program: setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e01, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x3d, 0x0, "bb02a3c364ca41d6357e544524474004000b42a21d7214bf92494925208a0e2f964e0000c534a6324d6193fcf19b2df3ee818afaa4ff1f56c54dc46d8b6d2ccd008aa0cc1dc2767bbe00"}, 0xd8) r0 = socket$kcm(0x23, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4) listen(r0, 0x800) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) sendmsg(r2, &(0x7f0000000c00)={&(0x7f0000000080)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000480)="caef07f0a8888b024416e53fe8e1c89ac328b53e846c835a96d694bdd7b1c214a7a4919297fb70653fa06e52c8d24304bf551aff2f48e2db23a301de9fd5245e5ca485bcc08adf3cf9d32b6ff126c96b7ca8318d44371611f51d33f0aa3aed4579100430f08c18ddc12db4c91d96a58ef0295332c57b14dd5cb2628d871fbbf435b9737da71608434a9f8c1be9b2c6d9f7377ac2de5e7b46b8465aa2ad39f061647124a6e0a8bcd284591ac60dfbe712d7e269fe3fd943a3abf3e280995a617d1d811adcbaf0a0", 0xc7}, {&(0x7f0000000580)="f8bf0c0b33d664282de15bf5b11eced291db3244bf2efc2fb5a0a6f7f70d1ecde371c70c1ed403eb3ae5d9337887d77a9646b363dc233ba1463fa1a89a2021121cd018df462858", 0x47}, {&(0x7f0000000600)="894b5b92348f603110167629aaaf6e1ab4292bf38dc7b5616507c256909cd3e83245188260482248d21bb71cabada54327cd6d6ffffdebe76bb8ca20cc2fc97a5490917ac7b2c621dfa6adb6d572e1df92ccffb22c6c8a5cd9c28a5792166e19b71a9911003943", 0x67}], 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="b00000000000000000000000070000009e8d8d5794684084c9c636aa6029b2f7e247047579722025307fb0420e98947dd1aee1ea936bdee7383e779583f9792fb2af8f84c6fd47f119fe9d35d706d92c472b408429447b57f8b5749bf499cf0d8df796d570dd996cc4c70c7fc8bfb6a96209c92846f7339ff23483513ba3e4cdb4f9329de748c7552ced807500874415420db987ff7e63a6b6ffc32d11597b52c4ac3f5491d9fc6be7d51c995e76d8aed800000000000000290000000d000000a1a6b1b66181b22dce08cc3471d178ad0374803836be1b3987ac86be11ce9f0fd41f7102df92d690acf1af02a74071de8ab0654c15269589c02a620e9bd732fc24a90514277fd9b16f8b0c2aac070b84ee43b3f54d0386449f6b2c2db9c79c284e82f6343f66abca0db6f59b42de9dce610cf57925aa899b049e8b2481b057f73d6e67219cd63b5d6779ac1a6b8c371a6d3062b1ebe436dfa9b9c8a4e438b1106c321cb1fddd1aad1a12808837b790a43f8aebdd44056e00"/392], 0x188}, 0x40000) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) r4 = accept4(r0, 0x0, 0x0, 0x80000) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @local}) getsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f00000001c0)={@local, 0x0}, &(0x7f0000000280)=0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'rose0\x00', 0x0}) r10 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r9, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r10, @ANYRES32=r10], 0x44}}, 0x2000800) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) r12 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r13, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000010000305fcffffff0023000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000"], 0x20}, 0x1, 0x0, 0x0, 0x48890}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000940)={'syztnl2\x00', &(0x7f00000008c0)={'ip6gre0\x00', 0x0, 0x29, 0x8, 0x2, 0x2a9, 0x10, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8000, 0x700, 0x1, 0x7e8}}) sendmsg$TEAM_CMD_NOOP(r4, &(0x7f0000000bc0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000c40)=ANY=[@ANYBLOB="c8010000", @ANYRES16=0x0, @ANYBLOB="000828bd7000fedbdf250000000008000100", @ANYRES32=r6, @ANYBLOB="ec00028038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000050003000300000008000400f00700003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r8, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000500000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r9, @ANYBLOB="080007000000000008000100", @ANYRES32=r11, @ANYBLOB="b800028038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400a0feffff3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400461addab88229b79eef0d66b1d", @ANYRES32=r15, @ANYBLOB='\b\x00\a\x00\x00\x00\x00\x00'], 0x1c8}, 0x1, 0x0, 0x0, 0x8040081}, 0x20008004) write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78) [ 93.225574][ T4680] Bluetooth: hci0: command tx timeout [ 93.280020][ T800] cfg80211: failed to load regulatory.db [ 93.370056][ T5337] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 93.440632][ T5337] syz.0.0 uses obsolete (PF_INET,SOCK_PACKET) [ 93.444773][ T5337] syzkaller1: entered allmulticast mode [ 93.558301][ T5337] ------------[ cut here ]------------ [ 93.561201][ T5337] kernel BUG at net/phonet/socket.c:213! [ 93.574131][ T5337] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 93.576905][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 93.580789][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 93.585937][ T5337] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 93.589049][ T5337] Code: cc cc cc e8 42 58 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 db ab 4b f7 e9 f7 fe ff ff e8 f1 e2 de f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 93.597931][ T5337] RSP: 0018:ffffc9000e59f920 EFLAGS: 00010283 [ 93.601026][ T5337] RAX: ffffffff8ae6fbcf RBX: 0000000000000000 RCX: 0000000000100000 [ 93.605308][ T5337] RDX: ffffc9000ed51000 RSI: 0000000000000051 RDI: 0000000000000052 [ 93.608904][ T5337] RBP: ffffc9000e59f9d0 R08: ffffffff903378f7 R09: 1ffffffff2066f1e [ 93.612462][ T5337] R10: dffffc0000000000 R11: fffffbfff2066f1f R12: dffffc0000000000 [ 93.616564][ T5337] R13: ffff88804670cc40 R14: ffff888038a6ba80 R15: 1ffff92001cb3f28 [ 93.620347][ T5337] FS: 00007fa4204326c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000 [ 93.624177][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.628022][ T5337] CR2: 000055838b877008 CR3: 0000000044289000 CR4: 0000000000352ef0 [ 93.632667][ T5337] Call Trace: [ 93.634170][ T5337] [ 93.635545][ T5337] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 93.638418][ T5337] ? __pfx_pn_socket_sendmsg+0x10/0x10 [ 93.640805][ T5337] ? aa_sock_msg_perm+0xf1/0x1b0 [ 93.643069][ T5337] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 93.646001][ T5337] ____sys_sendmsg+0x972/0x9f0 [ 93.649093][ T5337] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.652016][ T5337] ? import_iovec+0x73/0xa0 [ 93.653998][ T5337] ___sys_sendmsg+0x2a5/0x360 [ 93.656436][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 93.658719][ T5337] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.661095][ T5337] ? futex_wait+0x2a2/0x390 [ 93.663369][ T5337] ? __fget_files+0x2a/0x420 [ 93.665983][ T5337] ? __fget_files+0x3a0/0x420 [ 93.668545][ T5337] __x64_sys_sendmsg+0x1bd/0x2a0 [ 93.670906][ T5337] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 93.673295][ T5337] ? rcu_is_watching+0x15/0xb0 [ 93.675477][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.678816][ T5337] do_syscall_64+0x15f/0xf80 [ 93.681831][ T5337] ? clear_bhb_loop+0x40/0x90 [ 93.684149][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.686955][ T5337] RIP: 0033:0x7fa41f59c819 [ 93.689031][ T5337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 93.697999][ T5337] RSP: 002b:00007fa420431fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.701897][ T5337] RAX: ffffffffffffffda RBX: 00007fa41f815fa0 RCX: 00007fa41f59c819 [ 93.705169][ T5337] RDX: 0000000020008004 RSI: 0000200000000bc0 RDI: 0000000000000007 [ 93.708785][ T5337] RBP: 00007fa41f632c91 R08: 0000000000000000 R09: 0000000000000000 [ 93.713005][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.717182][ T5337] R13: 00007fa41f816038 R14: 00007fa41f815fa0 R15: 00007ffe97c075b8 [ 93.720770][ T5337] [ 93.722140][ T5337] Modules linked in: [ 93.724747][ T5337] ---[ end trace 0000000000000000 ]--- [ 93.768250][ T5337] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 93.772121][ T5337] Code: cc cc cc e8 42 58 d2 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 db ab 4b f7 e9 f7 fe ff ff e8 f1 e2 de f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 93.782922][ T5337] RSP: 0018:ffffc9000e59f920 EFLAGS: 00010283 [ 93.785946][ T5337] RAX: ffffffff8ae6fbcf RBX: 0000000000000000 RCX: 0000000000100000 [ 93.790313][ T5337] RDX: ffffc9000ed51000 RSI: 0000000000000051 RDI: 0000000000000052 [ 93.794653][ T5337] RBP: ffffc9000e59f9d0 R08: ffffffff903378f7 R09: 1ffffffff2066f1e [ 93.799015][ T5337] R10: dffffc0000000000 R11: fffffbfff2066f1f R12: dffffc0000000000 [ 93.802744][ T5337] R13: ffff88804670cc40 R14: ffff888038a6ba80 R15: 1ffff92001cb3f28 [ 93.807163][ T5337] FS: 00007fa4204326c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000 [ 93.812925][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.816201][ T5337] CR2: 00007fa4203effe8 CR3: 0000000044289000 CR4: 0000000000352ef0 [ 93.821043][ T5337] Kernel panic - not syncing: Fatal exception [ 93.824308][ T5337] Kernel Offset: disabled [ 93.826276][ T5337] Rebooting in 86400 seconds..