program: r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582", @ANYRESDEC], 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, 0x0) r2 = socket$kcm(0x23, 0x5, 0x0) listen(r2, 0x800) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) r5 = accept4(r2, 0x0, 0x0, 0x80000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x40082102, &(0x7f0000000080)=r6) r7 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000778600000000001f00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r8}, 0x94) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) bind$alg(r11, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(wp512-generic,cbc-camellia-aesni-avx2)\x00'}, 0x58) r12 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r12, &(0x7f00000069c0)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x101, @ipv4={'\x00', '\xff\xff', @remote}, 0x80}, 0x1c, 0x0}}, {{&(0x7f0000001840)={0xa, 0x4e24, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4f}, 0x1c, 0x0, 0x0, &(0x7f0000001940)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x32, 0x0, 0x1, 0xd4}}}], 0x18}}], 0x2, 0x20002004) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000000)="0f0042463e1a39099a7f003c158c9b51", 0x10) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014003500766574683000000000000000000000000c002b8008000100", @ANYRES32=r9, @ANYBLOB="08de6c48a972bf23be"], 0x40}}, 0x0) r13 = socket$nl_generic(0x10, 0x3, 0x10) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r5, &(0x7f0000000780)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x4c, r15, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x48000) sendmsg$IPVS_CMD_NEW_DAEMON(r14, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x3c, r15, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x42890}, 0x0) sendmsg$IPVS_CMD_FLUSH(r13, &(0x7f0000000640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000500)={0xcc, r15, 0x8, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x80}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x7, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0xff}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'dummy0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x40}]}, 0xcc}, 0x1, 0x0, 0x0, 0x8841}, 0x4) sendmsg$DEVLINK_CMD_RATE_NEW(r13, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000680)={0x34, 0x0, 0x905, 0xfffffffe, 0x0, {0x24}, [@handle=@nsim={{0xfffffffffffffefe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) syz_usb_disconnect(r0) [ 90.624695][ T5318] Bluetooth: hci0: command tx timeout [ 90.967307][ T5332] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 91.120370][ T5332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 52, changing to 4 [ 91.125533][ T5332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 13368, setting to 1023 [ 91.130930][ T5332] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 91.135145][ T5332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.146686][ T5332] usb 5-1: config 0 descriptor?? [ 91.468955][ T5340] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 91.546855][ T5340] ------------[ cut here ]------------ [ 91.551198][ T5340] kernel BUG at net/phonet/socket.c:213! [ 91.554220][ T5340] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 91.557304][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 91.561381][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 91.565981][ T5340] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 91.568762][ T5340] Code: cc cc cc e8 72 64 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 3b 3a 4a f7 e9 f7 fe ff ff e8 51 71 dd f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 91.577338][ T5340] RSP: 0018:ffffc90003dd7920 EFLAGS: 00010283 [ 91.580164][ T5340] RAX: ffffffff8ae86f9f RBX: 0000000000000000 RCX: 0000000000100000 [ 91.583828][ T5340] RDX: ffffc90020802000 RSI: 0000000000000051 RDI: 0000000000000052 [ 91.587334][ T5340] RBP: ffffc90003dd79d0 R08: ffffffff9033a7f7 R09: 1ffffffff20674fe [ 91.590898][ T5340] R10: dffffc0000000000 R11: fffffbfff20674ff R12: dffffc0000000000 [ 91.594379][ T5340] R13: ffff8880470d0c40 R14: ffff888040853a80 R15: 1ffff920007baf28 [ 91.597938][ T5340] FS: 00007f11173e46c0(0000) GS:ffff88808c808000(0000) knlGS:0000000000000000 [ 91.601949][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.604930][ T5340] CR2: 00007f111678d480 CR3: 0000000041ab6000 CR4: 0000000000352ef0 [ 91.608602][ T5340] Call Trace: [ 91.610196][ T5340] [ 91.611648][ T5340] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 91.614764][ T5340] ? __pfx_pn_socket_sendmsg+0x10/0x10 [ 91.617244][ T5340] ? aa_sock_msg_perm+0xf1/0x1b0 [ 91.619426][ T5340] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 91.621715][ T5340] ____sys_sendmsg+0x972/0x9f0 [ 91.623850][ T5340] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.626195][ T5340] ? import_iovec+0x73/0xa0 [ 91.628274][ T5340] ___sys_sendmsg+0x2a5/0x360 [ 91.630402][ T5340] ? __lock_acquire+0x6b5/0x2cf0 [ 91.632943][ T5340] ? __pfx____sys_sendmsg+0x10/0x10 [ 91.635724][ T5340] ? futex_wake+0x4ac/0x580 [ 91.637810][ T5340] ? __fget_files+0x2a/0x420 [ 91.640139][ T5340] ? __fget_files+0x3a0/0x420 [ 91.642246][ T5340] __x64_sys_sendmsg+0x1bd/0x2a0 [ 91.644613][ T5340] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 91.647269][ T5340] ? rcu_is_watching+0x15/0xb0 [ 91.649489][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.652298][ T5340] do_syscall_64+0x15f/0xf80 [ 91.654426][ T5340] ? trace_irq_disable+0x3b/0x140 [ 91.656775][ T5340] ? clear_bhb_loop+0x40/0x90 [ 91.658899][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.661662][ T5340] RIP: 0033:0x7f111659cdd9 [ 91.663689][ T5340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.671974][ T5340] RSP: 002b:00007f11173e3fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.675457][ T5340] RAX: ffffffffffffffda RBX: 00007f1116816090 RCX: 00007f111659cdd9 [ 91.678710][ T5340] RDX: 0000000000048000 RSI: 0000200000000780 RDI: 0000000000000008 [ 91.682015][ T5340] RBP: 00007f1116632d69 R08: 0000000000000000 R09: 0000000000000000 [ 91.685348][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.689013][ T5340] R13: 00007f1116816128 R14: 00007f1116816090 R15: 00007ffda9765498 [ 91.692697][ T5340] [ 91.694178][ T5340] Modules linked in: [ 91.697700][ T5340] ---[ end trace 0000000000000000 ]--- [ 91.709443][ T5351] IPVS: sync thread started: state = MASTER, mcast_ifn = bond_slave_0, syncid = 1, id = 0 [ 91.716318][ T5340] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 91.721781][ T5332] ath6kl: Failed to submit usb control message: -71 [ 91.732414][ T5332] ath6kl: unable to send the bmi data to the device: -71 [ 91.736026][ T5340] Code: cc cc cc e8 72 64 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 3b 3a 4a f7 e9 f7 fe ff ff e8 51 71 dd f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 91.744902][ T5332] ath6kl: Unable to send get target info: -71 [ 91.748403][ T5332] ath6kl: Failed to init ath6kl core: -71 [ 91.751863][ T5332] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 91.755841][ T5340] RSP: 0018:ffffc90003dd7920 EFLAGS: 00010283 [ 91.763604][ T5340] RAX: ffffffff8ae86f9f RBX: 0000000000000000 RCX: 0000000000100000 [ 91.767916][ T5332] usb 5-1: USB disconnect, device number 2 [ 91.772719][ T5340] RDX: ffffc90020802000 RSI: 0000000000000051 RDI: 0000000000000052 [ 91.780750][ T5340] RBP: ffffc90003dd79d0 R08: ffffffff9033a7f7 R09: 1ffffffff20674fe [ 91.784852][ T5340] R10: dffffc0000000000 R11: fffffbfff20674ff R12: dffffc0000000000 [ 91.789102][ T5340] R13: ffff8880470d0c40 R14: ffff888040853a80 R15: 1ffff920007baf28 [ 91.792683][ T5340] FS: 00007f11173e46c0(0000) GS:ffff88808c808000(0000) knlGS:0000000000000000 [ 91.799107][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 91.802186][ T5340] CR2: 00007f11167ca020 CR3: 0000000041ab6000 CR4: 0000000000352ef0 [ 91.805867][ T5340] Kernel panic - not syncing: Fatal exception [ 91.809021][ T5340] Kernel Offset: disabled [ 91.811078][ T5340] Rebooting in 86400 seconds..