IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3994 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_schedule_work drivers/net/netdevsim/fib.c:1021 [inline]
WARNING: CPU: 0 PID: 3994 at drivers/net/netdevsim/fib.c:831 nsim_fib_event_nb+0x89c/0xa6c drivers/net/netdevsim/fib.c:1043
Modules linked in:
CPU: 0 UID: 0 PID: 3994 Comm: syz.0.202 Not tainted syzkaller #0 PREEMPT 
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nsim_fib6_event_init drivers/net/netdevsim/fib.c:831 [inline]
pc : nsim_fib6_prepare_event drivers/net/netdevsim/fib.c:947 [inline]
pc : nsim_fib_event_schedule_work drivers/net/netdevsim/fib.c:1003 [inline]
pc : nsim_fib_event_nb+0x89c/0xa6c drivers/net/netdevsim/fib.c:1043
lr : instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
lr : atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline]
lr : __refcount_add include/linux/refcount.h:283 [inline]
lr : __refcount_inc include/linux/refcount.h:366 [inline]
lr : refcount_inc include/linux/refcount.h:383 [inline]
lr : fib6_info_hold include/net/ip6_fib.h:332 [inline]
lr : nsim_fib6_event_init drivers/net/netdevsim/fib.c:818 [inline]
lr : nsim_fib6_prepare_event drivers/net/netdevsim/fib.c:947 [inline]
lr : nsim_fib_event_schedule_work drivers/net/netdevsim/fib.c:1003 [inline]
lr : nsim_fib_event_nb+0x2d8/0xa6c drivers/net/netdevsim/fib.c:1043
sp : ffff8000a1f96e50
x29: ffff8000a1f96e50 x28: ffff00001b478b80 x27: ffff8000a1f97040
x26: 0000000000000000 x25: ffff8000a1f97040 x24: ffff0000177fb000
x23: 0000000000000001 x22: ffff0000177fb000 x21: ffff0000121e9e00
x20: ffff0000140d0000 x19: 0000000000000001 x18: 0000000000000000
x17: 0000000000000000 x16: ffff00006a08a4c4 x15: ffff8000846d8c54
x14: ffff8000844de420 x13: ffff800080045dd0 x12: ffff600002eff606
x11: 1fffe00002eff605 x10: ffff600002eff605 x9 : dfff800000000000
x8 : ffff0000177fb02f x7 : 0000000000000001 x6 : ffff600002eff605
x5 : ffff0000177fb02c x4 : ffff600002eff606 x3 : ffff0000177fb018
x2 : 1fffe00002eff603 x1 : 0000000000000000 x0 : ffff0000177fb018
Call trace:
 nsim_fib_event_schedule_work drivers/net/netdevsim/fib.c:1021 [inline] (P)
 nsim_fib_event_nb+0x89c/0xa6c drivers/net/netdevsim/fib.c:1043 (P)
 notifier_call_chain+0x11c/0x49c kernel/notifier.c:85
 atomic_notifier_call_chain+0x70/0x134 kernel/notifier.c:223
 call_fib_notifiers+0x34/0x58 net/core/fib_notifier.c:35
 call_fib6_notifiers+0x44/0x70 net/ipv6/fib6_notifier.c:22
 call_fib6_multipath_entry_notifiers+0xcc/0x13c net/ipv6/ip6_fib.c:425
 ip6_route_multipath_add+0x6e4/0x11cc net/ipv6/route.c:5527
 inet6_rtm_newroute+0xc0/0x138 net/ipv6/route.c:5649
 rtnetlink_rcv_msg+0x65c/0x8d4 net/core/rtnetlink.c:6946
 netlink_rcv_skb+0x19c/0x338 net/netlink/af_netlink.c:2552
 rtnetlink_rcv+0x18/0x24 net/core/rtnetlink.c:6973
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x424/0x700 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x644/0xa54 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0xc8/0x168 net/socket.c:729
 ____sys_sendmsg+0x500/0x764 net/socket.c:2614
 ___sys_sendmsg+0x11c/0x19c net/socket.c:2668
 __sys_sendmsg+0x114/0x19c net/socket.c:2700
 __compat_sys_sendmsg net/compat.c:346 [inline]
 __do_compat_sys_sendmsg net/compat.c:353 [inline]
 __se_compat_sys_sendmsg net/compat.c:350 [inline]
 __arm64_compat_sys_sendmsg+0x74/0xa4 net/compat.c:350
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
 do_el0_svc_compat+0x40/0x68 arch/arm64/kernel/syscall.c:157
 el0_svc_compat+0x4c/0x184 arch/arm64/kernel/entry-common.c:1029
 el0t_32_sync_handler+0x88/0xac arch/arm64/kernel/entry-common.c:1047
 el0t_32_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:601
irq event stamp: 432
hardirqs last  enabled at (431): [<ffff800085463e2c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (431): [<ffff800085463e2c>] _raw_spin_unlock_irqrestore+0x80/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (432): [<ffff80008543d828>] el1_brk64+0x1c/0x48 arch/arm64/kernel/entry-common.c:574
softirqs last  enabled at (426): [<ffff800084e63338>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (426): [<ffff800084e63338>] __ip6_ins_rt net/ipv6/route.c:1352 [inline]
softirqs last  enabled at (426): [<ffff800084e63338>] ip6_route_multipath_add+0x30c/0x11cc net/ipv6/route.c:5483
softirqs last disabled at (424): [<ffff800084e63318>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (424): [<ffff800084e63318>] __ip6_ins_rt net/ipv6/route.c:1350 [inline]
softirqs last disabled at (424): [<ffff800084e63318>] ip6_route_multipath_add+0x2ec/0x11cc net/ipv6/route.c:5483
---[ end trace 0000000000000000 ]---