------------[ cut here ]------------
WARNING: CPU: 1 PID: 9817 at net/ipv4/route.c:1241 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
WARNING: CPU: 1 PID: 9817 at net/ipv4/route.c:1241 kfree_skb include/linux/skbuff.h:1269 [inline]
WARNING: CPU: 1 PID: 9817 at net/ipv4/route.c:1241 ip_rt_bug+0x34/0x108 net/ipv4/route.c:1240
Modules linked in:
CPU: 1 UID: 0 PID: 9817 Comm: syz.4.893 Not tainted 6.11.0-rc3-syzkaller-g7c626ce4bae1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ip_rt_bug+0x34/0x108 include/linux/skbuff.h:1260
lr : kfree_skb_reason include/linux/skbuff.h:1260 [inline]
lr : kfree_skb include/linux/skbuff.h:1269 [inline]
lr : ip_rt_bug+0x34/0x108 net/ipv4/route.c:1240
sp : ffff800099026d00
x29: ffff800099026d00 x28: 1ffff00013204de0 x27: ffff0000c9b8a8c0
x26: dfff800000000000 x25: 1fffe00019371523 x24: dfff800000000000
x23: ffff0000c9205a00 x22: ffff0000c9205a30 x21: ffff0000c30b2080
x20: ffff0000c9b8a8c0 x19: ffff0000c9b8a8c0 x18: ffff8000990269e0
x17: 00000000000473bb x16: ffff800080345098 x15: 0000000000000001
x14: 1ffff00011fbbe06 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000040000 x10: 0000000000000003 x9 : 08091c0ef0021b00
x8 : 08091c0ef0021b00 x7 : ffff8000800603b4 x6 : ffff8000800605b0
x5 : ffff0000f882bad8 x4 : ffff800099026a48 x3 : 0000000000000000
x2 : 0000000000000002 x1 : ffff80008b462a00 x0 : 0000000000000001
Call trace:
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 kfree_skb include/linux/skbuff.h:1269 [inline]
 ip_rt_bug+0x34/0x108 net/ipv4/route.c:1240
 dst_output include/net/dst.h:450 [inline]
 ip_local_out net/ipv4/ip_output.c:129 [inline]
 ip_send_skb+0x134/0x2f8 net/ipv4/ip_output.c:1495
 ip_push_pending_frames+0x6c/0x88 net/ipv4/ip_output.c:1515
 icmp_push_reply+0x2e4/0x3c0 net/ipv4/icmp.c:392
 __icmp_send+0xbc8/0x1074 net/ipv4/icmp.c:777
 icmp_send include/net/icmp.h:43 [inline]
 ip_options_compile+0xe4/0x170 net/ipv4/ip_options.c:473
 ip_rcv_options net/ipv4/ip_input.c:281 [inline]
 ip_rcv_finish_core+0xbd4/0x18e8 net/ipv4/ip_input.c:387
 ip_rcv_finish+0x12c/0x24c net/ipv4/ip_input.c:447
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314
 ip_rcv+0x7c/0x9c net/ipv4/ip_input.c:569
 __netif_receive_skb_one_core net/core/dev.c:5661 [inline]
 __netif_receive_skb+0x18c/0x3c8 net/core/dev.c:5775
 netif_receive_skb_internal net/core/dev.c:5861 [inline]
 netif_receive_skb+0x1f0/0x93c net/core/dev.c:5921
 tun_rx_batched+0x568/0x6e4
 tun_get_user+0x2648/0x3adc drivers/net/tun.c:2006
 tun_chr_write_iter+0xfc/0x204 drivers/net/tun.c:2052
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0x940/0xc80 fs/read_write.c:590
 ksys_write+0x15c/0x26c fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:652
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 189
hardirqs last  enabled at (188): [<ffff800080a86974>] kasan_quarantine_put+0x1a0/0x1c8 mm/kasan/quarantine.c:234
hardirqs last disabled at (189): [<ffff80008b2ea644>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:470
softirqs last  enabled at (68): [<ffff8000854dbd44>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (70): [<ffff8000854dbd10>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---