program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket$kcm(0x23, 0x5, 0x0)
listen(r3, 0x800)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r5, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
r6 = accept4(r3, 0x0, 0x0, 0x80000)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x1f, &(0x7f00000004c0)={<r7=>0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x1, 0x1}, &(0x7f0000000580)=0x90)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f00000005c0)={r7, 0x5}, &(0x7f0000000600)=0x8)
close(r2)
socket(0x840000000002, 0x3, 0x100)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$TUNSETLINK(r8, 0x400454cd, 0x304)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller0\x00', @random="371692e7f7ef"})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r9=>0x0})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r11, 0x4188aec6, &(0x7f0000001540)={0x0, [{0x1, 0x0, 0x8, 0x0}, {0x2, 0x0, 0xe955, 0x0}, {0x2, 0x0, 0x859, 0x0}, {0x2, 0x0, 0x6, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x9, 0x0}, {0x1, 0x0, 0x2, 0x0}, {0x3, 0x0, 0xe33, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x1, 0x0, 0x0, 0x0}, {0x3, 0x0, 0xff, 0x0}, {0x1, 0x0, 0x1ff, 0x0}, {0x0, 0x10, 0xe, &(0x7f0000001380)="0bb7"}, {0x0, 0x0, 0x5, 0x0}, {0x0, 0x0, 0x2, 0x0}, {0x1, 0x0, 0x5, 0x0}]})
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@mpls_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x1, 0x2400}}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x8814)
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth0_to_hsr\x00', <r14=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r6, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb4, r13, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0xfffff7ba}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0x3}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x3}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x200}]}, 0xb4}, 0x1, 0x0, 0x0, 0x44000010}, 0x10)

[   90.707653][ T5342] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   90.717985][   T44] Bluetooth: hci0: command tx timeout
[   90.820277][ T5342] syzkaller0: entered allmulticast mode
[   90.837075][ T5342] ------------[ cut here ]------------
[   90.839751][ T5342] kernel BUG at net/phonet/socket.c:213!
[   90.842588][ T5342] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   90.845447][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   90.849655][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   90.854232][ T5342] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   90.856964][ T5342] Code: cc cc cc e8 72 64 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 3b 3a 4a f7 e9 f7 fe ff ff e8 51 71 dd f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   90.865950][ T5342] RSP: 0018:ffffc9000dae7920 EFLAGS: 00010283
[   90.868735][ T5342] RAX: ffffffff8ae86f9f RBX: 0000000000000000 RCX: 0000000000100000
[   90.872542][ T5342] RDX: ffffc9000efa2000 RSI: 0000000000000051 RDI: 0000000000000052
[   90.876030][ T5342] RBP: ffffc9000dae79d0 R08: ffffffff9033a7f7 R09: 1ffffffff20674fe
[   90.879722][ T5342] R10: dffffc0000000000 R11: fffffbfff20674ff R12: dffffc0000000000
[   90.883308][ T5342] R13: ffff888047dab640 R14: ffff888040f93a80 R15: 1ffff92001b5cf28
[   90.886892][ T5342] FS:  00007f1e419c46c0(0000) GS:ffff88808c808000(0000) knlGS:0000000000000000
[   90.890833][ T5342] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   90.893788][ T5342] CR2: 00007f1e40b87f40 CR3: 000000001f9c9000 CR4: 0000000000352ef0
[   90.897374][ T5342] Call Trace:
[   90.898944][ T5342]  <TASK>
[   90.900288][ T5342]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   90.903276][ T5342]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[   90.905751][ T5342]  ? aa_sock_msg_perm+0xf1/0x1b0
[   90.908208][ T5342]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   90.910530][ T5342]  ____sys_sendmsg+0x972/0x9f0
[   90.912867][ T5342]  ? __pfx_____sys_sendmsg+0x10/0x10
[   90.915332][ T5342]  ? import_iovec+0x73/0xa0
[   90.917441][ T5342]  ___sys_sendmsg+0x2a5/0x360
[   90.919851][ T5342]  ? __lock_acquire+0x6b5/0x2cf0
[   90.922133][ T5342]  ? __pfx____sys_sendmsg+0x10/0x10
[   90.924463][ T5342]  ? futex_wait+0x2a2/0x390
[   90.926413][ T5342]  ? __fget_files+0x2a/0x420
[   90.928423][ T5342]  ? __fget_files+0x3a0/0x420
[   90.930548][ T5342]  __x64_sys_sendmsg+0x1bd/0x2a0
[   90.932732][ T5342]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   90.935230][ T5342]  ? rcu_is_watching+0x15/0xb0
[   90.937314][ T5342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.940245][ T5342]  do_syscall_64+0x15f/0xf80
[   90.942441][ T5342]  ? trace_irq_disable+0x3b/0x140
[   90.944708][ T5342]  ? clear_bhb_loop+0x40/0x90
[   90.946876][ T5342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.949752][ T5342] RIP: 0033:0x7f1e40b9cdd9
[   90.951975][ T5342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   90.960714][ T5342] RSP: 002b:00007f1e419c3fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   90.964134][ T5342] RAX: ffffffffffffffda RBX: 00007f1e40e15fa0 RCX: 00007f1e40b9cdd9
[   90.967368][ T5342] RDX: 0000000000000010 RSI: 0000200000000480 RDI: 0000000000000009
[   90.970833][ T5342] RBP: 00007f1e40c32d69 R08: 0000000000000000 R09: 0000000000000000
[   90.974444][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.978050][ T5342] R13: 00007f1e40e16038 R14: 00007f1e40e15fa0 R15: 00007ffef3e70248
[   90.981550][ T5342]  </TASK>
[   90.983024][ T5342] Modules linked in:
[   90.985257][ T5342] ---[ end trace 0000000000000000 ]---
[   90.988092][ T5342] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   90.990914][ T5342] Code: cc cc cc e8 72 64 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 3b 3a 4a f7 e9 f7 fe ff ff e8 51 71 dd f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   90.999705][ T5342] RSP: 0018:ffffc9000dae7920 EFLAGS: 00010283
[   91.003118][ T5342] RAX: ffffffff8ae86f9f RBX: 0000000000000000 RCX: 0000000000100000
[   91.011040][ T5342] RDX: ffffc9000efa2000 RSI: 0000000000000051 RDI: 0000000000000052
[   91.016642][ T5342] RBP: ffffc9000dae79d0 R08: ffffffff9033a7f7 R09: 1ffffffff20674fe
[   91.021313][ T5342] R10: dffffc0000000000 R11: fffffbfff20674ff R12: dffffc0000000000
[   91.024975][ T5342] R13: ffff888047dab640 R14: ffff888040f93a80 R15: 1ffff92001b5cf28
[   91.028652][ T5342] FS:  00007f1e419c46c0(0000) GS:ffff88808c808000(0000) knlGS:0000000000000000
[   91.032906][ T5342] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.035987][ T5342] CR2: 00007f1e40b87f40 CR3: 000000001f9c9000 CR4: 0000000000352ef0
[   91.040103][ T5342] Kernel panic - not syncing: Fatal exception
[   91.043303][ T5342] Kernel Offset: disabled
[   91.045322][ T5342] Rebooting in 86400 seconds..