program:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newtaction={0x68, 0x30, 0x48b, 0x0, 0x25dfdbfc, {}, [{0x54, 0x1, [@m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'nat\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x2, 0x1, 0x6, 0x1ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000100), 0x2, 0x329200)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r3, @ANYRES32=r4], 0x4c}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
[ 74.042054][ T4667] Bluetooth: hci0: command tx timeout
[ 74.104909][ T5319] Zero length message leads to an empty skb
[ 74.111017][ T5320] ------------[ cut here ]------------
[ 74.113623][ T5320] WARNING: CPU: 0 PID: 5320 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_nb+0xed8/0x1080
[ 74.118244][ T5320] Modules linked in:
[ 74.120102][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 74.124347][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 74.128846][ T5320] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080
[ 74.131421][ T5320] Code: fa be 02 00 00 00 eb 0a e8 25 3c e0 fa be 01 00 00 00 4c 89 f7 e8 98 3d ab fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 09 3c e0 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35
[ 74.139920][ T5320] RSP: 0018:ffffc9000f49eee8 EFLAGS: 00010293
[ 74.142720][ T5320] RAX: ffffffff86dfd767 RBX: 0000000000000001 RCX: ffff888000f1c900
[ 74.146162][ T5320] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 74.149556][ T5320] RBP: dffffc0000000000 R08: ffff88803e95c42f R09: 1ffff11007d2b885
[ 74.153101][ T5320] R10: dffffc0000000000 R11: ffffed1007d2b886 R12: ffff888051661000
[ 74.156501][ T5320] R13: ffffc9000f49f060 R14: 0000000000000000 R15: ffffc9000f49f078
[ 74.160082][ T5320] FS: 00007f589f0516c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[ 74.163680][ T5320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 74.166455][ T5320] CR2: 00007f589e173360 CR3: 00000000420fb000 CR4: 0000000000352ef0
[ 74.169790][ T5320] Call Trace:
[ 74.171290][ T5320]
[ 74.172676][ T5320] notifier_call_chain+0x1b6/0x3e0
[ 74.174959][ T5320] ? atomic_notifier_call_chain+0x26/0x180
[ 74.177537][ T5320] atomic_notifier_call_chain+0xda/0x180
[ 74.179880][ T5320] call_fib_notifiers+0x31/0x60
[ 74.182119][ T5320] call_fib6_multipath_entry_notifiers+0xe6/0x150
[ 74.184960][ T5320] ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[ 74.188012][ T5320] ? inet6_rtm_newroute+0xe8b/0x18c0
[ 74.190330][ T5320] inet6_rtm_newroute+0x12f5/0x18c0
[ 74.192793][ T5320] ? kmem_cache_free+0x19b/0x690
[ 74.194964][ T5320] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 74.197320][ T5320] ? __local_bh_enable_ip+0x12d/0x1c0
[ 74.199603][ T5320] ? __dev_queue_xmit+0x27b/0x3b50
[ 74.201486][ T5320] ? __dev_queue_xmit+0x1d79/0x3b50
[ 74.204245][ T5320] ? kasan_save_track+0x3e/0x80
[ 74.206216][ T5320] ? __kasan_slab_alloc+0x6c/0x80
[ 74.208404][ T5320] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 74.210839][ T5320] rtnetlink_rcv_msg+0x7cf/0xb70
[ 74.213366][ T5320] ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 74.215551][ T5320] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 74.217816][ T5320] ? ref_tracker_free+0x63a/0x7d0
[ 74.219972][ T5320] ? __asan_memcpy+0x40/0x70
[ 74.222111][ T5320] ? __pfx_ref_tracker_free+0x10/0x10
[ 74.224397][ T5320] ? __skb_clone+0x63/0x7a0
[ 74.226325][ T5320] netlink_rcv_skb+0x208/0x470
[ 74.228315][ T5320] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 74.230623][ T5320] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 74.232997][ T5320] ? netlink_deliver_tap+0x2e/0x1b0
[ 74.235258][ T5320] netlink_unicast+0x82f/0x9e0
[ 74.237278][ T5320] ? __pfx_netlink_unicast+0x10/0x10
[ 74.239395][ T5320] ? netlink_sendmsg+0x642/0xb30
[ 74.241389][ T5320] ? skb_put+0x11b/0x210
[ 74.243385][ T5320] netlink_sendmsg+0x805/0xb30
[ 74.245503][ T5320] ? __pfx_netlink_sendmsg+0x10/0x10
[ 74.247844][ T5320] ? aa_sock_msg_perm+0xf1/0x1d0
[ 74.249933][ T5320] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 74.252336][ T5320] ? __pfx_netlink_sendmsg+0x10/0x10
[ 74.254436][ T5320] __sock_sendmsg+0x21c/0x270
[ 74.256499][ T5320] ____sys_sendmsg+0x52d/0x830
[ 74.258650][ T5320] ? __pfx_____sys_sendmsg+0x10/0x10
[ 74.260927][ T5320] ? import_iovec+0x74/0xa0
[ 74.263150][ T5320] ___sys_sendmsg+0x21f/0x2a0
[ 74.265248][ T5320] ? __pfx____sys_sendmsg+0x10/0x10
[ 74.267562][ T5320] ? __fget_files+0x2a/0x420
[ 74.269585][ T5320] ? __fget_files+0x3a0/0x420
[ 74.271752][ T5320] __sys_sendmmsg+0x227/0x430
[ 74.273775][ T5320] ? __pfx___sys_sendmmsg+0x10/0x10
[ 74.276008][ T5320] ? rcu_is_watching+0x15/0xb0
[ 74.278104][ T5320] __x64_sys_sendmmsg+0xa0/0xc0
[ 74.280366][ T5320] do_syscall_64+0xfa/0xfa0
[ 74.282543][ T5320] ? lockdep_hardirqs_on+0x9c/0x150
[ 74.285089][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.287714][ T5320] ? clear_bhb_loop+0x60/0xb0
[ 74.289809][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.292437][ T5320] RIP: 0033:0x7f589e18f6c9
[ 74.294233][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 74.302134][ T5320] RSP: 002b:00007f589f051038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 74.305907][ T5320] RAX: ffffffffffffffda RBX: 00007f589e3e6180 RCX: 00007f589e18f6c9
[ 74.309894][ T5320] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 74.313631][ T5320] RBP: 00007f589e211f91 R08: 0000000000000000 R09: 0000000000000000
[ 74.317085][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.320308][ T5320] R13: 00007f589e3e6218 R14: 00007f589e3e6180 R15: 00007ffd6f57b8b8
[ 74.323934][ T5320]
[ 74.325252][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 74.328435][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 74.332471][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 74.337047][ T5320] Call Trace:
[ 74.338434][ T5320]
[ 74.339660][ T5320] dump_stack_lvl+0x99/0x250
[ 74.341583][ T5320] ? __asan_memcpy+0x40/0x70
[ 74.343473][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.345611][ T5320] ? __pfx__printk+0x10/0x10
[ 74.347579][ T5320] vpanic+0x237/0x6d0
[ 74.349395][ T5320] ? __pfx_vpanic+0x10/0x10
[ 74.351386][ T5320] panic+0xb9/0xc0
[ 74.353045][ T5320] ? __pfx_panic+0x10/0x10
[ 74.355049][ T5320] __warn+0x31b/0x4b0
[ 74.356523][ T5320] ? nsim_fib_event_nb+0xed8/0x1080
[ 74.358860][ T5320] ? nsim_fib_event_nb+0xed8/0x1080
[ 74.361024][ T5320] report_bug+0x2be/0x4f0
[ 74.362970][ T5320] ? nsim_fib_event_nb+0xed8/0x1080
[ 74.365354][ T5320] ? nsim_fib_event_nb+0xed8/0x1080
[ 74.367644][ T5320] ? nsim_fib_event_nb+0xeda/0x1080
[ 74.369894][ T5320] handle_bug+0x84/0x160
[ 74.371581][ T5320] exc_invalid_op+0x1a/0x50
[ 74.373581][ T5320] asm_exc_invalid_op+0x1a/0x20
[ 74.375689][ T5320] RIP: 0010:nsim_fib_event_nb+0xed8/0x1080
[ 74.378003][ T5320] Code: fa be 02 00 00 00 eb 0a e8 25 3c e0 fa be 01 00 00 00 4c 89 f7 e8 98 3d ab fd 4c 8b 64 24 08 e9 91 f4 ff ff e8 09 3c e0 fa 90 <0f> 0b 90 e9 70 fb ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 35
[ 74.386672][ T5320] RSP: 0018:ffffc9000f49eee8 EFLAGS: 00010293
[ 74.389367][ T5320] RAX: ffffffff86dfd767 RBX: 0000000000000001 RCX: ffff888000f1c900
[ 74.392928][ T5320] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 74.396340][ T5320] RBP: dffffc0000000000 R08: ffff88803e95c42f R09: 1ffff11007d2b885
[ 74.399894][ T5320] R10: dffffc0000000000 R11: ffffed1007d2b886 R12: ffff888051661000
[ 74.403445][ T5320] R13: ffffc9000f49f060 R14: 0000000000000000 R15: ffffc9000f49f078
[ 74.406997][ T5320] ? nsim_fib_event_nb+0xed7/0x1080
[ 74.409634][ T5320] ? nsim_fib_event_nb+0xed7/0x1080
[ 74.411987][ T5320] notifier_call_chain+0x1b6/0x3e0
[ 74.414360][ T5320] ? atomic_notifier_call_chain+0x26/0x180
[ 74.416966][ T5320] atomic_notifier_call_chain+0xda/0x180
[ 74.419408][ T5320] call_fib_notifiers+0x31/0x60
[ 74.421403][ T5320] call_fib6_multipath_entry_notifiers+0xe6/0x150
[ 74.424059][ T5320] ? __pfx_call_fib6_multipath_entry_notifiers+0x10/0x10
[ 74.427046][ T5320] ? inet6_rtm_newroute+0xe8b/0x18c0
[ 74.429456][ T5320] inet6_rtm_newroute+0x12f5/0x18c0
[ 74.431600][ T5320] ? kmem_cache_free+0x19b/0x690
[ 74.433883][ T5320] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 74.436324][ T5320] ? __local_bh_enable_ip+0x12d/0x1c0
[ 74.438649][ T5320] ? __dev_queue_xmit+0x27b/0x3b50
[ 74.440927][ T5320] ? __dev_queue_xmit+0x1d79/0x3b50
[ 74.443252][ T5320] ? kasan_save_track+0x3e/0x80
[ 74.445356][ T5320] ? __kasan_slab_alloc+0x6c/0x80
[ 74.447561][ T5320] ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 74.450013][ T5320] rtnetlink_rcv_msg+0x7cf/0xb70
[ 74.452172][ T5320] ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 74.454543][ T5320] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 74.456988][ T5320] ? ref_tracker_free+0x63a/0x7d0
[ 74.459500][ T5320] ? __asan_memcpy+0x40/0x70
[ 74.461384][ T5320] ? __pfx_ref_tracker_free+0x10/0x10
[ 74.463720][ T5320] ? __skb_clone+0x63/0x7a0
[ 74.465842][ T5320] netlink_rcv_skb+0x208/0x470
[ 74.468057][ T5320] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 74.470473][ T5320] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 74.472637][ T5320] ? netlink_deliver_tap+0x2e/0x1b0
[ 74.474824][ T5320] netlink_unicast+0x82f/0x9e0
[ 74.476986][ T5320] ? __pfx_netlink_unicast+0x10/0x10
[ 74.479363][ T5320] ? netlink_sendmsg+0x642/0xb30
[ 74.481360][ T5320] ? skb_put+0x11b/0x210
[ 74.483213][ T5320] netlink_sendmsg+0x805/0xb30
[ 74.484992][ T5320] ? __pfx_netlink_sendmsg+0x10/0x10
[ 74.487002][ T5320] ? aa_sock_msg_perm+0xf1/0x1d0
[ 74.488831][ T5320] ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 74.491127][ T5320] ? __pfx_netlink_sendmsg+0x10/0x10
[ 74.493488][ T5320] __sock_sendmsg+0x21c/0x270
[ 74.495571][ T5320] ____sys_sendmsg+0x52d/0x830
[ 74.497781][ T5320] ? __pfx_____sys_sendmsg+0x10/0x10
[ 74.499944][ T5320] ? import_iovec+0x74/0xa0
[ 74.501908][ T5320] ___sys_sendmsg+0x21f/0x2a0
[ 74.504191][ T5320] ? __pfx____sys_sendmsg+0x10/0x10
[ 74.506416][ T5320] ? __fget_files+0x2a/0x420
[ 74.508585][ T5320] ? __fget_files+0x3a0/0x420
[ 74.510720][ T5320] __sys_sendmmsg+0x227/0x430
[ 74.512833][ T5320] ? __pfx___sys_sendmmsg+0x10/0x10
[ 74.514772][ T5320] ? rcu_is_watching+0x15/0xb0
[ 74.516656][ T5320] __x64_sys_sendmmsg+0xa0/0xc0
[ 74.518761][ T5320] do_syscall_64+0xfa/0xfa0
[ 74.520962][ T5320] ? lockdep_hardirqs_on+0x9c/0x150
[ 74.522769][ T5320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.525001][ T5320] ? clear_bhb_loop+0x60/0xb0
[ 74.526899][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.529297][ T5320] RIP: 0033:0x7f589e18f6c9
[ 74.531115][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 74.539629][ T5320] RSP: 002b:00007f589f051038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 74.543298][ T5320] RAX: ffffffffffffffda RBX: 00007f589e3e6180 RCX: 00007f589e18f6c9
[ 74.546870][ T5320] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 74.551295][ T5320] RBP: 00007f589e211f91 R08: 0000000000000000 R09: 0000000000000000
[ 74.554715][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 74.558119][ T5320] R13: 00007f589e3e6218 R14: 00007f589e3e6180 R15: 00007ffd6f57b8b8
[ 74.561488][ T5320]
[ 74.563286][ T5320] Kernel Offset: disabled
[ 74.565239][ T5320] Rebooting in 86400 seconds..