program: r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = eventfd2(0x3, 0x80000) ioctl$VHOST_SET_VRING_CALL(r2, 0x4008af21, &(0x7f00000001c0)={0x1, r3}) sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) r5 = accept4(r0, 0x0, 0x0, 0x80000) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0x2800000, &(0x7f0000000500)={[{@debug}, {@delalloc}, {@inlinecrypt}, {@test_dummy_encryption}, {@errors_continue}, {@errors_continue}, {@delalloc}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==") timer_create(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x44080, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) ioctl$FS_IOC_ENABLE_VERITY(r6, 0x40806685, &(0x7f0000000400)={0x1, 0x2, 0x1000, 0x1, &(0x7f0000000000)='t', 0x0, 0x0, 0x0}) r8 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r8, 0x84, 0x1e, &(0x7f0000000100), &(0x7f0000000140)=0x4) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtaction={0x7c, 0x30, 0x1, 0x0, 0x0, {}, [{0x68, 0x1, [@m_mpls={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4}, 0x2}}, @TCA_MPLS_LABEL={0x8}, @TCA_MPLS_BOS={0x5}, @TCA_MPLS_LABEL={0x7, 0x5, 0x56a7e}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0) sendmsg$netlink(r5, &(0x7f0000000680)={&(0x7f0000000340)=@proc={0x10, 0x0, 0x25dfdbfd, 0x2}, 0xc, &(0x7f0000000640)=[{&(0x7f0000000580)={0xa8, 0x32, 0x300, 0x70bd2a, 0x25dfdbfc, "", [@generic="d08d716c752110cb82f50d2a42693e1de6b42002a3659cd2cde0804034869200", @nested={0x6f, 0x123, 0x0, 0x1, [@nested={0x4, 0x120}, @generic="af61f3832b20c1718b9a4316c45f4186412fbe74e4964494380a0afeb13fe125f1a094332ca6d1a54bbf4c8441d6b178c03396a1f1e0fa52055cd1627ead", @nested={0x4, 0x47}, @generic="2ca9a32047a47ab1ef630cdc04", @typed={0x14, 0x159, 0x0, 0x0, @ipv6=@private1}, @nested={0x4, 0xcc}]}, @nested={0x8, 0x8c, 0x0, 0x1, [@nested={0x4, 0x110}]}]}, 0xa8}], 0x1, 0x0, 0x0, 0x800}, 0x40000) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r10, 0xffffffffffffffff, 0x0) [ 111.474033][ T5318] Bluetooth: hci0: command tx timeout [ 111.544068][ T5346] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 111.644947][ T5346] loop0: detected capacity change from 0 to 4096 [ 111.655462][ T5346] EXT4-fs: inline encryption not supported [ 111.690881][ T5346] EXT4-fs (loop0): Test dummy encryption mode enabled [ 111.709083][ T5346] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 111.715956][ T5346] System zones: 0-5 [ 111.739239][ T5346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.770692][ T24] audit: type=1800 audit(1776964440.562:2): pid=5346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 111.854123][ T5347] ------------[ cut here ]------------ [ 111.856895][ T5347] kernel BUG at net/phonet/socket.c:213! [ 111.870403][ T5347] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 111.873660][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 111.878280][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 111.882776][ T5347] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 111.885275][ T5347] Code: cc cc cc e8 f2 63 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 bb 69 4a f7 e9 f7 fe ff ff e8 d1 a0 dd f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 111.893843][ T5347] RSP: 0018:ffffc9000578f920 EFLAGS: 00010283 [ 111.896519][ T5347] RAX: ffffffff8ae8401f RBX: 0000000000000000 RCX: 0000000000100000 [ 111.900752][ T5347] RDX: ffffc90020802000 RSI: 0000000000000051 RDI: 0000000000000052 [ 111.904109][ T5347] RBP: ffffc9000578f9d0 R08: ffffffff9033a4f7 R09: 1ffffffff206749e [ 111.907571][ T5347] R10: dffffc0000000000 R11: fffffbfff206749f R12: dffffc0000000000 [ 111.911820][ T5347] R13: ffff888047d07040 R14: ffff88803fa3ba80 R15: 1ffff92000af1f28 [ 111.916109][ T5347] FS: 00007f230bff56c0(0000) GS:ffff88808c809000(0000) knlGS:0000000000000000 [ 111.919735][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 111.922541][ T5347] CR2: 00007f11a8570000 CR3: 00000000441d8000 CR4: 0000000000352ef0 [ 111.925963][ T5347] Call Trace: [ 111.927774][ T5347] [ 111.929320][ T5347] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 111.932689][ T5347] ? __pfx_pn_socket_sendmsg+0x10/0x10 [ 111.935008][ T5347] ? aa_sock_msg_perm+0xf1/0x1b0 [ 111.937270][ T5347] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 111.939448][ T5347] ____sys_sendmsg+0x972/0x9f0 [ 111.941506][ T5347] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.943924][ T5347] ? import_iovec+0x73/0xa0 [ 111.946394][ T5347] ___sys_sendmsg+0x2a5/0x360 [ 111.948612][ T5347] ? __lock_acquire+0x6b5/0x2cf0 [ 111.950856][ T5347] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.953211][ T5347] ? futex_wake+0x4ac/0x580 [ 111.955042][ T5347] ? __fget_files+0x2a/0x420 [ 111.957058][ T5347] ? __fget_files+0x3a0/0x420 [ 111.959240][ T5347] __x64_sys_sendmsg+0x1bd/0x2a0 [ 111.962155][ T5347] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 111.965174][ T5347] ? rcu_is_watching+0x15/0xb0 [ 111.967491][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.969996][ T5347] do_syscall_64+0x15f/0xf80 [ 111.972119][ T5347] ? trace_irq_disable+0x3b/0x140 [ 111.974547][ T5347] ? clear_bhb_loop+0x40/0x90 [ 111.976832][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.979722][ T5347] RIP: 0033:0x7f230fb9c819 [ 111.981894][ T5347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.990254][ T5347] RSP: 002b:00007f230bff4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.994580][ T5347] RAX: ffffffffffffffda RBX: 00007f230fe16090 RCX: 00007f230fb9c819 [ 111.998421][ T5347] RDX: 0000000000040000 RSI: 0000200000000680 RDI: 0000000000000008 [ 112.001946][ T5347] RBP: 00007f230fc32c91 R08: 0000000000000000 R09: 0000000000000000 [ 112.005384][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.009687][ T5347] R13: 00007f230fe16128 R14: 00007f230fe16090 R15: 00007fffb0178368 [ 112.013818][ T5347] [ 112.015176][ T5347] Modules linked in: [ 112.017512][ T5347] ---[ end trace 0000000000000000 ]--- [ 112.039992][ T5347] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 112.044142][ T5347] Code: cc cc cc e8 f2 63 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 bb 69 4a f7 e9 f7 fe ff ff e8 d1 a0 dd f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 112.055086][ T5347] RSP: 0018:ffffc9000578f920 EFLAGS: 00010283 [ 112.058396][ T5347] RAX: ffffffff8ae8401f RBX: 0000000000000000 RCX: 0000000000100000 [ 112.063574][ T5347] RDX: ffffc90020802000 RSI: 0000000000000051 RDI: 0000000000000052 [ 112.067104][ T5347] RBP: ffffc9000578f9d0 R08: ffffffff9033a4f7 R09: 1ffffffff206749e [ 112.070818][ T5347] R10: dffffc0000000000 R11: fffffbfff206749f R12: dffffc0000000000 [ 112.076143][ T5347] R13: ffff888047d07040 R14: ffff88803fa3ba80 R15: 1ffff92000af1f28 [ 112.080369][ T5347] FS: 00007f230bff56c0(0000) GS:ffff88808c809000(0000) knlGS:0000000000000000 [ 112.084533][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 112.087713][ T5347] CR2: 00007ff61d70c684 CR3: 00000000441d8000 CR4: 0000000000352ef0 [ 112.092259][ T5347] Kernel panic - not syncing: Fatal exception [ 112.095759][ T5347] Kernel Offset: disabled [ 112.097664][ T5347] Rebooting in 86400 seconds..