program: syz_read_part_table(0x105c, &(0x7f0000001080)="$eJzsz71Rw0AQBeCnQ0gioBUSOqAHEopBKZUQ0Ae9uAaPPeuR/NeB7eD7gpt7N+9mZ8N9tWxr8V+pLsmwHHPLW6bkJW0tffRTltynxlQyX77XuD91fp6/h7RNxjV9vXe7quuY1+TpePvtz29dPv9utSYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLJDAAAA//+4SRWs") syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000040)={[{@check_relaxed}, {@utf8}, {@overriderock}, {@check_strict}, {}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}, {@session={'session', 0x3d, 0x38}}, {@block={'block', 0x3d, 0x200}}, {@mode={'mode', 0x3d, 0x4}}, {@map_acorn}, {@check_strict}, {@overriderock}, {@unhide}, {@unhide}, {@check_strict}]}, 0x1, 0xa3c, &(0x7f0000000340)="$eJzs3c1vXFdfB/DvHduJ6z4kefqEUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9bHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPP3siTd+0VtZXb5TNv8vR3de7Icff3L/3eXlpQ/azi2KPczqkGnsI9drs1MLc1MzV67XqlMLc9XLFy+Onr9xbaF6bWq6tnBrYbE2U52Yr11ZnJuvDk28Uh27fPlCtTZya+7m7PXJkena6sRLvz4+Onqx+tbI79SuzC/MzZ5/a2Rh4sbU9PTU7PV6TDm7jLlU7oi/PbVYXaxdmalW795bXrqwKbOebNp/y6CxbutTBo13CxofHR8fGxsfH/us2Xv22oSLr19+/dLoaO/oJtkS8Zh2Wg6Xpzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28pl/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZpttq6P7Xe/jcjXuzU/v/GNq//y4hncnewcUnBSN7L+1nOnQynecXBYLtSV3sjaFyGMNzl3YCB5iUL312qZHjL+wH9a+vaGruU8Qy3fUegpdxiNYcLjbiex7MNAGC/ndm2HV5r/3u3a/+Ht3/939LmuqQQAA6DtR7sH3VgcOfBB72OAMBGu2+li8eTEAAAAAAAAAAAAAAAAAAAAAAAAAAAADwBdvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJ/2PkuH2A5XsTc6Hf6AnyUHV/mZ2GFwm2ZhSbuPD8tQZ2DhwwCcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9kWR9LSbXkmOJhlNcn7/s3p8Hhx0AnulurvFiod5mI9ybK/TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4qWv+/n8ljcenG5PSW0nOJrmd5HcPOsdH0d9l/sN9yuPw+YP6fcvv/1eSvqwU6W1s9hR9E5PzczPlrlAcLed//+VXX5S3jkV+ujqwtVeFsoCyhg2dSzRraJnSt3Gpn9eXGphc+vD+n7z/R9XJq/Ud8+ritenJmevzv7Ue+GzxdaMLhNZuEFbz/bOz//JXLZOPNCv/ulzT9jbXe61e7+TWen+l3dId6t2Be8tL42VNi7W3F//0Dyuts57J6eSloWRoY02/X9461HR68/O5UfFD8RfFsfxtbte3f/lsFCtFuYmO19f/qbv3lpdG3nt/+c5aTp/e+6ilgBMZTHJn41HWJafB+vmkrfpeV+krax2tB5V3J7uUt62WEsfWn9cN6/Dz+i4z8EjrUO28DnVdnvdmRhc2Z7RSHiR//ce/yLltt/TRNiWe61JjW8UPxX8VN/Kf+fOW/j8q5fY/m7ZHZ5si6pEte0rrvA2HV+Xs+pqPt854Z3OZHY9KHoPP83v5zbXtX2k5/ze3VYfjZu189GbLxA7Hzeqhtc1x0VLjluOiqdtxsfVI/YfjW1qUdfXD6OSmFql59um0TDPPk42oDnn+cl5Lek890hnltS5nlG7L7/b4/7tiKP+TB/r/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr8i6Wk3vZKcTXIiyfFyvJqsbI55sIv6KgPFbtLcM7vJ+cen6LiixcM8zEc5tt8ZAQAAAAAAAPB4XJ38/suvvihv9c/je/JrleacatKb5ETxN30Tk/NzM10K6ktur36k398+pMPk3C7vfrY+/m059lyX+g728gEA+FH7vwAAAP//N4BrqA==") r0 = creat(&(0x7f0000000040)='./file0\x00', 0x2d) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x218, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @filter_kind_options=@f_route={{0xa}, {0x184, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x168, 0x6, [@m_nat={0xb0, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x35, 0x6, "3eaed48f5023f5c36bc9d8619f3e2af20800000000000000a40bc384135c74eb813bf1cf69dbeaddd76b564e92016d53f6"}, {0xc}, {0xc}}}, @m_connmark={0x88, 0x0, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c}, @TCA_CONNMARK_PARMS={0x1c}]}, {0x1d, 0x6, "66396e732cf67237ecb590a592c571fa73ca19ec26dea927df"}, {0xc}, {0xc}}}, @m_bpf={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x218}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @random="00000400", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @multicast1}, {0x11, 0x0, 0x0, @broadcast, "feabee8a"}}}}}, 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) fallocate(r0, 0x100000011, 0x0, 0x2811fdff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000dc0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r1, &(0x7f0000000e80)={&(0x7f0000000d80), 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x28, 0x0, 0x314, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x2, 0x11}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x4000000) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000ec0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) [ 65.504256][ T4666] Bluetooth: hci0: command tx timeout [ 65.706068][ T5314] loop0: detected capacity change from 0 to 8192 [ 65.740739][ T5314] loop0: p1 p2 p3 p4 [ 65.747032][ T5314] loop0: p1 size 108922248 extends beyond EOD, truncated [ 65.759688][ T5314] loop0: p2 start 861536256 is beyond EOD, truncated [ 65.762315][ T5314] loop0: p3 start 851968 is beyond EOD, truncated [ 65.764786][ T5314] loop0: p4 size 65536 extends beyond EOD, truncated [ 65.856920][ T5314] overlay: ./file1 is not a directory [ 65.869729][ T13] operation not supported error, dev loop0, sector 0 op 0x9:(WRITE_ZEROES) flags 0x10000800 phys_seg 0 prio class 0 [ 65.905829][ T5318] udevd[5318]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 65.912837][ T5317] udevd[5317]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 65.920514][ T11] ================================================================== [ 65.923491][ T11] BUG: KASAN: slab-use-after-free in update_io_ticks+0xa6/0x2d0 [ 65.926412][ T11] Read of size 8 at addr ffff888031e4dc28 by task kworker/u4:0/11 [ 65.929384][ T11] [ 65.930226][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 65.933984][ T11] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.937868][ T11] Workqueue: loop0 loop_workfn [ 65.939657][ T11] Call Trace: [ 65.940919][ T11] [ 65.942014][ T11] dump_stack_lvl+0x241/0x360 [ 65.943761][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.945740][ T11] ? __pfx__printk+0x10/0x10 [ 65.947528][ T11] ? _printk+0xd5/0x120 [ 65.948974][ T11] ? __virt_addr_valid+0x183/0x530 [ 65.950836][ T11] ? __virt_addr_valid+0x183/0x530 [ 65.952723][ T11] print_report+0x169/0x550 [ 65.954406][ T11] ? __virt_addr_valid+0x183/0x530 [ 65.956343][ T11] ? __virt_addr_valid+0x183/0x530 [ 65.958268][ T11] ? __virt_addr_valid+0x45f/0x530 [ 65.960180][ T11] ? __phys_addr+0xba/0x170 [ 65.961926][ T11] ? update_io_ticks+0xa6/0x2d0 [ 65.963692][ T11] kasan_report+0x143/0x180 [ 65.965362][ T11] ? update_io_ticks+0xa6/0x2d0 [ 65.967213][ T11] update_io_ticks+0xa6/0x2d0 [ 65.968987][ T11] ? __pfx_update_io_ticks+0x10/0x10 [ 65.970803][ T11] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 65.973524][ T11] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 65.976045][ T11] blk_account_io_done+0x199/0x740 [ 65.978008][ T11] ? blk_stat_add+0x75/0x4a0 [ 65.979746][ T11] __blk_mq_end_request+0x270/0x5d0 [ 65.981621][ T11] loop_process_work+0x1bc8/0x21c0 [ 65.983506][ T11] ? __pfx_loop_process_work+0x10/0x10 [ 65.985540][ T11] ? register_lock_class+0x102/0x980 [ 65.987562][ T11] ? __pfx_register_lock_class+0x10/0x10 [ 65.989642][ T11] ? mark_lock+0x9a/0x360 [ 65.991260][ T11] ? debug_object_deactivate+0x2d5/0x390 [ 65.993455][ T11] ? do_raw_spin_unlock+0x58/0x8b0 [ 65.995364][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 65.997242][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 65.999480][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.001878][ T11] ? process_scheduled_works+0x976/0x1840 [ 66.004108][ T11] process_scheduled_works+0xa66/0x1840 [ 66.006197][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.008472][ T11] ? assign_work+0x364/0x3d0 [ 66.010231][ T11] worker_thread+0x870/0xd30 [ 66.012058][ T11] ? __kthread_parkme+0x169/0x1d0 [ 66.013959][ T11] ? __pfx_worker_thread+0x10/0x10 [ 66.015875][ T11] kthread+0x2f0/0x390 [ 66.017388][ T11] ? __pfx_worker_thread+0x10/0x10 [ 66.019360][ T11] ? __pfx_kthread+0x10/0x10 [ 66.021096][ T11] ret_from_fork+0x4b/0x80 [ 66.022833][ T11] ? __pfx_kthread+0x10/0x10 [ 66.024548][ T11] ret_from_fork_asm+0x1a/0x30 [ 66.026360][ T11] [ 66.027606][ T11] [ 66.028514][ T11] Allocated by task 5314: [ 66.030185][ T11] kasan_save_track+0x3f/0x80 [ 66.031961][ T11] __kasan_slab_alloc+0x66/0x80 [ 66.033818][ T11] kmem_cache_alloc_lru_noprof+0x1dd/0x390 [ 66.036026][ T11] bdev_alloc_inode+0x29/0x90 [ 66.037828][ T11] alloc_inode+0x65/0x1a0 [ 66.039461][ T11] new_inode+0x22/0x1d0 [ 66.041075][ T11] bdev_alloc+0x26/0x380 [ 66.042772][ T11] add_partition+0x1b6/0x8a0 [ 66.044556][ T11] bdev_disk_changed+0xb22/0x13f0 [ 66.046428][ T11] loop_set_status+0x70c/0x8f0 [ 66.048251][ T11] lo_ioctl+0xcbc/0x1f50 [ 66.049907][ T11] blkdev_ioctl+0x57d/0x6a0 [ 66.051690][ T11] __se_sys_ioctl+0xf5/0x170 [ 66.053443][ T11] do_syscall_64+0xf3/0x230 [ 66.055252][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.057470][ T11] [ 66.058351][ T11] Freed by task 1093: [ 66.059858][ T11] kasan_save_track+0x3f/0x80 [ 66.061628][ T11] kasan_save_free_info+0x40/0x50 [ 66.063528][ T11] __kasan_slab_free+0x59/0x70 [ 66.065343][ T11] kmem_cache_free+0x195/0x410 [ 66.067170][ T11] rcu_core+0xaaa/0x17a0 [ 66.068829][ T11] handle_softirqs+0x2d4/0x9b0 [ 66.070628][ T11] do_softirq+0x11b/0x1e0 [ 66.072243][ T11] __local_bh_enable_ip+0x1bb/0x200 [ 66.074133][ T11] batadv_nc_purge_paths+0x312/0x3b0 [ 66.076078][ T11] batadv_nc_worker+0x328/0x610 [ 66.077830][ T11] process_scheduled_works+0xa66/0x1840 [ 66.079939][ T11] worker_thread+0x870/0xd30 [ 66.081664][ T11] kthread+0x2f0/0x390 [ 66.083256][ T11] ret_from_fork+0x4b/0x80 [ 66.085017][ T11] ret_from_fork_asm+0x1a/0x30 [ 66.086727][ T11] [ 66.087613][ T11] Last potentially related work creation: [ 66.089680][ T11] kasan_save_stack+0x3f/0x60 [ 66.091456][ T11] __kasan_record_aux_stack+0xac/0xc0 [ 66.093334][ T11] call_rcu+0x167/0xa70 [ 66.094891][ T11] evict+0x836/0x9a0 [ 66.096300][ T11] device_release+0x99/0x1c0 [ 66.097988][ T11] kobject_put+0x22f/0x480 [ 66.099626][ T11] blkdev_release+0x15/0x20 [ 66.101305][ T11] __fput+0x23c/0xa50 [ 66.102804][ T11] task_work_run+0x24f/0x310 [ 66.104516][ T11] syscall_exit_to_user_mode+0x13f/0x340 [ 66.106520][ T11] do_syscall_64+0x100/0x230 [ 66.108189][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.110305][ T11] [ 66.111171][ T11] The buggy address belongs to the object at ffff888031e4dc00 [ 66.111171][ T11] which belongs to the cache bdev_cache of size 2784 [ 66.116144][ T11] The buggy address is located 40 bytes inside of [ 66.116144][ T11] freed 2784-byte region [ffff888031e4dc00, ffff888031e4e6e0) [ 66.121798][ T11] [ 66.122662][ T11] The buggy address belongs to the physical page: [ 66.125034][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31e48 [ 66.128321][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.131525][ T11] memcg:ffff888040306f81 [ 66.133108][ T11] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 66.135882][ T11] page_type: f5(slab) [ 66.137441][ T11] raw: 04fff00000000040 ffff88801c2ea3c0 dead000000000122 0000000000000000 [ 66.140540][ T11] raw: 0000000000000000 00000000800b000b 00000001f5000000 ffff888040306f81 [ 66.143645][ T11] head: 04fff00000000040 ffff88801c2ea3c0 dead000000000122 0000000000000000 [ 66.146845][ T11] head: 0000000000000000 00000000800b000b 00000001f5000000 ffff888040306f81 [ 66.150614][ T11] head: 04fff00000000003 ffffea0000c79201 ffffffffffffffff 0000000000000000 [ 66.153847][ T11] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 66.157011][ T11] page dumped because: kasan: bad access detected [ 66.159443][ T11] page_owner tracks the page as allocated [ 66.161527][ T11] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 1, tgid 1 (swapper/0), ts 11146018873, free_ts 0 [ 66.169248][ T11] post_alloc_hook+0x1f3/0x230 [ 66.170943][ T11] get_page_from_freelist+0x365c/0x37a0 [ 66.172870][ T11] __alloc_pages_noprof+0x292/0x710 [ 66.174628][ T11] alloc_pages_mpol_noprof+0x3e8/0x680 [ 66.176505][ T11] alloc_slab_page+0x6a/0x110 [ 66.178153][ T11] allocate_slab+0x5a/0x2b0 [ 66.179704][ T11] ___slab_alloc+0xc27/0x14a0 [ 66.181262][ T11] __slab_alloc+0x58/0xa0 [ 66.182865][ T11] kmem_cache_alloc_lru_noprof+0x26c/0x390 [ 66.184942][ T11] bdev_alloc_inode+0x29/0x90 [ 66.186699][ T11] alloc_inode+0x65/0x1a0 [ 66.188318][ T11] new_inode+0x22/0x1d0 [ 66.189915][ T11] bdev_alloc+0x26/0x380 [ 66.191557][ T11] __alloc_disk_node+0x12b/0x580 [ 66.193285][ T11] __blk_mq_alloc_disk+0x244/0x3d0 [ 66.195145][ T11] nbd_dev_add+0x50f/0xc60 [ 66.196880][ T11] page_owner free stack trace missing [ 66.198669][ T11] [ 66.199708][ T11] Memory state around the buggy address: [ 66.201867][ T11] ffff888031e4db00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 66.204579][ T11] ffff888031e4db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.207237][ T11] >ffff888031e4dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.209898][ T11] ^ [ 66.211768][ T11] ffff888031e4dc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.214411][ T11] ffff888031e4dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.217177][ T11] ================================================================== [ 66.220403][ T11] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 66.223072][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 [ 66.227081][ T11] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 66.231327][ T11] Workqueue: loop0 loop_workfn [ 66.233254][ T11] Call Trace: [ 66.234561][ T11] [ 66.235938][ T11] dump_stack_lvl+0x241/0x360 [ 66.238147][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.240661][ T11] ? __pfx__printk+0x10/0x10 [ 66.242993][ T11] ? lock_release+0xbf/0xa30 [ 66.245315][ T11] ? vscnprintf+0x5d/0x90 [ 66.247437][ T11] panic+0x349/0x880 [ 66.249269][ T11] ? check_panic_on_warn+0x21/0xb0 [ 66.251834][ T11] ? __pfx_panic+0x10/0x10 [ 66.253980][ T11] ? mark_lock+0x9a/0x360 [ 66.256162][ T11] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 66.258476][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 66.260795][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.263266][ T11] ? print_report+0x502/0x550 [ 66.265054][ T11] check_panic_on_warn+0x86/0xb0 [ 66.266896][ T11] ? update_io_ticks+0xa6/0x2d0 [ 66.268532][ T11] end_report+0x77/0x160 [ 66.269839][ T11] kasan_report+0x154/0x180 [ 66.271698][ T11] ? update_io_ticks+0xa6/0x2d0 [ 66.273580][ T11] update_io_ticks+0xa6/0x2d0 [ 66.275252][ T11] ? __pfx_update_io_ticks+0x10/0x10 [ 66.277667][ T11] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 66.280216][ T11] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 66.282636][ T11] blk_account_io_done+0x199/0x740 [ 66.284617][ T11] ? blk_stat_add+0x75/0x4a0 [ 66.286432][ T11] __blk_mq_end_request+0x270/0x5d0 [ 66.288461][ T11] loop_process_work+0x1bc8/0x21c0 [ 66.290401][ T11] ? __pfx_loop_process_work+0x10/0x10 [ 66.292379][ T11] ? register_lock_class+0x102/0x980 [ 66.294311][ T11] ? __pfx_register_lock_class+0x10/0x10 [ 66.296489][ T11] ? mark_lock+0x9a/0x360 [ 66.298145][ T11] ? debug_object_deactivate+0x2d5/0x390 [ 66.300174][ T11] ? do_raw_spin_unlock+0x58/0x8b0 [ 66.302030][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 66.303979][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 66.306307][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 66.308669][ T11] ? process_scheduled_works+0x976/0x1840 [ 66.310875][ T11] process_scheduled_works+0xa66/0x1840 [ 66.312923][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.315158][ T11] ? assign_work+0x364/0x3d0 [ 66.316914][ T11] worker_thread+0x870/0xd30 [ 66.318670][ T11] ? __kthread_parkme+0x169/0x1d0 [ 66.320543][ T11] ? __pfx_worker_thread+0x10/0x10 [ 66.322352][ T11] kthread+0x2f0/0x390 [ 66.323892][ T11] ? __pfx_worker_thread+0x10/0x10 [ 66.325790][ T11] ? __pfx_kthread+0x10/0x10 [ 66.327436][ T11] ret_from_fork+0x4b/0x80 [ 66.329007][ T11] ? __pfx_kthread+0x10/0x10 [ 66.330681][ T11] ret_from_fork_asm+0x1a/0x30 [ 66.332424][ T11] [ 66.333814][ T11] Kernel Offset: disabled [ 66.335408][ T11] Rebooting in 86400 seconds..