program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x9, &(0x7f0000000000)=0x80000d61, 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="9ece00000000000000000631000008000300", @ANYRES32=r4, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e01, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x3d, 0x0, "bb02a3c364ca41d6357e544524474004000b42a21d7214bf92494925208a0e2f964e0000c534a6324d6193fcf19b2df3ee818afaa4ff1f56c54dc46d8b6d2ccd008aa0cc1dc2767bbe00"}, 0xd8)
r5 = socket$kcm(0x23, 0x5, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4)
listen(r5, 0x800)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r8, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
r9 = accept4(r5, 0x0, 0x0, 0x80000)
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000380)=ANY=[], 0x78)
r11 = gettid()
sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001c0000022cbd7000fbdbdf250c0000001800d880040005800400e48008000500", @ANYRES32=r11, @ANYBLOB="00b81000"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x4)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="050000000000000000002e0000000c0099000e0000001d0000000a00340082020202020200001e001f00002000020000000000000074000200010000000e0b09000000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

[   84.778228][ T5302] Bluetooth: hci0: command tx timeout
[   84.936725][ T5324] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   85.014462][ T5325] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET)
[   85.023131][ T5324] ------------[ cut here ]------------
[   85.025289][ T5324] kernel BUG at net/phonet/socket.c:213!
[   85.027692][ T5324] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   85.030543][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.034266][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.038310][ T5324] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   85.040707][ T5324] Code: cc cc cc e8 02 63 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 bb 54 4c f7 e9 f7 fe ff ff e8 a1 0d e0 f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   85.048539][ T5324] RSP: 0018:ffffc900035df920 EFLAGS: 00010283
[   85.051069][ T5324] RAX: ffffffff8ae5d10f RBX: 0000000000000000 RCX: 0000000000100000
[   85.054181][ T5324] RDX: ffffc90020001000 RSI: 000000000000004b RDI: 000000000000004c
[   85.057363][ T5324] RBP: ffffc900035df9d0 R08: ffffffff90335df7 R09: 1ffffffff2066bbe
[   85.060482][ T5324] R10: dffffc0000000000 R11: fffffbfff2066bbf R12: dffffc0000000000
[   85.063741][ T5324] R13: ffff888054c97040 R14: ffff888033713a80 R15: 1ffff920006bbf28
[   85.066915][ T5324] FS:  00007fbe358076c0(0000) GS:ffff88808c81a000(0000) knlGS:0000000000000000
[   85.071057][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.074175][ T5324] CR2: 00007fbe357e5ff8 CR3: 000000001fcf8000 CR4: 0000000000352ef0
[   85.077903][ T5324] Call Trace:
[   85.079566][ T5324]  <TASK>
[   85.081112][ T5324]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   85.084128][ T5324]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[   85.086419][ T5324]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.088517][ T5324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.090769][ T5324]  ____sys_sendmsg+0x972/0x9f0
[   85.092839][ T5324]  ? __might_fault+0xaf/0x130
[   85.094792][ T5324]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.096983][ T5324]  ? import_iovec+0x73/0xa0
[   85.098722][ T5324]  ___sys_sendmsg+0x2a5/0x360
[   85.100650][ T5324]  ? __lock_acquire+0x6b5/0x2cf0
[   85.102883][ T5324]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.105062][ T5324]  ? futex_wake+0x4ac/0x580
[   85.106954][ T5324]  ? __fget_files+0x2a/0x420
[   85.108839][ T5324]  ? __fget_files+0x3a0/0x420
[   85.110777][ T5324]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.112825][ T5324]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.115064][ T5324]  ? rcu_is_watching+0x15/0xb0
[   85.117086][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.119648][ T5324]  do_syscall_64+0x15f/0xf80
[   85.121570][ T5324]  ? trace_irq_disable+0x3b/0x140
[   85.123670][ T5324]  ? clear_bhb_loop+0x40/0x90
[   85.125560][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.127860][ T5324] RIP: 0033:0x7fbe3499c819
[   85.129642][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.137252][ T5324] RSP: 002b:00007fbe35806fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.140631][ T5324] RAX: ffffffffffffffda RBX: 00007fbe34c15fa0 RCX: 00007fbe3499c819
[   85.143853][ T5324] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 000000000000000a
[   85.147149][ T5324] RBP: 00007fbe34a32c91 R08: 0000000000000000 R09: 0000000000000000
[   85.150499][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.153534][ T5324] R13: 00007fbe34c16038 R14: 00007fbe34c15fa0 R15: 00007ffc9592ec18
[   85.156293][ T5324]  </TASK>
[   85.157428][ T5324] Modules linked in:
[   85.159277][ T5324] ---[ end trace 0000000000000000 ]---
[   85.165990][ T5324] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   85.168675][ T5324] Code: cc cc cc e8 02 63 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 bb 54 4c f7 e9 f7 fe ff ff e8 a1 0d e0 f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   85.178524][ T5324] RSP: 0018:ffffc900035df920 EFLAGS: 00010283
[   85.185312][ T5324] RAX: ffffffff8ae5d10f RBX: 0000000000000000 RCX: 0000000000100000
[   85.191692][ T5324] RDX: ffffc90020001000 RSI: 000000000000004b RDI: 000000000000004c
[   85.196005][ T5324] RBP: ffffc900035df9d0 R08: ffffffff90335df7 R09: 1ffffffff2066bbe
[   85.200377][ T5324] R10: dffffc0000000000 R11: fffffbfff2066bbf R12: dffffc0000000000
[   85.203687][ T5324] R13: ffff888054c97040 R14: ffff888033713a80 R15: 1ffff920006bbf28
[   85.206975][ T5324] FS:  00007fbe358076c0(0000) GS:ffff88808c81a000(0000) knlGS:0000000000000000
[   85.211698][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.214617][ T5324] CR2: 0000558c88953168 CR3: 000000001fcf8000 CR4: 0000000000352ef0
[   85.218287][ T5324] Kernel panic - not syncing: Fatal exception
[   85.221337][ T5324] Kernel Offset: disabled
[   85.223274][ T5324] Rebooting in 86400 seconds..