program:
mkdir(&(0x7f0000000540)='./file2\x00', 0x0)
mount(0x0, &(0x7f0000000a40)='./file2\x00', &(0x7f0000000a80)='overlay\x00', 0x8, &(0x7f0000000ac0)='upperdir')
r0 = socket$kcm(0x23, 0x5, 0x0)
listen(r0, 0x800)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@ipv4}, 0x0, @in=@broadcast}}, &(0x7f0000000380)=0xe8)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000080)=@nullb, r3, &(0x7f00000003c0))
close(r2)
socket$kcm(0x10, 0x0, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc004000202080003000300010003000400eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$BLKTRACESTART(r4, 0x1274, 0x0)
connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
r5 = accept4(r0, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

[  116.553632][ T1017] ata1.00: exception Emask 0x1 SAct 0xc000 SErr 0x0 action 0x0
[  116.563044][ T5338] overlay: Bad value for 'upperdir'
[  116.566426][ T1017] ata1.00: irq_stat 0x41000000
[  116.572707][ T1017] ata1.00: failed command: WRITE FPDMA QUEUED
[  116.576778][ T1017] ata1.00: cmd 61/90:70:36:01:08/09:00:00:00:00/40 tag 14 ncq dma 1253376 ou
[  116.576778][ T1017]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  116.586082][ T1017] ata1.00: status: { DRDY }
[  116.590572][ T1017] ata1.00: failed command: WRITE FPDMA QUEUED
[  116.597562][ T1017] ata1.00: cmd 61/50:78:c6:0a:08/04:00:00:00:00/40 tag 15 ncq dma 565248 out
[  116.597562][ T1017]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  116.606093][ T1017] ata1.00: status: { DRDY }
[  116.609159][ T1017] ata1.00: configured for UDMA/100
[  116.611810][ T1017] ata1: EH complete
[  116.626281][ T5339] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[  116.644948][ T5311] Bluetooth: hci0: command tx timeout
[  116.716040][ T5338] ------------[ cut here ]------------
[  116.718818][ T5338] kernel BUG at net/phonet/socket.c:213!
[  116.722090][ T5338] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  116.724981][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  116.728938][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  116.733368][ T5338] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[  116.736192][ T5338] Code: cc cc cc e8 82 83 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 5b d5 4c f7 e9 f7 fe ff ff e8 71 b4 e0 f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[  116.744571][ T5338] RSP: 0018:ffffc90005c6fc00 EFLAGS: 00010287
[  116.747250][ T5338] RAX: ffffffff8ae4709f RBX: 0000000000000000 RCX: 0000000000100000
[  116.750888][ T5338] RDX: ffffc90020001000 RSI: 0000000000000583 RDI: 0000000000000584
[  116.754713][ T5338] RBP: ffffc90005c6fcb0 R08: ffffffff90333db7 R09: 1ffffffff20667b6
[  116.758431][ T5338] R10: dffffc0000000000 R11: fffffbfff20667b7 R12: dffffc0000000000
[  116.761975][ T5338] R13: ffff888013184640 R14: ffff88801236ba80 R15: 1ffff92000b8df84
[  116.765478][ T5338] FS:  00007f949681c6c0(0000) GS:ffff88808c820000(0000) knlGS:0000000000000000
[  116.769610][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.772432][ T5338] CR2: 00007f9495987980 CR3: 0000000012424000 CR4: 0000000000352ef0
[  116.775977][ T5338] Call Trace:
[  116.777522][ T5338]  <TASK>
[  116.778876][ T5338]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  116.781540][ T5338]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[  116.783691][ T5338]  ? aa_sock_msg_perm+0xf1/0x1b0
[  116.785799][ T5338]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  116.788072][ T5338]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[  116.790318][ T5338]  __sys_sendto+0x672/0x710
[  116.792353][ T5338]  ? __pfx___sys_sendto+0x10/0x10
[  116.794612][ T5338]  ? exc_page_fault+0x6a/0xc0
[  116.796723][ T5338]  ? do_user_addr_fault+0xc6f/0x1340
[  116.799047][ T5338]  __x64_sys_sendto+0xde/0x100
[  116.801196][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.803923][ T5338]  do_syscall_64+0x15f/0xf80
[  116.806058][ T5338]  ? trace_irq_disable+0x3b/0x140
[  116.808447][ T5338]  ? clear_bhb_loop+0x40/0x90
[  116.810800][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.813297][ T5338] RIP: 0033:0x7f949595d04e
[  116.815122][ T5338] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  116.822730][ T5338] RSP: 002b:00007f949681ae48 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  116.826085][ T5338] RAX: ffffffffffffffda RBX: 00007f949681c6c0 RCX: 00007f949595d04e
[  116.829493][ T5338] RDX: 0000000000000020 RSI: 00007f949681afc0 RDI: 0000000000000006
[  116.832916][ T5338] RBP: 0000000000000000 R08: 00007f949681aec4 R09: 000000000000000c
[  116.836514][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  116.840117][ T5338] R13: 00007f949681af18 R14: 00007f949681afc0 R15: 0000000000000000
[  116.843373][ T5338]  </TASK>
[  116.844704][ T5338] Modules linked in:
[  116.846864][ T5338] ---[ end trace 0000000000000000 ]---
[  116.860449][ T5338] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[  116.863098][ T5338] Code: cc cc cc e8 82 83 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 5b d5 4c f7 e9 f7 fe ff ff e8 71 b4 e0 f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[  116.874529][ T5338] RSP: 0018:ffffc90005c6fc00 EFLAGS: 00010287
[  116.877381][ T5338] RAX: ffffffff8ae4709f RBX: 0000000000000000 RCX: 0000000000100000
[  116.881381][ T5338] RDX: ffffc90020001000 RSI: 0000000000000583 RDI: 0000000000000584
[  116.885036][ T5338] RBP: ffffc90005c6fcb0 R08: ffffffff90333db7 R09: 1ffffffff20667b6
[  116.889041][ T5338] R10: dffffc0000000000 R11: fffffbfff20667b7 R12: dffffc0000000000
[  116.892985][ T5338] R13: ffff888013184640 R14: ffff88801236ba80 R15: 1ffff92000b8df84
[  116.896632][ T5338] FS:  00007f949681c6c0(0000) GS:ffff88808c820000(0000) knlGS:0000000000000000
[  116.900808][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.904000][ T5338] CR2: 00007f6dffeaa5a3 CR3: 0000000012424000 CR4: 0000000000352ef0
[  116.907898][ T5338] Kernel panic - not syncing: Fatal exception
[  116.910947][ T5338] Kernel Offset: disabled
[  116.912890][ T5338] Rebooting in 86400 seconds..