program: socket$nl_sock_diag(0x10, 0x3, 0x4) (async) r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) (async) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) (async) sendmmsg$inet(r0, &(0x7f0000001cc0)=[{{&(0x7f0000000300)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000001fc0)=[{&(0x7f0000004100)="89", 0x1}], 0x1}}], 0x1001, 0x2400c040) (async, rerun: 64) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) [ 84.405546][ T5284] Bluetooth: hci0: command tx timeout [ 84.495203][ T5321] netlink: 12 bytes leftover after parsing attributes in process `syz.0.0'. [ 84.548587][ T5321] ------------[ cut here ]------------ [ 84.550993][ T5321] !sock_allow_reclassification(sk) [ 84.551002][ T5321] WARNING: drivers/block/nbd.c:1249 at nbd_add_socket+0xf35/0x12c0, CPU#0: syz.0.0/5321 [ 84.558147][ T5321] Modules linked in: [ 84.559775][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.564067][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.569373][ T5321] RIP: 0010:nbd_add_socket+0xf35/0x12c0 [ 84.572052][ T5321] Code: f7 e8 4f 1c 20 fc bf e0 01 00 00 49 03 3e 48 c7 c6 00 39 55 8c e8 cb 6f 17 fb b8 f0 ff ff ff e9 b2 fd ff ff e8 9c 66 b1 fb 90 <0f> 0b 90 e9 16 f8 ff ff e8 de f8 97 05 44 89 e9 80 e1 07 fe c1 38 [ 84.580175][ T5321] RSP: 0018:ffffc9000e39f160 EFLAGS: 00010293 [ 84.583581][ T5321] RAX: ffffffff8614caf4 RBX: 1ffff11006881039 RCX: ffff88803c26a540 [ 84.587522][ T5321] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 84.590764][ T5321] RBP: ffffc9000e39f250 R08: ffff888012f004df R09: 1ffff110025e009b [ 84.594165][ T5321] R10: dffffc0000000000 R11: ffffed10025e009c R12: ffff888034408000 [ 84.597849][ T5321] R13: 1ffff92001c73e38 R14: dffffc0000000000 R15: 0000000000000001 [ 84.602354][ T5321] FS: 00007f0428fbc6c0(0000) GS:ffff88808c85e000(0000) knlGS:0000000000000000 [ 84.606495][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.609036][ T5321] CR2: 0000555b206bb660 CR3: 0000000037aac000 CR4: 0000000000352ef0 [ 84.612413][ T5321] Call Trace: [ 84.613723][ T5321] [ 84.614875][ T5321] ? __pfx_nbd_add_socket+0x10/0x10 [ 84.616944][ T5321] ? __nla_parse+0x40/0x60 [ 84.618771][ T5321] nbd_genl_connect+0x133d/0x1c10 [ 84.621346][ T5321] ? __pfx_nbd_genl_connect+0x10/0x10 [ 84.624323][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.626456][ T5321] ? trace_kmalloc+0x2a/0xf0 [ 84.628331][ T5321] ? __nla_parse+0x40/0x60 [ 84.630165][ T5321] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 84.632893][ T5321] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 84.635480][ T5321] genl_family_rcv_msg_doit+0x233/0x340 [ 84.638004][ T5321] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 84.640994][ T5321] ? __pfx_stack_trace_save+0x10/0x10 [ 84.643815][ T5321] genl_rcv_msg+0x614/0x7a0 [ 84.645791][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 84.648079][ T5321] ? __pfx_nbd_genl_connect+0x10/0x10 [ 84.650421][ T5321] ? __netlink_lookup+0xc6/0x8b0 [ 84.652767][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.654983][ T5321] netlink_rcv_skb+0x226/0x4a0 [ 84.657126][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 84.659283][ T5321] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 84.661376][ T5321] ? down_read+0x2be/0x330 [ 84.663285][ T5321] genl_rcv+0x28/0x40 [ 84.664987][ T5321] netlink_unicast+0x7bb/0x940 [ 84.667030][ T5321] netlink_sendmsg+0x813/0xb40 [ 84.669058][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.671242][ T5321] ? aa_sock_msg_perm+0xf1/0x1b0 [ 84.673558][ T5321] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 84.675954][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.678327][ T5321] ____sys_sendmsg+0x9b9/0xa20 [ 84.680511][ T5321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 84.682753][ T5321] ? lock_release+0x4b/0x3c0 [ 84.684787][ T5321] ? import_iovec+0x73/0xa0 [ 84.686890][ T5321] ___sys_sendmsg+0x2a5/0x360 [ 84.689265][ T5321] ? __pfx____sys_sendmsg+0x10/0x10 [ 84.691837][ T5321] ? futex_wake+0x51b/0x5f0 [ 84.693700][ T5321] ? __fget_files+0x2a/0x420 [ 84.695595][ T5321] ? __fget_files+0x3a2/0x420 [ 84.697490][ T5321] __x64_sys_sendmsg+0x1b1/0x290 [ 84.699507][ T5321] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 84.701850][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.703863][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.706796][ T5321] do_syscall_64+0x174/0x580 [ 84.709092][ T5321] ? trace_irq_disable+0x3b/0x140 [ 84.711299][ T5321] ? clear_bhb_loop+0x40/0x90 [ 84.713463][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.715801][ T5321] RIP: 0033:0x7f042819ce59 [ 84.717794][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.726501][ T5321] RSP: 002b:00007f0428fbbfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.729856][ T5321] RAX: ffffffffffffffda RBX: 00007f0428415fa0 RCX: 00007f042819ce59 [ 84.733515][ T5321] RDX: 0000000000004000 RSI: 00002000000027c0 RDI: 0000000000000006 [ 84.736962][ T5321] RBP: 00007f0428232e6f R08: 0000000000000000 R09: 0000000000000000 [ 84.740282][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.743678][ T5321] R13: 00007f0428416038 R14: 00007f0428415fa0 R15: 00007ffe6bddafa8 [ 84.746936][ T5321] [ 84.748630][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 84.752193][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.755622][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.759525][ T5321] Call Trace: [ 84.760893][ T5321] [ 84.762126][ T5321] vpanic+0x56c/0xa60 [ 84.763818][ T5321] ? __pfx__printk+0x10/0x10 [ 84.765952][ T5321] ? __pfx_vpanic+0x10/0x10 [ 84.768383][ T5321] ? is_bpf_text_address+0x292/0x2b0 [ 84.770869][ T5321] ? is_bpf_text_address+0x26/0x2b0 [ 84.772976][ T5321] panic+0xc5/0xd0 [ 84.774505][ T5321] ? __pfx_panic+0x10/0x10 [ 84.776367][ T5321] __warn+0x315/0x4c0 [ 84.778037][ T5321] ? nbd_add_socket+0xf35/0x12c0 [ 84.780386][ T5321] ? nbd_add_socket+0xf35/0x12c0 [ 84.782733][ T5321] __report_bug+0x331/0x530 [ 84.784732][ T5321] ? nbd_add_socket+0xf35/0x12c0 [ 84.786799][ T5321] ? __pfx___report_bug+0x10/0x10 [ 84.788906][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.791075][ T5321] ? do_trace_netlink_extack+0x80/0x1d0 [ 84.793533][ T5321] ? __nla_validate_parse+0x2534/0x2d50 [ 84.796016][ T5321] ? __fget_files+0x2a/0x420 [ 84.797994][ T5321] ? nbd_add_socket+0xf35/0x12c0 [ 84.800018][ T5321] report_bug+0x16a/0x220 [ 84.801861][ T5321] ? nbd_add_socket+0xf35/0x12c0 [ 84.803982][ T5321] ? nbd_add_socket+0xf37/0x12c0 [ 84.806442][ T5321] handle_bug+0x9c/0x200 [ 84.808612][ T5321] exc_invalid_op+0x1a/0x50 [ 84.810897][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 84.812922][ T5321] RIP: 0010:nbd_add_socket+0xf35/0x12c0 [ 84.815365][ T5321] Code: f7 e8 4f 1c 20 fc bf e0 01 00 00 49 03 3e 48 c7 c6 00 39 55 8c e8 cb 6f 17 fb b8 f0 ff ff ff e9 b2 fd ff ff e8 9c 66 b1 fb 90 <0f> 0b 90 e9 16 f8 ff ff e8 de f8 97 05 44 89 e9 80 e1 07 fe c1 38 [ 84.823543][ T5321] RSP: 0018:ffffc9000e39f160 EFLAGS: 00010293 [ 84.826342][ T5321] RAX: ffffffff8614caf4 RBX: 1ffff11006881039 RCX: ffff88803c26a540 [ 84.829631][ T5321] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 84.832969][ T5321] RBP: ffffc9000e39f250 R08: ffff888012f004df R09: 1ffff110025e009b [ 84.836255][ T5321] R10: dffffc0000000000 R11: ffffed10025e009c R12: ffff888034408000 [ 84.840052][ T5321] R13: 1ffff92001c73e38 R14: dffffc0000000000 R15: 0000000000000001 [ 84.843405][ T5321] ? nbd_add_socket+0xf34/0x12c0 [ 84.845555][ T5321] ? __pfx_nbd_add_socket+0x10/0x10 [ 84.847691][ T5321] ? __nla_parse+0x40/0x60 [ 84.849353][ T5321] nbd_genl_connect+0x133d/0x1c10 [ 84.851647][ T5321] ? __pfx_nbd_genl_connect+0x10/0x10 [ 84.854339][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.856573][ T5321] ? trace_kmalloc+0x2a/0xf0 [ 84.858379][ T5321] ? __nla_parse+0x40/0x60 [ 84.860288][ T5321] ? genl_family_rcv_msg_attrs_parse+0x20b/0x2f0 [ 84.862916][ T5321] ? genl_family_rcv_msg_attrs_parse+0x265/0x2f0 [ 84.865497][ T5321] genl_family_rcv_msg_doit+0x233/0x340 [ 84.867911][ T5321] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 84.870766][ T5321] ? __pfx_stack_trace_save+0x10/0x10 [ 84.873230][ T5321] genl_rcv_msg+0x614/0x7a0 [ 84.875244][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 84.877263][ T5321] ? __pfx_nbd_genl_connect+0x10/0x10 [ 84.879462][ T5321] ? __netlink_lookup+0xc6/0x8b0 [ 84.881703][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.884214][ T5321] netlink_rcv_skb+0x226/0x4a0 [ 84.886340][ T5321] ? __pfx_genl_rcv_msg+0x10/0x10 [ 84.888869][ T5321] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 84.891040][ T5321] ? down_read+0x2be/0x330 [ 84.892918][ T5321] genl_rcv+0x28/0x40 [ 84.894636][ T5321] netlink_unicast+0x7bb/0x940 [ 84.896743][ T5321] netlink_sendmsg+0x813/0xb40 [ 84.899093][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.901617][ T5321] ? aa_sock_msg_perm+0xf1/0x1b0 [ 84.903767][ T5321] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 84.906050][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.908316][ T5321] ____sys_sendmsg+0x9b9/0xa20 [ 84.910289][ T5321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 84.912611][ T5321] ? lock_release+0x4b/0x3c0 [ 84.914820][ T5321] ? import_iovec+0x73/0xa0 [ 84.917019][ T5321] ___sys_sendmsg+0x2a5/0x360 [ 84.919074][ T5321] ? __pfx____sys_sendmsg+0x10/0x10 [ 84.921227][ T5321] ? futex_wake+0x51b/0x5f0 [ 84.923105][ T5321] ? __fget_files+0x2a/0x420 [ 84.925523][ T5321] ? __fget_files+0x3a2/0x420 [ 84.928398][ T5321] __x64_sys_sendmsg+0x1b1/0x290 [ 84.930864][ T5321] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 84.933202][ T5321] ? rcu_is_watching+0x15/0xb0 [ 84.935215][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.937611][ T5321] do_syscall_64+0x174/0x580 [ 84.939362][ T5321] ? trace_irq_disable+0x3b/0x140 [ 84.941462][ T5321] ? clear_bhb_loop+0x40/0x90 [ 84.944071][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.947315][ T5321] RIP: 0033:0x7f042819ce59 [ 84.949161][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.956894][ T5321] RSP: 002b:00007f0428fbbfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.960806][ T5321] RAX: ffffffffffffffda RBX: 00007f0428415fa0 RCX: 00007f042819ce59 [ 84.964771][ T5321] RDX: 0000000000004000 RSI: 00002000000027c0 RDI: 0000000000000006 [ 84.968029][ T5321] RBP: 00007f0428232e6f R08: 0000000000000000 R09: 0000000000000000 [ 84.971277][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 84.974447][ T5321] R13: 00007f0428416038 R14: 00007f0428415fa0 R15: 00007ffe6bddafa8 [ 84.978125][ T5321] [ 84.980347][ T5321] Kernel Offset: disabled [ 84.982625][ T5321] Rebooting in 86400 seconds..