program: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x2, 0x4, 0x40018000, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2}, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000100), 0x2, 0x329200) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xe, 0x16, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xb7}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x9}, @ldst={0x1, 0x1, 0x1, 0x0, 0x2, 0x18, 0xfffffffffffffffc}, @generic={0x2, 0x0, 0xe, 0xd8c, 0x81}, @jmp={0x5, 0x0, 0xa, 0xa, 0x9, 0x30, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x5, 0x64, &(0x7f0000000200)=""/100, 0x41000, 0x2, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x6, 0x1, 0x1044}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0xa, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f00000003c0)=[{0x1, 0x5, 0x2, 0x8}, {0x4, 0x1, 0xd, 0x5}, {0x4, 0x2, 0xf, 0x8}, {0x1, 0x1, 0x5, 0x5}, {0x0, 0x4, 0x6, 0x3}, {0x2, 0x4, 0x1, 0xa}, {0x3, 0x4, 0x10, 0x5}, {0x2, 0x5, 0xb, 0x1}, {0x4, 0x3, 0x7, 0x4}, {0x5, 0x1, 0xb, 0x7}], 0x10, 0x6}, 0x94) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000340)={r0, r5}) r6 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x10800, &(0x7f0000000080)=ANY=[], 0x0, 0x1ab, &(0x7f00000004c0)="$eJzslb9OKkEYxc/scpd7b25urIyx0UQS0cRld1FjY0Fhb+K/2ElkJegCBrYQjIlWvoKNhU/gC1hY+Ag+AFrZYGdiN2Z2BxiQRAsgm/j9im/ODB/DmVlyFgRB/Fien94aDf/2VQPwDwnE5fqL3unRlP7xh1Iufrk2cfd4Nn+9dZXp3Y8B4Pz7vx8DcJ/R4cs5593fTshxE5rQrOVoTq7vgMGUeg8atqV2wbAr9aGiy6LfNA8Knmvul72cEJYotiiOKOlef80LhpzijymfV2MtUasfZT3PrQxeqF763V8zo2FV8ac+r9bdWOH9BdjQYEudBsOG1CuIi7th7zzAtZXzT8Y6++vq+Yd37AGK39JtVPyMQIiHFAEboxHnALpWTiNizK0Y8q8XFT894v/Qdu7kE79hmFXySc2xlF88TlVr9YVCMZt3827JcdLL1qJlLTmpIJvD2if5/rRHkU9/lf1/9ekWGMzASdb3K3ZY23MnrJ8TFzCC/NOQnAnnTK6pBO+DMTYthqTefkkRBEEQBEEQBEEQBEEQBEEMmCkw8K9x1oPujwAAAP//WLxtZQ==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x20000a, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x332020, &(0x7f0000000380)=ANY=[], 0x3, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r3, @ANYRES32=r6], 0x4c}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) [ 74.698379][ T4681] Bluetooth: hci0: command tx timeout [ 74.758030][ T5332] loop0: detected capacity change from 0 to 16 [ 74.778777][ T5332] erofs: Unknown parameter '' [ 74.826328][ T5332] ------------[ cut here ]------------ [ 74.828877][ T5332] WARNING: CPU: 0 PID: 5332 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_nb+0xed8/0x1080 [ 74.833498][ T5332] Modules linked in: [ 74.835308][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 74.839932][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.844625][ T5332] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080 [ 74.848109][ T5332] Code: fa be 02 00 00 00 eb 0a e8 65 11 a9 fa be 01 00 00 00 4c 89 f7 e8 c8 ca b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 49 11 a9 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35 [ 74.856566][ T5332] RSP: 0018:ffffc9000d52ef08 EFLAGS: 00010283 [ 74.859289][ T5332] RAX: ffffffff87168207 RBX: 0000000000000001 RCX: 0000000000100000 [ 74.862957][ T5332] RDX: ffffc9000dfe2000 RSI: 000000000000047f RDI: 0000000000000480 [ 74.866755][ T5332] RBP: dffffc0000000000 R08: ffff88803faf5c2f R09: 1ffff11007f5eb85 [ 74.870206][ T5332] R10: dffffc0000000000 R11: ffffed1007f5eb86 R12: ffff8880527d7000 [ 74.873616][ T5332] R13: ffffc9000d52f080 R14: 0000000000000000 R15: ffffc9000d52f098 [ 74.877811][ T5332] FS: 00007fcf58d706c0(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 74.882223][ T5332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.885117][ T5332] CR2: 000055b7ed1f8a70 CR3: 0000000042f09000 CR4: 0000000000352ef0 [ 74.889140][ T5332] Call Trace: [ 74.890680][ T5332] [ 74.892069][ T5332] notifier_call_chain+0x1b3/0x3e0 [ 74.894591][ T5332] ? atomic_notifier_call_chain+0x26/0x180 [ 74.897707][ T5332] atomic_notifier_call_chain+0xda/0x180 [ 74.900488][ T5332] call_fib_notifiers+0x31/0x60 [ 74.902751][ T5332] call_fib6_multipath_entry_notifiers+0xe6/0x150 [ 74.905245][ T5332] ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10 [ 74.908747][ T5332] ? inet6_rtm_newroute+0xe8b/0x18c0 [ 74.911094][ T5332] inet6_rtm_newroute+0x12f5/0x18c0 [ 74.913369][ T5332] ? __pfx_do_softirq+0x10/0x10 [ 74.915323][ T5332] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 74.917544][ T5332] ? __local_bh_enable_ip+0x12d/0x1c0 [ 74.919889][ T5332] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 74.922310][ T5332] rtnetlink_rcv_msg+0x7cc/0xb70 [ 74.924301][ T5332] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 74.926535][ T5332] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 74.929069][ T5332] ? ref_tracker_free+0x63a/0x7d0 [ 74.931362][ T5332] ? __asan_memcpy+0x40/0x70 [ 74.933208][ T5332] ? __pfx_ref_tracker_free+0x10/0x10 [ 74.935854][ T5332] ? __skb_clone+0x63/0x7a0 [ 74.938037][ T5332] netlink_rcv_skb+0x205/0x470 [ 74.940579][ T5332] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 74.943068][ T5332] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 74.945915][ T5332] ? netlink_deliver_tap+0x2e/0x1b0 [ 74.948399][ T5332] netlink_unicast+0x82f/0x9e0 [ 74.951014][ T5332] ? __pfx_netlink_unicast+0x10/0x10 [ 74.953552][ T5332] ? netlink_sendmsg+0x642/0xb30 [ 74.956040][ T5332] ? skb_put+0x11b/0x210 [ 74.958172][ T5332] netlink_sendmsg+0x805/0xb30 [ 74.960543][ T5332] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.962727][ T5332] ? aa_sock_msg_perm+0x94/0x160 [ 74.965031][ T5332] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 74.967589][ T5332] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.970415][ T5332] __sock_sendmsg+0x21c/0x270 [ 74.972812][ T5332] ____sys_sendmsg+0x52d/0x830 [ 74.975509][ T5332] ? __pfx_____sys_sendmsg+0x10/0x10 [ 74.978933][ T5332] ? import_iovec+0x74/0xa0 [ 74.981170][ T5332] ___sys_sendmsg+0x21f/0x2a0 [ 74.983298][ T5332] ? __pfx____sys_sendmsg+0x10/0x10 [ 74.985789][ T5332] ? __fget_files+0x2a/0x420 [ 74.987833][ T5332] ? __fget_files+0x3a0/0x420 [ 74.989991][ T5332] __sys_sendmmsg+0x227/0x430 [ 74.992117][ T5332] ? __pfx___sys_sendmmsg+0x10/0x10 [ 74.994394][ T5332] ? rcu_is_watching+0x15/0xb0 [ 74.996812][ T5332] ? rcu_is_watching+0x15/0xb0 [ 74.999050][ T5332] __x64_sys_sendmmsg+0xa0/0xc0 [ 75.001727][ T5332] do_syscall_64+0xfa/0x3b0 [ 75.004226][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.007221][ T5332] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 75.010043][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 75.012333][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.015421][ T5332] RIP: 0033:0x7fcf57f8eb69 [ 75.017780][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.026498][ T5332] RSP: 002b:00007fcf58d70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 75.030339][ T5332] RAX: ffffffffffffffda RBX: 00007fcf581b5fa0 RCX: 00007fcf57f8eb69 [ 75.034136][ T5332] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 75.037909][ T5332] RBP: 00007fcf58011df1 R08: 0000000000000000 R09: 0000000000000000 [ 75.041455][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.045530][ T5332] R13: 0000000000000000 R14: 00007fcf581b5fa0 R15: 00007ffff6a90a08 [ 75.049648][ T5332] [ 75.051053][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.054281][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(full) [ 75.059269][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.064191][ T5332] Call Trace: [ 75.065814][ T5332] [ 75.067381][ T5332] dump_stack_lvl+0x99/0x250 [ 75.069537][ T5332] ? __asan_memcpy+0x40/0x70 [ 75.071628][ T5332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.073954][ T5332] ? __pfx__printk+0x10/0x10 [ 75.076116][ T5332] vpanic+0x27a/0x730 [ 75.077914][ T5332] ? __pfx__printk+0x10/0x10 [ 75.080116][ T5332] ? __pfx_vpanic+0x10/0x10 [ 75.082350][ T5332] ? is_bpf_text_address+0x26/0x2b0 [ 75.084848][ T5332] panic+0xb9/0xc0 [ 75.086768][ T5332] ? __pfx_panic+0x10/0x10 [ 75.089108][ T5332] __warn+0x31b/0x4b0 [ 75.090975][ T5332] ? nsim_fib_event_nb+0xed8/0x1080 [ 75.093299][ T5332] ? nsim_fib_event_nb+0xed8/0x1080 [ 75.095756][ T5332] report_bug+0x2be/0x4f0 [ 75.097654][ T5332] ? nsim_fib_event_nb+0xed8/0x1080 [ 75.099950][ T5332] ? nsim_fib_event_nb+0xed8/0x1080 [ 75.102270][ T5332] ? nsim_fib_event_nb+0xeda/0x1080 [ 75.104573][ T5332] handle_bug+0x84/0x160 [ 75.106493][ T5332] exc_invalid_op+0x1a/0x50 [ 75.108628][ T5332] asm_exc_invalid_op+0x1a/0x20 [ 75.110985][ T5332] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080 [ 75.113912][ T5332] Code: fa be 02 00 00 00 eb 0a e8 65 11 a9 fa be 01 00 00 00 4c 89 f7 e8 c8 ca b0 fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 49 11 a9 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35 [ 75.122389][ T5332] RSP: 0018:ffffc9000d52ef08 EFLAGS: 00010283 [ 75.125075][ T5332] RAX: ffffffff87168207 RBX: 0000000000000001 RCX: 0000000000100000 [ 75.128537][ T5332] RDX: ffffc9000dfe2000 RSI: 000000000000047f RDI: 0000000000000480 [ 75.132115][ T5332] RBP: dffffc0000000000 R08: ffff88803faf5c2f R09: 1ffff11007f5eb85 [ 75.135600][ T5332] R10: dffffc0000000000 R11: ffffed1007f5eb86 R12: ffff8880527d7000 [ 75.139077][ T5332] R13: ffffc9000d52f080 R14: 0000000000000000 R15: ffffc9000d52f098 [ 75.142781][ T5332] ? nsim_fib_event_nb+0xed7/0x1080 [ 75.144948][ T5332] ? nsim_fib_event_nb+0xed7/0x1080 [ 75.147352][ T5332] notifier_call_chain+0x1b3/0x3e0 [ 75.149701][ T5332] ? atomic_notifier_call_chain+0x26/0x180 [ 75.152305][ T5332] atomic_notifier_call_chain+0xda/0x180 [ 75.154866][ T5332] call_fib_notifiers+0x31/0x60 [ 75.157099][ T5332] call_fib6_multipath_entry_notifiers+0xe6/0x150 [ 75.160031][ T5332] ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10 [ 75.163217][ T5332] ? inet6_rtm_newroute+0xe8b/0x18c0 [ 75.165843][ T5332] inet6_rtm_newroute+0x12f5/0x18c0 [ 75.168441][ T5332] ? __pfx_do_softirq+0x10/0x10 [ 75.170728][ T5332] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 75.173297][ T5332] ? __local_bh_enable_ip+0x12d/0x1c0 [ 75.175697][ T5332] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 75.178133][ T5332] rtnetlink_rcv_msg+0x7cc/0xb70 [ 75.180412][ T5332] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 75.182626][ T5332] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 75.185114][ T5332] ? ref_tracker_free+0x63a/0x7d0 [ 75.188232][ T5332] ? __asan_memcpy+0x40/0x70 [ 75.191260][ T5332] ? __pfx_ref_tracker_free+0x10/0x10 [ 75.194077][ T5332] ? __skb_clone+0x63/0x7a0 [ 75.196302][ T5332] netlink_rcv_skb+0x205/0x470 [ 75.198462][ T5332] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 75.200867][ T5332] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 75.203254][ T5332] ? netlink_deliver_tap+0x2e/0x1b0 [ 75.205659][ T5332] netlink_unicast+0x82f/0x9e0 [ 75.207820][ T5332] ? __pfx_netlink_unicast+0x10/0x10 [ 75.210255][ T5332] ? netlink_sendmsg+0x642/0xb30 [ 75.212624][ T5332] ? skb_put+0x11b/0x210 [ 75.214528][ T5332] netlink_sendmsg+0x805/0xb30 [ 75.216764][ T5332] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.219089][ T5332] ? aa_sock_msg_perm+0x94/0x160 [ 75.221390][ T5332] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 75.224440][ T5332] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.226950][ T5332] __sock_sendmsg+0x21c/0x270 [ 75.229145][ T5332] ____sys_sendmsg+0x52d/0x830 [ 75.231469][ T5332] ? __pfx_____sys_sendmsg+0x10/0x10 [ 75.233898][ T5332] ? import_iovec+0x74/0xa0 [ 75.235922][ T5332] ___sys_sendmsg+0x21f/0x2a0 [ 75.238119][ T5332] ? __pfx____sys_sendmsg+0x10/0x10 [ 75.240626][ T5332] ? __fget_files+0x2a/0x420 [ 75.242971][ T5332] ? __fget_files+0x3a0/0x420 [ 75.245212][ T5332] __sys_sendmmsg+0x227/0x430 [ 75.247324][ T5332] ? __pfx___sys_sendmmsg+0x10/0x10 [ 75.249791][ T5332] ? rcu_is_watching+0x15/0xb0 [ 75.251992][ T5332] ? rcu_is_watching+0x15/0xb0 [ 75.254148][ T5332] __x64_sys_sendmmsg+0xa0/0xc0 [ 75.256700][ T5332] do_syscall_64+0xfa/0x3b0 [ 75.259162][ T5332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.262479][ T5332] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 75.265116][ T5332] ? clear_bhb_loop+0x60/0xb0 [ 75.267139][ T5332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.269796][ T5332] RIP: 0033:0x7fcf57f8eb69 [ 75.271539][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.279474][ T5332] RSP: 002b:00007fcf58d70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 75.283063][ T5332] RAX: ffffffffffffffda RBX: 00007fcf581b5fa0 RCX: 00007fcf57f8eb69 [ 75.286489][ T5332] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 75.290041][ T5332] RBP: 00007fcf58011df1 R08: 0000000000000000 R09: 0000000000000000 [ 75.293506][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.296854][ T5332] R13: 0000000000000000 R14: 00007fcf581b5fa0 R15: 00007ffff6a90a08 [ 75.300279][ T5332] [ 75.302035][ T5332] Kernel Offset: disabled [ 75.303960][ T5332] Rebooting in 86400 seconds..