------------[ cut here ]------------
WARNING: CPU: 0 PID: 12472 at net/ipv4/route.c:1241 ip_rt_bug+0x2a/0x110 net/ipv4/route.c:1241
Modules linked in:
CPU: 0 PID: 12472 Comm: rm Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:ip_rt_bug+0x2a/0x110 net/ipv4/route.c:1241
Code: f3 0f 1e fa 41 57 41 56 41 55 41 54 53 48 89 d3 e8 fb f9 b3 f7 66 90 e8 f4 f9 b3 f7 48 89 df be 02 00 00 00 e8 27 b4 6d ff 90 <0f> 0b 90 31 c0 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc f3 0f 1e
RSP: 0000:ffffc90000007680 EFLAGS: 00010286
RAX: 3b60429abdd69f00 RBX: ffff888029b913c0 RCX: ffffffff8172da6a
RDX: dffffc0000000000 RSI: ffffffff8bcabb40 RDI: ffffffff8c1fe980
RBP: 0000000000000001 R08: ffffffff92fa7617 R09: 1ffffffff25f4ec2
R10: dffffc0000000000 R11: fffffbfff25f4ec3 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff88802304d640 R15: ffff888017388d00
FS:  00007fd929012380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd929241380 CR3: 000000007903a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ip_local_out net/ipv4/ip_output.c:129 [inline]
 ip_send_skb net/ipv4/ip_output.c:1492 [inline]
 ip_push_pending_frames+0xbf/0x150 net/ipv4/ip_output.c:1512
 __icmp_send+0xf89/0x14e0 net/ipv4/icmp.c:777
 ipv4_send_dest_unreach net/ipv4/route.c:1221 [inline]
 ipv4_link_failure+0x62f/0xa10 net/ipv4/route.c:1228
 dst_link_failure include/net/dst.h:429 [inline]
 arp_error_report+0x114/0x160 net/ipv4/arp.c:296
 neigh_invalidate+0x244/0x470 net/core/neighbour.c:1061
 neigh_timer_handler+0x8a5/0xfd0 net/core/neighbour.c:1148
 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792
 expire_timers kernel/time/timer.c:1843 [inline]
 __run_timers kernel/time/timer.c:2417 [inline]
 __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428
 run_timer_base kernel/time/timer.c:2437 [inline]
 run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:do_wp_page+0x2b30/0x52f0 mm/memory.c:3678
Code: ff eb 27 e8 a2 f0 b2 ff 48 89 df 31 f6 e8 98 aa 01 00 41 89 c4 eb 13 e8 8e f0 b2 ff 4c 89 ff e8 76 67 ff ff 41 bc 00 04 00 00 <48> c7 84 24 a0 00 00 00 0e 36 e0 45 48 b8 00 00 00 00 00 fc ff df
RSP: 0000:ffffc90009e47720 EFLAGS: 00000246
RAX: ffffffff81e333ea RBX: 0000000000000000 RCX: ffff88802b2c3c00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90009e47950 R08: ffffffff81e333af R09: 1ffffd4000093d36
R10: dffffc0000000000 R11: fffff94000093d37 R12: 0000000000000000
R13: ffffc90009e47e50 R14: ffffea000049e900 R15: 1ffff920013c8f01
 handle_pte_fault+0x117e/0x7090 mm/memory.c:5397
 __handle_mm_fault mm/memory.c:5524 [inline]
 handle_mm_fault+0x10df/0x1ba0 mm/memory.c:5689
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fd929327d4e
Code: 00 00 75 ce eb 27 41 8b 45 08 48 8b 95 78 ff ff ff 49 03 55 00 48 83 f8 26 75 19 48 8b 85 78 ff ff ff 49 03 45 10 49 83 c5 18 <48> 89 02 4c 39 eb 77 d4 eb 9e 48 83 f8 08 74 e1 48 8d 0d 6b a7 01
RSP: 002b:00007ffca22b76f0 EFLAGS: 00010216
RAX: 00007fd929202c2c RBX: 00007fd9290c6260 RCX: 00007ffca22b7780
RDX: 00007fd929241380 RSI: 00007fd9290c6a88 RDI: 00007fd9290c6f38
RBP: 00007ffca22b77f0 R08: 00007fd9290c6a88 R09: 0000000000000001
R10: 0000000053053053 R11: 0000000000000246 R12: 00007fd9293135c0
R13: 00007fd9290c5930 R14: 0000000000000000 R15: 00007fd92934b2a0
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	eb 27                	jmp    0x29
   2:	e8 a2 f0 b2 ff       	call   0xffb2f0a9
   7:	48 89 df             	mov    %rbx,%rdi
   a:	31 f6                	xor    %esi,%esi
   c:	e8 98 aa 01 00       	call   0x1aaa9
  11:	41 89 c4             	mov    %eax,%r12d
  14:	eb 13                	jmp    0x29
  16:	e8 8e f0 b2 ff       	call   0xffb2f0a9
  1b:	4c 89 ff             	mov    %r15,%rdi
  1e:	e8 76 67 ff ff       	call   0xffff6799
  23:	41 bc 00 04 00 00    	mov    $0x400,%r12d
* 29:	48 c7 84 24 a0 00 00 	movq   $0x45e0360e,0xa0(%rsp) <-- trapping instruction
  30:	00 0e 36 e0 45
  35:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3c:	fc ff df