program: syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) accept4(r1, &(0x7f0000000180)=@un=@abs, &(0x7f0000000100)=0x80, 0x80800) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x19, &(0x7f0000000340)=0x9, 0x3a) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1fc}, 0x0, 0x0) r4 = socket(0x11, 0x800000003, 0x0) syz_mount_image$squashfs(&(0x7f0000000680), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRES8, @ANYRESOCT, @ANYRESHEX, @ANYRESDEC, @ANYRES32, @ANYRESHEX=0x0, @ANYRES32], 0xfd, 0x1ee, &(0x7f00000003c0)="$eJzsVc1q1FAU/u6dmyZV0a7dOthu1Gkq4hvYB/ABHKaxFqNiE7AdCkYXduNCfImCT+FC1L0LEUGEdqGgi4qrgkTOveemN5ghcXAxwv1g5nznNyc59+dWdj8LAfw63BlhARoCp/BRCCgAi8LYjuaM/MGyZHxRRl9m+wuWByyz7fG7p0QkxreHaZpsZtstRAigLaZGOgV1J28f1y0C/6rylAQSaHTlPfOR/3Q9q1nCphjOba48A4T6a3DJqQp+7RLMS73TuANMckVmCzUMxbga59VAACJBtdNamv/wnCpfPoOJjbWRmV0JLpF/lZWBZ5pdeyTxXSvvD3dGRG7wKUa2NfOzW0LHkPLKiTmrgAIQPZRVHWVGjUXO+1yW4wsbd4bryXpyN45XrgzenOSRJ4NLNzfS5OFp4KdNl0QUKtA+nXfaDAB8OvYXcCCc1ggnAOHm0vlrD+elc24WncXHuW4NE/GyqhGyjT7FdZwHrd8HBbljtvZ1tSeRfsFVCPSgQO+5rGpPPMIBIu24OLqXru1CQHDkYA8KEq9tAwEke+J9R1m5Wr3+Lss+y1X9H2GP9X2W9u6yd5LSFb6xtlQAc9ga5vmmvry25vOAE8kWa5tmC9WTJT/V3ob2xOiH8PDw8PDw8PD4T/A7AAD//+kWST0=") r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r5, 0x8001, 0x0) getdents(r5, 0x0, 0x58) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000009c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000940), &(0x7f0000000980)}, 0x20) r9 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r9, 0x800c6613, &(0x7f0000000040)=@v2={0x2, @aes128, 0x0, '\x00', @a}) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000000680)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="00e5ffff0f00000017100000", @ANYRES32=r10, @ANYBLOB="00000000000000009500000c000000009500007000000000"], &(0x7f0000000000)='GPL\x00', 0x4}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x1b, &(0x7f00000007c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xdc}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffff9}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x27f}, @tail_call, @cb_func={0x18, 0x4, 0x4, 0x0, 0x3}, @alu={0x4, 0x0, 0x3, 0xb, 0x4, 0x20, 0x10}, @map_fd={0x18, 0x6}, @alu={0x4, 0x0, 0x5, 0x7, 0x4, 0x11821ad46b17db34, 0xfffffffffffffff0}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}]}, &(0x7f0000000300)='syzkaller\x00', 0xf, 0x66, &(0x7f00000006c0)=""/102, 0x40f00, 0x2, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x9, 0x2}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0xa, 0x3, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000a00)=[r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r8, r9, r10], 0x0, 0x10, 0x800}, 0x94) sendmsg$nl_route_sched(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xfffffffffffffe50, 0x2, [@TCA_CAKE_WASH={0x8}]}}]}, 0x3c}}, 0x0) [ 74.885601][ T5323] Bluetooth: hci0: command tx timeout [ 75.008023][ T5344] loop0: detected capacity change from 0 to 8 [ 75.032833][ T5344] SQUASHFS error: Failed to read block 0x6e6: -5 [ 75.036459][ T5344] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 75.039232][ T5344] SQUASHFS error: Unable to read directory block [6e4:0] [ 75.043035][ T5344] VFS_BUG_ON_INODE(!IS_ANON_FILE(inode)) encountered for inode ffff888045938ab8 [ 75.043176][ T5344] ------------[ cut here ]------------ [ 75.049661][ T5344] kernel BUG at fs/namei.c:3483! [ 75.053812][ T5344] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 75.057326][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 75.068235][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.074004][ T5344] RIP: 0010:may_open+0x4b1/0x4c0 [ 75.076809][ T5344] Code: 38 c1 0f 8c 1e fd ff ff 4c 89 e7 e8 19 21 ec ff e9 11 fd ff ff e8 6f 9e 88 ff 4c 89 f7 48 c7 c6 c0 54 99 8b e8 10 67 f0 fe 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 75.086719][ T5344] RSP: 0018:ffffc9000d67f940 EFLAGS: 00010246 [ 75.089343][ T5344] RAX: 000000000000004d RBX: dffffc0000000000 RCX: edc6ce50f16fb500 [ 75.093215][ T5344] RDX: ffffc9000e98b000 RSI: 0000000000000789 RDI: 000000000000078a [ 75.097097][ T5344] RBP: 0000000000008000 R08: ffff88801fc24293 R09: 1ffff11003f84852 [ 75.100247][ T5344] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 0000000000000000 [ 75.103221][ T5344] R13: ffffffff8e29e6c0 R14: ffff888045938ab8 R15: 0000000000000004 [ 75.106293][ T5344] FS: 00007f34a9dae6c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000 [ 75.109731][ T5344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.112356][ T5344] CR2: 000020000000c380 CR3: 00000000427ec000 CR4: 0000000000352ef0 [ 75.115427][ T5344] Call Trace: [ 75.116938][ T5344] [ 75.118219][ T5344] path_openat+0x2d91/0x3830 [ 75.119856][ T5344] ? arch_stack_walk+0xfc/0x150 [ 75.121716][ T5344] ? __pfx_path_openat+0x10/0x10 [ 75.123643][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.126025][ T5344] do_filp_open+0x1fa/0x410 [ 75.128018][ T5344] ? __lock_acquire+0xab9/0xd20 [ 75.130072][ T5344] ? __pfx_do_filp_open+0x10/0x10 [ 75.132240][ T5344] ? _raw_spin_unlock+0x28/0x50 [ 75.134381][ T5344] ? alloc_fd+0x64c/0x6c0 [ 75.136200][ T5344] do_sys_openat2+0x121/0x1c0 [ 75.138472][ T5344] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.140831][ T5344] ? rcu_is_watching+0x15/0xb0 [ 75.142929][ T5344] __x64_sys_openat+0x138/0x170 [ 75.145012][ T5344] do_syscall_64+0xfa/0x3b0 [ 75.147036][ T5344] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.149265][ T5344] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.151770][ T5344] ? clear_bhb_loop+0x60/0xb0 [ 75.153976][ T5344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.156535][ T5344] RIP: 0033:0x7f34a8f8e929 [ 75.158476][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.166640][ T5344] RSP: 002b:00007f34a9dae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 75.170398][ T5344] RAX: ffffffffffffffda RBX: 00007f34a91b6080 RCX: 00007f34a8f8e929 [ 75.173770][ T5344] RDX: 0000000000000000 RSI: 000020000000c380 RDI: ffffffffffffff9c [ 75.177099][ T5344] RBP: 00007f34a9010b39 R08: 0000000000000000 R09: 0000000000000000 [ 75.180380][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.184218][ T5344] R13: 0000000000000000 R14: 00007f34a91b6080 R15: 00007ffe512b8578 [ 75.187712][ T5344] [ 75.189018][ T5344] Modules linked in: [ 75.191440][ T5344] ---[ end trace 0000000000000000 ]--- [ 75.200058][ T5347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 75.208503][ T5344] RIP: 0010:may_open+0x4b1/0x4c0 [ 75.210743][ T5344] Code: 38 c1 0f 8c 1e fd ff ff 4c 89 e7 e8 19 21 ec ff e9 11 fd ff ff e8 6f 9e 88 ff 4c 89 f7 48 c7 c6 c0 54 99 8b e8 10 67 f0 fe 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 75.227170][ T5344] RSP: 0018:ffffc9000d67f940 EFLAGS: 00010246 [ 75.230255][ T5344] RAX: 000000000000004d RBX: dffffc0000000000 RCX: edc6ce50f16fb500 [ 75.240288][ T5344] RDX: ffffc9000e98b000 RSI: 0000000000000789 RDI: 000000000000078a [ 75.243950][ T5344] RBP: 0000000000008000 R08: ffff88801fc24293 R09: 1ffff11003f84852 [ 75.255006][ T5344] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 0000000000000000 [ 75.264912][ T5344] R13: ffffffff8e29e6c0 R14: ffff888045938ab8 R15: 0000000000000004 [ 75.274024][ T5344] FS: 00007f34a9dae6c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000 [ 75.283978][ T5344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.292540][ T5344] CR2: 00007f34a9d8cfc8 CR3: 00000000427ec000 CR4: 0000000000352ef0 [ 75.296526][ T5344] Kernel panic - not syncing: Fatal exception [ 75.299485][ T5344] Kernel Offset: disabled [ 75.301449][ T5344] Rebooting in 86400 seconds..