3XjSl0UxIIbhRqTaayZZEJmUpvQRaq7LlyIoiAu3PsXuLEriyCudS8upKI1ggrCyDkzk+Zr4qBpBnJ+Pzid95z3dJ73zfC8nHnPOXMCyKyzyT+5iMGI+DwijjZWN+9wtvGydv/mVLLkol6//F0u3S9Zb+3a+n9HImI1Ivoi4tknI17KbY9bXV6ZnSyXS4vN9WJtbqFYXV65cG1ucqY0U5ofGb84MTE+PDY6sWd9vf3GK7cvffR074c/vX7v7puffJw0a7BZt7Efe6nR9Z44vmHboYh4/GEE64JCsz/93W4If0jy+f0tIs6l+X80CumnCWRBvV6v/1o/3K56tQ4cWPn0GDiXH4qIRjmfHxpqHMP/PQby5Uq19v+rlaX56cax8rHoyV+9Vi4NN78rHIueXLI+kpYfrI9uWR+LSI+B3yr0p+tDU5Xy9P4OdcAWR7bk/4+FRv4DGeErP2SX/Ifskv+QXfIfskv+Q3bJf8gu+Q/ZJf8hu+Q/ZJf8h+yS/5BJz1y6lCz11v3v09eXl2Yr1y9Ml6qzQ3NLU0NTlcWFoZlKZSa9Z2fu996vXKksjDwSSzeKtVK1Vqwur1yZqyzN166k9/VfKfXsS6+AThw/c+fLXESsPtqfLoneZp1chYOtXs9Ft+9BBrqj0O0BCOgaU3+QXb7jAzv8RO8mfe0qFva+LcD+yHe7AUDXnD/l/B9klfl/yC7z/5BdjvEB8/+QPeb/IbsG2zz/6y8bnt01HBF/jYgvCj2HW8/6Ag6C/De55vH/+aP/Htxa25v7OT1F0BsRr753+Z0bk7Xa4kiy/fv17bV3m9tHu9F+oFOtPG3lMQCQXWv3b061lv2M++0TjYsQtsc/1Jyb7EvPUQ6s5TZdq5Dbo2sXVm9FxMmd4ueazztvnPkYWCtsi3+i+ZprvEXa3kPpc9P3J/6pDfH/tSH+6T/9V4FsuJOMP8M75V8+zelYz7/N48/gHl070X78y6+Pf4U249+ZDmO8/P5rX7eNfyvi9I7xW/H60lhb4ydtO99h/HsvPPePdnX1Dxrvs1P8lqRUrM0tFKvLKxfS35GbKc2PjF+cmBgfHhudKKZz1MXWTPV2j5387O5u/R9oE3+3/ifb/tth/3/556fPn90l/n/O7fz5n9glfn9E/K/D+D+MfvViu7ok/nSb/ud3iZ9sG+swfvXtpw53uCsAsA+qyyuzk+VyaVFBQUFhvdDtkQl42B4kfbdbAgAAAAAAAAAAAHRqPy4n7nYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOgt8CAAD//1kn1ls=")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x107041, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x105042, 0x40)
write$cgroup_subtree(r1, 0x0, 0x32600)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000080), &(0x7f00000002c0)=0xc)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r2, 0x8028640c, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
recvfrom(r0, &(0x7f0000001600)=""/4096, 0x1000, 0x20043, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x44}}, 0x2, 0x4, 0x4, 0x2}}, 0x80)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

[   86.149441][   T45] Bluetooth: hci0: command tx timeout
[   86.375418][ T5362] loop0: detected capacity change from 0 to 8192
[   86.425157][ T5362]  loop0: p2 p3 p4[EZD]
[   86.426967][ T5362] loop0: partition table partially beyond EOD, truncated
[   86.438723][ T5362] loop0: p2 size 2130706432 extends beyond EOD, truncated
[   86.460100][ T5362] loop0: p3 start 458783 is beyond EOD, truncated
[   86.464582][ T5362] loop0: p4 size 65536 extends beyond EOD, truncated
[   86.526359][ T5362] loop0: detected capacity change from 0 to 512
[   86.573178][ T3027] I/O error, dev loop0, sector 2424 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   86.595221][ T3027] ==================================================================
[   86.598809][ T3027] BUG: KASAN: slab-use-after-free in update_io_ticks+0x9a/0x260
[   86.602277][ T3027] Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027
[   86.606533][ T3027] 
[   86.607831][ T3027] CPU: 0 UID: 0 PID: 3027 Comm: kworker/u4:11 Not tainted 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) 
[   86.607849][ T3027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.607859][ T3027] Workqueue: loop0 loop_workfn
[   86.607922][ T3027] Call Trace:
[   86.607930][ T3027]  <TASK>
[   86.607936][ T3027]  dump_stack_lvl+0x189/0x250
[   86.607952][ T3027]  ? __kasan_check_byte+0x12/0x40
[   86.607967][ T3027]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.607980][ T3027]  ? lock_release+0x4b/0x3e0
[   86.607998][ T3027]  ? __virt_addr_valid+0x4a5/0x5c0
[   86.608013][ T3027]  print_report+0xca/0x240
[   86.608022][ T3027]  ? update_io_ticks+0x9a/0x260
[   86.608035][ T3027]  kasan_report+0x118/0x150
[   86.608049][ T3027]  ? update_io_ticks+0x9a/0x260
[   86.608063][ T3027]  update_io_ticks+0x9a/0x260
[   86.608075][ T3027]  ? ktime_get+0x3e/0x1f0
[   86.608088][ T3027]  ? __pfx_update_io_ticks+0x10/0x10
[   86.608101][ T3027]  ? kmem_cache_free+0x309/0x400
[   86.608116][ T3027]  blk_account_io_done+0x19b/0x780
[   86.608132][ T3027]  __blk_mq_end_request+0x2af/0x600
[   86.608145][ T3027]  lo_rw_aio+0xd75/0xfa0
[   86.608157][ T3027]  ? __pfx_lo_rw_aio+0x10/0x10
[   86.608169][ T3027]  ? kthread_associate_blkcg+0x491/0x600
[   86.608184][ T3027]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.608234][ T3027]  loop_process_work+0x835/0xf90
[   86.608249][ T3027]  ? __pfx_loop_process_work+0x10/0x10
[   86.608260][ T3027]  ? do_raw_spin_lock+0x121/0x290
[   86.608276][ T3027]  ? look_up_lock_class+0x74/0x170
[   86.608289][ T3027]  ? register_lock_class+0x51/0x320
[   86.608305][ T3027]  ? __lock_acquire+0xab9/0xd20
[   86.608324][ T3027]  ? process_scheduled_works+0x9ef/0x17b0
[   86.608336][ T3027]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.608348][ T3027]  ? process_scheduled_works+0x9ef/0x17b0
[   86.608357][ T3027]  ? process_scheduled_works+0x9ef/0x17b0
[   86.608367][ T3027]  process_scheduled_works+0xade/0x17b0
[   86.608384][ T3027]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.608397][ T3027]  worker_thread+0x8a0/0xda0
[   86.608416][ T3027]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.608429][ T3027]  ? __kthread_parkme+0x7b/0x200
[   86.608442][ T3027]  kthread+0x70e/0x8a0
[   86.608456][ T3027]  ? __pfx_worker_thread+0x10/0x10
[   86.608466][ T3027]  ? __pfx_kthread+0x10/0x10
[   86.608478][ T3027]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.608490][ T3027]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.608502][ T3027]  ? __pfx_kthread+0x10/0x10
[   86.608514][ T3027]  ret_from_fork+0x3fc/0x770
[   86.608527][ T3027]  ? __pfx_ret_from_fork+0x10/0x10
[   86.608540][ T3027]  ? __pfx_kthread+0x10/0x10
[   86.608553][ T3027]  ret_from_fork_asm+0x1a/0x30
[   86.608571][ T3027]  </TASK>
[   86.608575][ T3027] 
[   86.727524][ T3027] Allocated by task 5362:
[   86.729379][ T3027]  kasan_save_track+0x3e/0x80
[   86.731382][ T3027]  __kasan_slab_alloc+0x6c/0x80
[   86.733583][ T3027]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[   86.736817][ T3027]  bdev_alloc_inode+0x29/0x90
[   86.739195][ T3027]  alloc_inode+0x67/0x1b0
[   86.741277][ T3027]  new_inode+0x22/0x170
[   86.743238][ T3027]  bdev_alloc+0x26/0x380
[   86.745384][ T3027]  add_partition+0x1c3/0x8e0
[   86.747463][ T3027]  bdev_disk_changed+0xb50/0x14b0
[   86.750179][ T3027]  loop_set_status+0x85a/0xb40
[   86.752789][ T3027]  lo_ioctl+0x9af/0x1d00
[   86.754785][ T3027]  blkdev_ioctl+0x5a8/0x6d0
[   86.756793][ T3027]  __se_sys_ioctl+0xfc/0x170
[   86.758747][ T3027]  do_syscall_64+0xfa/0x3b0
[   86.760688][ T3027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.763023][ T3027] 
[   86.764032][ T3027] Freed by task 15:
[   86.766061][ T3027]  kasan_save_track+0x3e/0x80
[   86.768490][ T3027]  kasan_save_free_info+0x46/0x50
[   86.771272][ T3027]  __kasan_slab_free+0x5b/0x80
[   86.773388][ T3027]  kmem_cache_free+0x18f/0x400
[   86.775742][ T3027]  rcu_core+0xca8/0x1770
[   86.777467][ T3027]  handle_softirqs+0x283/0x870
[   86.779384][ T3027]  run_ksoftirqd+0x9b/0x100
[   86.781272][ T3027]  smpboot_thread_fn+0x53f/0xa60
[   86.783311][ T3027]  kthread+0x70e/0x8a0
[   86.785093][ T3027]  ret_from_fork+0x3fc/0x770
[   86.787078][ T3027]  ret_from_fork_asm+0x1a/0x30
[   86.789624][ T3027] 
[   86.790608][ T3027] Last potentially related work creation:
[   86.793155][ T3027]  kasan_save_stack+0x3e/0x60
[   86.795270][ T3027]  kasan_record_aux_stack+0xbd/0xd0
[   86.798260][ T3027]  call_rcu+0x157/0x9c0
[   86.800577][ T3027]  evict+0x847/0x9c0
[   86.802722][ T3027]  device_release+0x99/0x1c0
[   86.805323][ T3027]  kobject_put+0x22b/0x480
[   86.808162][ T3027]  blkdev_release+0x15/0x20
[   86.810253][ T3027]  __fput+0x449/0xa70
[   86.812223][ T3027]  task_work_run+0x1d4/0x260
[   86.814162][ T3027]  exit_to_user_mode_loop+0xec/0x110
[   86.816447][ T3027]  do_syscall_64+0x2bd/0x3b0
[   86.818551][ T3027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.821078][ T3027] 
[   86.822126][ T3027] The buggy address belongs to the object at ffff88803215e780
[   86.822126][ T3027]  which belongs to the cache bdev_cache of size 2792
[   86.827874][ T3027] The buggy address is located 40 bytes inside of
[   86.827874][ T3027]  freed 2792-byte region [ffff88803215e780, ffff88803215f268)
[   86.833523][ T3027] 
[   86.834576][ T3027] The buggy address belongs to the physical page:
[   86.837284][ T3027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32158
[   86.841327][ T3027] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.845553][ T3027] memcg:ffff888052e26701
[   86.847625][ T3027] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   86.850785][ T3027] page_type: f5(slab)
[   86.852384][ T3027] raw: 04fff00000000040 ffff88801bed7280 dead000000000122 0000000000000000
[   86.857095][ T3027] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff888052e26701
[   86.861735][ T3027] head: 04fff00000000040 ffff88801bed7280 dead000000000122 0000000000000000
[   86.865805][ T3027] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff888052e26701
[   86.869658][ T3027] head: 04fff00000000003 ffffea0000c85601 00000000ffffffff 00000000ffffffff
[   86.873323][ T3027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   86.877271][ T3027] page dumped because: kasan: bad access detected
[   86.880165][ T3027] page_owner tracks the page as allocated
[   86.882798][ T3027] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 11814848371, free_ts 0
[   86.892368][ T3027]  post_alloc_hook+0x240/0x2a0
[   86.894546][ T3027]  get_page_from_freelist+0x21e4/0x22c0
[   86.897171][ T3027]  __alloc_frozen_pages_noprof+0x181/0x370
[   86.899588][ T3027]  alloc_pages_mpol+0x232/0x4a0
[   86.901757][ T3027]  allocate_slab+0x8a/0x370
[   86.903647][ T3027]  ___slab_alloc+0xbeb/0x1410
[   86.905804][ T3027]  kmem_cache_alloc_lru_noprof+0x288/0x3d0
[   86.908702][ T3027]  bdev_alloc_inode+0x29/0x90
[   86.910876][ T3027]  alloc_inode+0x67/0x1b0
[   86.912893][ T3027]  new_inode+0x22/0x170
[   86.914884][ T3027]  bdev_alloc+0x26/0x380
[   86.916875][ T3027]  __alloc_disk_node+0x11c/0x540
[   86.919072][ T3027]  __blk_mq_alloc_disk+0x196/0x340
[   86.921726][ T3027]  nbd_dev_add+0x46c/0xae0
[   86.924028][ T3027]  nbd_init+0x168/0x1f0
[   86.926525][ T3027]  do_one_initcall+0x233/0x820
[   86.928702][ T3027] page_owner free stack trace missing
[   86.930975][ T3027] 
[   86.932084][ T3027] Memory state around the buggy address:
[   86.934741][ T3027]  ffff88803215e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[   86.938448][ T3027]  ffff88803215e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.942264][ T3027] >ffff88803215e780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.946352][ T3027]                                   ^
[   86.948993][ T3027]  ffff88803215e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.952535][ T3027]  ffff88803215e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.956351][ T3027] ==================================================================
[   86.961196][ T3027] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.964540][ T3027] CPU: 0 UID: 0 PID: 3027 Comm: kworker/u4:11 Not tainted 6.16.0-syzkaller-12250-gc30a13538d9f #0 PREEMPT(full) 
[   86.970619][ T3027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.975294][ T3027] Workqueue: loop0 loop_workfn
[   86.977225][ T3027] Call Trace:
[   86.978645][ T3027]  <TASK>
[   86.980438][ T3027]  dump_stack_lvl+0x99/0x250
[   86.982875][ T3027]  ? __asan_memcpy+0x40/0x70
[   86.985259][ T3027]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.987777][ T3027]  ? __pfx__printk+0x10/0x10
[   86.989890][ T3027]  vpanic+0x281/0x750
[   86.991705][ T3027]  ? __pfx_vpanic+0x10/0x10
[   86.993670][ T3027]  ? irqentry_exit+0x74/0x90
[   86.995984][ T3027]  panic+0xb9/0xc0
[   86.997837][ T3027]  ? __pfx_panic+0x10/0x10
[   86.999914][ T3027]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   87.002400][ T3027]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   87.004874][ T3027]  ? update_io_ticks+0x9a/0x260
[   87.007150][ T3027]  check_panic_on_warn+0x89/0xb0
[   87.009326][ T3027]  ? update_io_ticks+0x9a/0x260
[   87.011111][ T3027]  end_report+0x78/0x160
[   87.012779][ T3027]  kasan_report+0x129/0x150
[   87.015205][ T3027]  ? update_io_ticks+0x9a/0x260
[   87.017766][ T3027]  update_io_ticks+0x9a/0x260
[   87.020063][ T3027]  ? ktime_get+0x3e/0x1f0
[   87.021874][ T3027]  ? __pfx_update_io_ticks+0x10/0x10
[   87.024076][ T3027]  ? kmem_cache_free+0x309/0x400
[   87.026325][ T3027]  blk_account_io_done+0x19b/0x780
[   87.028512][ T3027]  __blk_mq_end_request+0x2af/0x600
[   87.030876][ T3027]  lo_rw_aio+0xd75/0xfa0
[   87.032717][ T3027]  ? __pfx_lo_rw_aio+0x10/0x10
[   87.035183][ T3027]  ? kthread_associate_blkcg+0x491/0x600
[   87.038258][ T3027]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.040932][ T3027]  loop_process_work+0x835/0xf90
[   87.043486][ T3027]  ? __pfx_loop_process_work+0x10/0x10
[   87.045990][ T3027]  ? do_raw_spin_lock+0x121/0x290
[   87.048199][ T3027]  ? look_up_lock_class+0x74/0x170
[   87.050381][ T3027]  ? register_lock_class+0x51/0x320
[   87.052675][ T3027]  ? __lock_acquire+0xab9/0xd20
[   87.054948][ T3027]  ? process_scheduled_works+0x9ef/0x17b0
[   87.057722][ T3027]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.060885][ T3027]  ? process_scheduled_works+0x9ef/0x17b0
[   87.063635][ T3027]  ? process_scheduled_works+0x9ef/0x17b0
[   87.066123][ T3027]  process_scheduled_works+0xade/0x17b0
[   87.068605][ T3027]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.071333][ T3027]  worker_thread+0x8a0/0xda0
[   87.073421][ T3027]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.076586][ T3027]  ? __kthread_parkme+0x7b/0x200
[   87.080115][ T3027]  kthread+0x70e/0x8a0
[   87.082423][ T3027]  ? __pfx_worker_thread+0x10/0x10
[   87.084719][ T3027]  ? __pfx_kthread+0x10/0x10
[   87.086732][ T3027]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.089218][ T3027]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.091773][ T3027]  ? __pfx_kthread+0x10/0x10
[   87.093919][ T3027]  ret_from_fork+0x3fc/0x770
[   87.096097][ T3027]  ? __pfx_ret_from_fork+0x10/0x10
[   87.098436][ T3027]  ? __pfx_kthread+0x10/0x10
[   87.100680][ T3027]  ret_from_fork_asm+0x1a/0x30
[   87.103345][ T3027]  </TASK>
[   87.105728][ T3027] Kernel Offset: disabled
[   87.108255][ T3027] Rebooting in 86400 seconds..