program: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10) (async) r1 = socket$kcm(0x23, 0x5, 0x0) listen(r1, 0x800) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r3, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) (async) r4 = accept4(r1, 0x0, 0x0, 0x80000) connect$unix(r4, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) (async) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) (async) sendto$inet(r0, 0x0, 0x0, 0x8004, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) (async) sendto$inet(r0, &(0x7f0000000240)="d77c96c105134694", 0x8, 0x800, &(0x7f0000000100)={0x2, 0x4e24, @multicast1}, 0x10) (async) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x548, &(0x7f00000010c0)="$eJzs3U1oHGUYAOB3ZrPWttG0oKDSQ1GhQukm6Y9WT+lVLBR6ELzUZbMNIZtsyG5qE3JI70UsKCq91JsePCoePIgXj169KJ4F0aDQ9CCRye6mbf5ca5OtmeeB2f1+lrzfl5l3st8wQwLIraPZSxrxbERcSCIG7unri3bn0dbnlpcWKneWFipJrKxc/C2JJCJuLy1UOp9P2u8HI2IxIp6JiG+LEcfTjXEbc/MT5VqtOtOuDzYnpwcbc/MnxifLY9Wx6tSpV149c/b0meGTww9trtd/uvHu9e9fv3Xjs8+PLFY+KCcxEv3tvnvn8TC1fifFGFnXfnongvVQ0usB8EAK7TwvRsTTMRCFdtYDe9/KvogVIKcS+Q851fkekK1/O9tufv/49VxrAZLFXW5vrZ6+1rWJeHx1bXLgj+S+lUm23jy0mwNlT1q8FhFDfX0bj/+kffw9uKGHMUB21DfnWjtq4/5P184/scn5p79z7fQ/6pz/ljec/+7GL2xx/rvQZYy/3vr54y3jX4t4btP4yVr8ZJP4aUS83WX8m29+dXarvpVPIo7F5vE7ku2vDw9eHq9Vh1qvm8b4+tiR17ab/4Et4o9sM/+sbbrL+X/53RfPL24T/6UXtt//m8XfHxHvdRn/8O1P39iqL4s/usX8t4uftd3qMv7LI0d/7PKjAAAAAAAAAADAv5Cu3suWpKW1cpqWSq1neJ+KA2mt3mgev1yfnRpt3fN2KIpp506rgVY9yerD7ftxO/WT6+qnIuJwRLxf2L9aL1XqtdFeTx4AAAAAAAAAAAAAAAAAAAAeEQfXPf//Z6H1/D+QE/7lN+SX/If8uj//k56NA9h9/v5Dfsl/yC/5D/kl/yG/5D/kl/yH/JL/kF/yHwAAAAAAAAAAAAAAAAAAAAAAAAAAdsSF8+ezbeXO0kIlq49emZudqF85MVptTJQmZyulSn1mujRWr4/VqqVKffKffl6tXp8eiqnZq4PNaqM52JibvzRZn51qXhqfLI9VL1WLuzIrAAAAAAAAAAAAAAAAAAAA+H/pX92StBQR6Wo5TUuliCci4lAUk8vjtepQRDwZET8Uivuy+nCvBw0AAAAAAAAAAAAAAAAAAAB7TGNufqJcq1VnFDYWImLxERiGgkJPDn4AAAAAAAAAAAAAAAAAAGBX3X3ot9cjAQAAAAAAAAAAAAAAAAAAgDxLf0kiItuODbzYv773sWS5sPoeEe/cvPjh1XKzOTOctf++1t78qN1+shfjB7rVydNOHgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3NebmJ8q1WnVmBwu9niMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAg/g7AAD//4zf2Wg=") (async) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x36042, 0xc7) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_LISTALL(r6, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, r7, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010101}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @local}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x40}}, 0x20000000) (async) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x147) [ 104.230040][ T4652] Bluetooth: hci0: command tx timeout [ 104.310416][ T5327] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 104.344818][ T5328] ------------[ cut here ]------------ [ 104.347515][ T5328] kernel BUG at net/phonet/socket.c:213! [ 104.360702][ T5328] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 104.363805][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.367730][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.372244][ T5328] RIP: 0010:pn_socket_connect+0xb91/0xba0 [ 104.375344][ T5328] Code: 8b 7c 24 18 e9 6f fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 1e fd ff ff 4c 89 e7 e8 ba 1d 59 f7 e9 11 fd ff ff e8 b0 55 ec f6 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 104.386811][ T5328] RSP: 0018:ffffc900032ffc00 EFLAGS: 00010293 [ 104.389519][ T5328] RAX: ffffffff8ad964f0 RBX: 0000000000000000 RCX: ffff888000b24a00 [ 104.393255][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.397394][ T5328] RBP: ffffc900032ffd70 R08: ffffffff9030bdf7 R09: 1ffffffff20617be [ 104.400984][ T5328] R10: dffffc0000000000 R11: fffffbfff20617bf R12: ffff888049091858 [ 104.404374][ T5328] R13: 1ffff9200065ff90 R14: dffffc0000000000 R15: 1ffff1100921230b [ 104.407773][ T5328] FS: 00007f46442dd6c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000 [ 104.411532][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.414996][ T5328] CR2: 00007f46442bcd58 CR3: 00000000368d2000 CR4: 0000000000352ef0 [ 104.418630][ T5328] Call Trace: [ 104.420239][ T5328] [ 104.421484][ T5328] ? aa_sk_perm+0x6d5/0x900 [ 104.423557][ T5328] ? __might_fault+0xaf/0x130 [ 104.425732][ T5328] ? __pfx_pn_socket_connect+0x10/0x10 [ 104.428599][ T5328] ? __pfx_aa_sk_perm+0x10/0x10 [ 104.431288][ T5328] ? tomoyo_socket_connect_permission+0x163/0x290 [ 104.434493][ T5328] ? hook_socket_connect+0x107/0x190 [ 104.436716][ T5328] ? bpf_lsm_socket_connect+0x9/0x20 [ 104.439299][ T5328] __sys_connect+0x312/0x450 [ 104.441622][ T5328] ? __pfx___sys_connect+0x10/0x10 [ 104.444118][ T5328] ? rcu_is_watching+0x15/0xb0 [ 104.446588][ T5328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.449994][ T5328] __x64_sys_connect+0x7a/0x90 [ 104.452435][ T5328] do_syscall_64+0x15f/0xf80 [ 104.454487][ T5328] ? trace_irq_disable+0x3b/0x140 [ 104.456966][ T5328] ? clear_bhb_loop+0x40/0x90 [ 104.459584][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.462889][ T5328] RIP: 0033:0x7f464339cdd9 [ 104.465585][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.473908][ T5328] RSP: 002b:00007f46442dcfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 104.477440][ T5328] RAX: ffffffffffffffda RBX: 00007f4643616090 RCX: 00007f464339cdd9 [ 104.481067][ T5328] RDX: 000000000000006e RSI: 00002000000002c0 RDI: 0000000000000007 [ 104.486480][ T5328] RBP: 00007f4643432d69 R08: 0000000000000000 R09: 0000000000000000 [ 104.490115][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.493582][ T5328] R13: 00007f4643616128 R14: 00007f4643616090 R15: 00007ffcf9c914f8 [ 104.497200][ T5328] [ 104.498788][ T5328] Modules linked in: [ 104.511787][ T5328] ---[ end trace 0000000000000000 ]--- [ 104.534021][ T5328] RIP: 0010:pn_socket_connect+0xb91/0xba0 [ 104.537425][ T5328] Code: 8b 7c 24 18 e9 6f fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 1e fd ff ff 4c 89 e7 e8 ba 1d 59 f7 e9 11 fd ff ff e8 b0 55 ec f6 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 104.550852][ T5328] RSP: 0018:ffffc900032ffc00 EFLAGS: 00010293 [ 104.554334][ T5328] RAX: ffffffff8ad964f0 RBX: 0000000000000000 RCX: ffff888000b24a00 [ 104.557860][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.561863][ T5328] RBP: ffffc900032ffd70 R08: ffffffff9030bdf7 R09: 1ffffffff20617be [ 104.566222][ T5328] R10: dffffc0000000000 R11: fffffbfff20617bf R12: ffff888049091858 [ 104.571825][ T5328] R13: 1ffff9200065ff90 R14: dffffc0000000000 R15: 1ffff1100921230b [ 104.576235][ T5328] FS: 00007f46442dd6c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000 [ 104.580291][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.584099][ T5328] CR2: 0000000000000000 CR3: 00000000368d2000 CR4: 0000000000352ef0 [ 104.588538][ T5328] Kernel panic - not syncing: Fatal exception [ 104.591862][ T5328] Kernel Offset: disabled [ 104.593791][ T5328] Rebooting in 86400 seconds..