------------[ cut here ]------------
WARNING: CPU: 1 PID: 4509 at net/ipv4/route.c:1283 kfree_skb include/linux/skbuff.h:1252 [inline]
WARNING: CPU: 1 PID: 4509 at net/ipv4/route.c:1283 ip_rt_bug+0x30/0xf4 net/ipv4/route.c:1282
Modules linked in:
CPU: 1 PID: 4509 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ip_rt_bug+0x30/0xf4 include/linux/skbuff.h:1252
lr : kfree_skb include/linux/skbuff.h:1252 [inline]
lr : ip_rt_bug+0x30/0xf4 net/ipv4/route.c:1282
sp : ffff800020876e60
x29: ffff800020876e60 x28: 1ffff0000410ee0c x27: ffff0000d32b2780
x26: dfff800000000000 x25: 1fffe0001a6564fb x24: dfff800000000000
x23: ffff0000cca16400 x22: ffff0000cca16430 x21: ffff0000c5489380
x20: ffff0000d32b2780 x19: ffff0000d32b2780 x18: 0000000000000000
x17: ffff80001835a000 x16: ffff8000082d92bc x15: ffff80000fd47154
x14: 0000000000000001 x13: 1ffff00002b4e732 x12: 0000000000ff0100
x11: ff0080000a8de2c4 x10: 0000000000000003 x9 : 51756cbaf2148500
x8 : 51756cbaf2148500 x7 : ffff80000805983c x6 : ffff800008059a4c
x5 : ffff0000d7efe0e0 x4 : ffff800020876b48 x3 : 0000000000000000
x2 : 0000000000000002 x1 : ffff800011b9da80 x0 : 0000000000000000
Call trace:
 kfree_skb include/linux/skbuff.h:1252 [inline]
 ip_rt_bug+0x30/0xf4 net/ipv4/route.c:1282
 dst_output include/net/dst.h:453 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 ip_send_skb+0x134/0x2b0 net/ipv4/ip_output.c:1606
 ip_push_pending_frames+0x6c/0x88 net/ipv4/ip_output.c:1626
 icmp_push_reply+0x2e0/0x3c0 net/ipv4/icmp.c:393
 __icmp_send+0xc44/0x105c net/ipv4/icmp.c:795
 ipv4_send_dest_unreach net/ipv4/route.c:1263 [inline]
 ipv4_link_failure+0x548/0x8dc net/ipv4/route.c:1270
 dst_link_failure include/net/dst.h:423 [inline]
 xfrmi_xmit2 net/xfrm/xfrm_interface_core.c:512 [inline]
 xfrmi_xmit+0x9bc/0x1538 net/xfrm/xfrm_interface_core.c:565
 __netdev_start_xmit include/linux/netdevice.h:4896 [inline]
 netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 xmit_one net/core/dev.c:3683 [inline]
 dev_hard_start_xmit+0x234/0x8cc net/core/dev.c:3699
 __dev_queue_xmit+0x15b8/0x3118 net/core/dev.c:4363
 dev_queue_xmit+0x24/0x34 include/linux/netdevice.h:3051
 packet_snd net/packet/af_packet.c:3127 [inline]
 packet_sendmsg+0x2f9c/0x3fd0 net/packet/af_packet.c:3158
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:730 [inline]
 __sys_sendto+0x324/0x440 net/socket.c:2152
 __do_sys_sendto net/socket.c:2164 [inline]
 __se_sys_sendto net/socket.c:2160 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2160
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1899
hardirqs last  enabled at (1898): [<ffff8000088e81cc>] kasan_quarantine_put+0xc4/0x200 mm/kasan/quarantine.c:242
hardirqs last disabled at (1899): [<ffff800011a33e5c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (1724): [<ffff800008030954>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1752): [<ffff80000fdd0648>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---