program:
r0 = socket$kcm(0x23, 0x5, 0x0)
listen(r0, 0x800)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000080)={<r1=>r0})
setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x5)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r3, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10)
r4 = accept4(r0, 0x0, 0x0, 0x80000)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), r4)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000180)={<r6=>0x0, @empty, @dev}, &(0x7f00000001c0)=0xc)
sendmsg$GTP_CMD_DELPDP(r4, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r5, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@GTPA_TID={0xc}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_LINK={0x8, 0x1, r6}, @GTPA_MS_ADDR6={0x14, 0xc, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x404c194}, 0x4)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)

[   84.757144][ T5339] netlink: 'syz.0.0': attribute type 2 has an invalid length.
[   84.769361][ T5320] Bluetooth: hci0: command tx timeout
[   84.849285][ T5339] ------------[ cut here ]------------
[   84.852220][ T5339] kernel BUG at net/phonet/socket.c:213!
[   84.858898][ T5339] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   84.861970][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.866809][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.872143][ T5339] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   84.874834][ T5339] Code: cc cc cc e8 72 5d d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 9b ad 4b f7 e9 f7 fe ff ff e8 21 e8 de f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   84.884220][ T5339] RSP: 0018:ffffc90005c07c00 EFLAGS: 00010287
[   84.887178][ T5339] RAX: ffffffff8ae6f69f RBX: 0000000000000000 RCX: 0000000000100000
[   84.890636][ T5339] RDX: ffffc90020001000 RSI: 0000000000000581 RDI: 0000000000000582
[   84.894166][ T5339] RBP: ffffc90005c07cb0 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   84.897854][ T5339] R10: dffffc0000000000 R11: fffffbfff2066eff R12: dffffc0000000000
[   84.901896][ T5339] R13: ffff88804725b640 R14: ffff88803a693a80 R15: 1ffff92000b80f84
[   84.905473][ T5339] FS:  00007fdcccd806c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[   84.909657][ T5339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.913167][ T5339] CR2: 00007fbd61f022b0 CR3: 000000001f273000 CR4: 0000000000352ef0
[   84.917684][ T5339] Call Trace:
[   84.919298][ T5339]  <TASK>
[   84.920666][ T5339]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   84.923743][ T5339]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[   84.926636][ T5339]  ? aa_sock_msg_perm+0xf1/0x1b0
[   84.929689][ T5339]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   84.932449][ T5339]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[   84.935024][ T5339]  __sys_sendto+0x672/0x710
[   84.937275][ T5339]  ? __pfx___sys_sendto+0x10/0x10
[   84.940208][ T5339]  ? exc_page_fault+0x6a/0xc0
[   84.942800][ T5339]  ? do_user_addr_fault+0xc6f/0x1340
[   84.945632][ T5339]  __x64_sys_sendto+0xde/0x100
[   84.947850][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.950788][ T5339]  do_syscall_64+0x15f/0xf80
[   84.953093][ T5339]  ? trace_irq_disable+0x3b/0x140
[   84.955962][ T5339]  ? clear_bhb_loop+0x40/0x90
[   84.958510][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.961253][ T5339] RIP: 0033:0x7fdccbf5d04e
[   84.963300][ T5339] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[   84.972952][ T5339] RSP: 002b:00007fdcccd7ee48 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   84.977390][ T5339] RAX: ffffffffffffffda RBX: 00007fdcccd806c0 RCX: 00007fdccbf5d04e
[   84.981015][ T5339] RDX: 000000000000001c RSI: 00007fdcccd7efc0 RDI: 0000000000000006
[   84.984885][ T5339] RBP: 0000000000000000 R08: 00007fdcccd7eec4 R09: 000000000000000c
[   84.989512][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[   84.993290][ T5339] R13: 00007fdcccd7ef18 R14: 00007fdcccd7efc0 R15: 0000000000000000
[   84.996716][ T5339]  </TASK>
[   84.998246][ T5339] Modules linked in:
[   85.000920][ T5339] ---[ end trace 0000000000000000 ]---
[   85.023352][ T5340] ------------[ cut here ]------------
[   85.026085][ T5340] kernel BUG at net/phonet/socket.c:213!
[   85.029180][ T5339] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   85.033289][ T5340] Oops: invalid opcode: 0000 [#2] SMP KASAN NOPTI
[   85.036678][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Tainted: G      D             syzkaller #0 PREEMPT(full) 
[   85.041611][ T5340] Tainted: [D]=DIE
[   85.043380][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.048753][ T5340] RIP: 0010:pn_socket_sendmsg+0x240/0x250
[   85.051679][ T5340] Code: cc cc cc e8 72 5d d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 9b ad 4b f7 e9 f7 fe ff ff e8 21 e8 de f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   85.061200][ T5340] RSP: 0018:ffffc9000600f920 EFLAGS: 00010283
[   85.065185][ T5340] RAX: ffffffff8ae6f69f RBX: 0000000000000000 RCX: 0000000000100000
[   85.069105][ T5340] RDX: ffffc90020802000 RSI: 0000000000000051 RDI: 0000000000000052
[   85.072775][ T5340] RBP: ffffc9000600f9d0 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   85.076469][ T5340] R10: dffffc0000000000 R11: fffffbfff2066eff R12: dffffc0000000000
[   85.080251][ T5340] R13: ffff88804725b640 R14: ffff88803a693a80 R15: 1ffff92000c01f28
[   85.085692][ T5340] FS:  00007fdcc83f56c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[   85.090367][ T5340] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.093360][ T5340] CR2: 00007f2107cac9d0 CR3: 000000001f273000 CR4: 0000000000352ef0
[   85.096916][ T5340] Call Trace:
[   85.098393][ T5340]  <TASK>
[   85.099738][ T5340]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   85.102554][ T5340]  ? __pfx_pn_socket_sendmsg+0x10/0x10
[   85.104863][ T5340]  ? rcu_is_watching+0x15/0xb0
[   85.107313][ T5340]  ? aa_sock_msg_perm+0xf1/0x1b0
[   85.110103][ T5340]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   85.112935][ T5340]  ____sys_sendmsg+0x972/0x9f0
[   85.115017][ T5340]  ? __pfx_____sys_sendmsg+0x10/0x10
[   85.117267][ T5340]  ? __might_fault+0xaf/0x130
[   85.119539][ T5340]  ? import_iovec+0x73/0xa0
[   85.121731][ T5340]  ___sys_sendmsg+0x2a5/0x360
[   85.124339][ T5340]  ? try_to_wake_up+0x7f2/0x1380
[   85.126838][ T5340]  ? __pfx____sys_sendmsg+0x10/0x10
[   85.129056][ T5340]  ? futex_wait+0x2a2/0x390
[   85.131205][ T5340]  ? __fget_files+0x2a/0x420
[   85.133611][ T5340]  ? __fget_files+0x3a0/0x420
[   85.136280][ T5340]  __x64_sys_sendmsg+0x1bd/0x2a0
[   85.139031][ T5340]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   85.141758][ T5340]  ? rcu_is_watching+0x15/0xb0
[   85.143938][ T5340]  ? rcu_is_watching+0x15/0xb0
[   85.146138][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.149052][ T5340]  do_syscall_64+0x15f/0xf80
[   85.151502][ T5340]  ? trace_irq_disable+0x3b/0x140
[   85.154652][ T5340]  ? clear_bhb_loop+0x40/0x90
[   85.157246][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.160251][ T5340] RIP: 0033:0x7fdccbf9c819
[   85.162515][ T5340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.172139][ T5340] RSP: 002b:00007fdcc83f4fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.177154][ T5340] RAX: ffffffffffffffda RBX: 00007fdccc216090 RCX: 00007fdccbf9c819
[   85.180860][ T5340] RDX: 0000000000000004 RSI: 0000200000000340 RDI: 0000000000000006
[   85.184702][ T5340] RBP: 00007fdccc032c91 R08: 0000000000000000 R09: 0000000000000000
[   85.188834][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.193218][ T5340] R13: 00007fdccc216128 R14: 00007fdccc216090 R15: 00007fff725b7428
[   85.196856][ T5340]  </TASK>
[   85.198389][ T5340] Modules linked in:
[   85.201463][ T5340] ---[ end trace 0000000000000000 ]---
[   85.209725][ T5339] Code: cc cc cc e8 72 5d d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 9b ad 4b f7 e9 f7 fe ff ff e8 21 e8 de f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   85.219387][ T5339] RSP: 0018:ffffc90005c07c00 EFLAGS: 00010287
[   85.222627][ T5339] RAX: ffffffff8ae6f69f RBX: 0000000000000000 RCX: 0000000000100000
[   85.226452][ T5339] RDX: ffffc90020001000 RSI: 0000000000000581 RDI: 0000000000000582
[   85.230579][ T5339] RBP: ffffc90005c07cb0 R08: ffffffff903377f7 R09: 1ffffffff2066efe
[   85.235227][ T5339] R10: dffffc0000000000 R11: fffffbfff2066eff R12: dffffc0000000000
[   85.239754][ T5339] R13: ffff88804725b640 R14: ffff88803a693a80 R15: 1ffff92000b80f84
[   85.244231][ T5339] FS:  00007fdcccd806c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[   85.249996][ T5339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.252900][ T5339] CR2: 00007f2107cac9d0 CR3: 000000001f273000 CR4: 0000000000352ef0
[   85.256125][ T5339] Kernel panic - not syncing: Fatal exception
[   85.259491][ T5339] Kernel Offset: disabled
[   85.261999][ T5339] Rebooting in 86400 seconds..