program: r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_IOVA_RANGES(r2, 0x3b84, &(0x7f0000000240)={0x20, r3, 0x0, 0x0, 0x0}) sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) r5 = socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r7, 0xc0145b0d, 0x0) sendmsg$kcm(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000300)="e0ae41e0c30cb72a44559690e3c69a7750471cc50899816e10b4764f2738282f80c47d60710c9d868d64456d72f6e37d3f0db0a18a7e9625433a1ac0109e665f9610006a9eef361569d39e098f43c5dc99114744258555e6e4c828ad88bb7cb0fa8577753a374e616c43f4dab13ed611ae226fc492781f51ebddffb421a29428f12ecba1de28ec74bb2bfd2bd4b0bac036abbc7b58c545753b2c677ed5381048d418a96cca9f44c1523a8b32f6a2c68491adcd562a983e9c4ea0f963ff01a656a2615d981cb4", 0xc6}, {&(0x7f0000000400)}], 0x2, &(0x7f00000004c0)=[{0xd8, 0x0, 0xdc4, "34fa10f68b6a7b850b777e67172b3fb0ed7757a6d6f298eadeb0d0f0b57c89c3d2ba30e6b91bd2ca7b167f1a5a303e6dadc843222b6401312d8dcfb70065060007c7f96c8adafff08e0f4690447f95baf4a35bf12d6a37353dca8383fd287da2d4cff4fcf0b795feaf59b241ebc02ba7451609045994ba03d4c3c512ad18c339d1fd4abec14cafba658017841e874a7c35523d7b62aee3830d41981ddb0f459c261b442c63b5657c9e1550603331a2c951f77ebbd5f4d5d183de859d5c1089b575ad600b"}, {0xe8, 0x10a, 0x0, "551c1844771edaf479998be35e93481c29eecac3342fce8cb2c20fc452f56051ca501eb0228b340855434fda14e0b777e6052628c8a58b7f08cfa638cc9f8edda4484f23fd4222e02cab733b9c01bdffa2d9503f0f1edaf0497f5f97e5deb78cf7ff4b7e4d5c04616edbb6062fa6bd8861f3ce002d0ef125efd5ba57244c023823455b3fe42be46097640cc9ab82bf617d0a2d332273195069017c232dad325507888991ea3d6d309cfb99ace2c01262d48de0c37a499b1f756944b486d1cad75c19cf61e01158399cf6d62b88b0058c97"}, {0xc8, 0x0, 0x7, "a5ba619da9e2948d3a10e1f4722c3f9fcef75974dce411081c21348be6d1ee7d75d372795c547e3da3d054cd2feafad823a773b61e44c6cd339b8aeefe11001e96e1aa886ce2a4747205df3ad432d457ca15b23da850d3d1c51f5dfa830ff1b93dcd2c33120252fd78604bb6b48b229092e40419d0afcdf836526ab54554e0063c457e51dd658335b2e45e81f64cb5c27e1d54da98f9af7e4f025a03cf384e22e39f87886647e8bac7c431c0b034f68a5f0d73"}, {0xb8, 0x6, 0x7, "dc8b31c3aeff126b8285d9f866b23a48b14c14e229bb18da42ba77a35840fb171119c73df151d0825624e5a6ad9d51a2f7146c8737d0d864e1c9cd6aeb582a2a061cbccd309b468ca24e76a6e0dac76c7284f0b0cd38047179d7907ef1a6e0a3ccde818a8f2201b9f3ed1562b1dc385fa996012a8d97ab4a599f3cfef0800e33af027ff6abf2efeb7082412fe17e0dfb40aa1dfaa62747af8726d1d8286b5bd8ea8234"}], 0x340}, 0x40) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x18, 0x140f, 0x9, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x5}]}, 0x18}}, 0x0) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) r9 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r9, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x1412, 0x4, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x840) [ 105.580038][ T4655] Bluetooth: hci0: command tx timeout [ 105.652440][ T5333] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 105.918859][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 106.069020][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 106.074249][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 106.079620][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 106.084825][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 106.099718][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 106.106022][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 106.115794][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.335662][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 106.339235][ T9] usbtmc 5-1:16.0: can't read capabilities [ 106.595226][ T5333] ------------[ cut here ]------------ [ 106.597574][ T5333] kernel BUG at net/phonet/socket.c:213! [ 106.601309][ T5333] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 106.604335][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 106.608519][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.613265][ T5333] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 106.616035][ T5333] Code: cc cc cc e8 02 74 d0 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 4b 3c 59 f7 e9 f7 fe ff ff e8 a1 73 ec f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 106.624698][ T5333] RSP: 0018:ffffc9000dfaf920 EFLAGS: 00010283 [ 106.627445][ T5333] RAX: ffffffff8ad9400f RBX: 0000000000000000 RCX: 0000000000100000 [ 106.630953][ T5333] RDX: ffffc9000efca000 RSI: 0000000000000051 RDI: 0000000000000052 [ 106.634532][ T5333] RBP: ffffc9000dfaf9d0 R08: ffffffff9030baf7 R09: 1ffffffff206175e [ 106.638004][ T5333] R10: dffffc0000000000 R11: fffffbfff206175f R12: dffffc0000000000 [ 106.641579][ T5333] R13: ffff888047419240 R14: ffff888036ce3a80 R15: 1ffff92001bf5f28 [ 106.645240][ T5333] FS: 00007fc96ec9e6c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000 [ 106.649217][ T5333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.652161][ T5333] CR2: 00007fc96ec7cff8 CR3: 00000000361a3000 CR4: 0000000000352ef0 [ 106.656075][ T5333] Call Trace: [ 106.657686][ T5333] [ 106.659147][ T5333] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 106.662214][ T5333] ? __pfx_pn_socket_sendmsg+0x10/0x10 [ 106.664541][ T5333] ? aa_sock_msg_perm+0xf1/0x1b0 [ 106.666640][ T5333] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 106.669279][ T5333] ____sys_sendmsg+0x972/0x9f0 [ 106.671479][ T5333] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.673860][ T5333] ? import_iovec+0x73/0xa0 [ 106.675870][ T5333] ___sys_sendmsg+0x2a5/0x360 [ 106.678230][ T5333] ? __lock_acquire+0x6b5/0x2cf0 [ 106.680505][ T5333] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.682912][ T5333] ? futex_wait+0x2a2/0x390 [ 106.685033][ T5333] ? __fget_files+0x2a/0x420 [ 106.687226][ T5333] ? __fget_files+0x3a0/0x420 [ 106.689436][ T5333] __x64_sys_sendmsg+0x1bd/0x2a0 [ 106.691693][ T5333] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.694086][ T5333] ? rcu_is_watching+0x15/0xb0 [ 106.696225][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.699013][ T5333] do_syscall_64+0x15f/0xf80 [ 106.701175][ T5333] ? trace_irq_disable+0x3b/0x140 [ 106.703626][ T5333] ? clear_bhb_loop+0x40/0x90 [ 106.705782][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.708274][ T5333] RIP: 0033:0x7fc96dd9cdd9 [ 106.710331][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.718774][ T5333] RSP: 002b:00007fc96ec9dfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.722571][ T5333] RAX: ffffffffffffffda RBX: 00007fc96e015fa0 RCX: 00007fc96dd9cdd9 [ 106.726215][ T5333] RDX: 0000000000000840 RSI: 0000200000000180 RDI: 000000000000000c [ 106.729725][ T5333] RBP: 00007fc96de32d69 R08: 0000000000000000 R09: 0000000000000000 [ 106.733292][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.736909][ T5333] R13: 00007fc96e016038 R14: 00007fc96e015fa0 R15: 00007ffc6aaa3af8 [ 106.740692][ T5333] [ 106.742149][ T5333] Modules linked in: [ 106.744537][ T5333] ---[ end trace 0000000000000000 ]--- [ 106.757143][ T5333] RIP: 0010:pn_socket_sendmsg+0x240/0x250 [ 106.760059][ T5333] Code: cc cc cc e8 02 74 d0 00 89 d9 80 e1 07 fe c1 38 c1 0f 8c 04 ff ff ff 48 89 df e8 4b 3c 59 f7 e9 f7 fe ff ff e8 a1 73 ec f6 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 106.771131][ T5333] RSP: 0018:ffffc9000dfaf920 EFLAGS: 00010283 [ 106.774021][ T5333] RAX: ffffffff8ad9400f RBX: 0000000000000000 RCX: 0000000000100000 [ 106.777548][ T5333] RDX: ffffc9000efca000 RSI: 0000000000000051 RDI: 0000000000000052 [ 106.781532][ T5333] RBP: ffffc9000dfaf9d0 R08: ffffffff9030baf7 R09: 1ffffffff206175e [ 106.785185][ T5333] R10: dffffc0000000000 R11: fffffbfff206175f R12: dffffc0000000000 [ 106.788820][ T5333] R13: ffff888047419240 R14: ffff888036ce3a80 R15: 1ffff92001bf5f28 [ 106.792580][ T5333] FS: 00007fc96ec9e6c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000 [ 106.796339][ T5333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.800233][ T5333] CR2: 00007fc96ec7cff8 CR3: 00000000361a3000 CR4: 0000000000352ef0 [ 106.803952][ T5333] Kernel panic - not syncing: Fatal exception [ 106.807036][ T5333] Kernel Offset: disabled [ 106.809017][ T5333] Rebooting in 86400 seconds..