general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 312 Comm: kworker/0:2 Not tainted 5.15.176-syzkaller-00972-g829d9f138569 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: wg-crypt-wg0 wg_packet_tx_worker
RIP: 0010:dev_map_generic_redirect+0x91/0x6f0 kernel/bpf/devmap.c:667
Code: f1 00 f2 f2 f2 4b 89 44 35 00 43 c7 44 35 0f f3 f3 f3 f3 43 c6 44 35 13 f3 e8 eb 0f e1 ff 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 30 00 74 08 48 89 df e8 e0 74 23 00 48 89 5c 24 08 4c 8b
RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888126c60000
RDX: 0000000000000100 RSI: ffff888134c1ddc0 RDI: 0000000000000000
RBP: ffffc90000007830 R08: ffffffff83f15ffd R09: ffffffff83f15f1b
R10: 0000000000000004 R11: ffff888126c60000 R12: 000000000000000e
R13: 1ffff92000000ee8 R14: dffffc0000000000 R15: ffff888134c1ddc0
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f162be0a6ec CR3: 0000000134d48000 CR4: 00000000003506b0
Call Trace:
xdp_do_generic_redirect_map net/core/filter.c:4177 [inline]
xdp_do_generic_redirect+0x42e/0xb40 net/core/filter.c:4236
do_xdp_generic+0x50b/0x7c0 net/core/dev.c:4919
__netif_receive_skb_core+0x1706/0x3640 net/core/dev.c:5324
__netif_receive_skb_one_core net/core/dev.c:5499 [inline]
__netif_receive_skb+0x11c/0x530 net/core/dev.c:5615
process_backlog+0x31c/0x650 net/core/dev.c:6492
__napi_poll+0xc4/0x5a0 net/core/dev.c:7051
napi_poll net/core/dev.c:7118 [inline]
net_rx_action+0x47d/0xc50 net/core/dev.c:7208
handle_softirqs+0x25e/0x5c0 kernel/softirq.c:565
__do_softirq+0xb/0xd kernel/softirq.c:603
do_softirq+0xf6/0x150 kernel/softirq.c:452
__local_bh_enable_ip+0x75/0x80 kernel/softirq.c:379
__raw_read_unlock_bh include/linux/rwlock_api_smp.h:251 [inline]
_raw_read_unlock_bh+0x29/0x30 kernel/locking/spinlock.c:284
wg_socket_send_skb_to_peer+0x178/0x1d0 drivers/net/wireguard/socket.c:184
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x1e6/0x530 drivers/net/wireguard/send.c:276
process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325
worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472
kthread+0x421/0x510 kernel/kthread.c:337
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
Modules linked in:
---[ end trace ccf800288d46e26b ]---
RIP: 0010:dev_map_generic_redirect+0x91/0x6f0 kernel/bpf/devmap.c:667
Code: f1 00 f2 f2 f2 4b 89 44 35 00 43 c7 44 35 0f f3 f3 f3 f3 43 c6 44 35 13 f3 e8 eb 0f e1 ff 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 30 00 74 08 48 89 df e8 e0 74 23 00 48 89 5c 24 08 4c 8b
RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888126c60000
RDX: 0000000000000100 RSI: ffff888134c1ddc0 RDI: 0000000000000000
RBP: ffffc90000007830 R08: ffffffff83f15ffd R09: ffffffff83f15f1b
R10: 0000000000000004 R11: ffff888126c60000 R12: 000000000000000e
R13: 1ffff92000000ee8 R14: dffffc0000000000 R15: ffff888134c1ddc0
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f162be0a6ec CR3: 0000000006a0f000 CR4: 00000000003506b0
----------------
Code disassembly (best guess):
0: f1 int1
1: 00 f2 add %dh,%dl
3: f2 f2 4b 89 44 35 00 repnz repnz mov %rax,0x0(%r13,%r14,1)
a: 43 c7 44 35 0f f3 f3 movl $0xf3f3f3f3,0xf(%r13,%r14,1)
11: f3 f3
13: 43 c6 44 35 13 f3 movb $0xf3,0x13(%r13,%r14,1)
19: e8 eb 0f e1 ff call 0xffe11009
1e: 48 89 d8 mov %rbx,%rax
21: 48 c1 e8 03 shr $0x3,%rax
25: 48 89 44 24 40 mov %rax,0x40(%rsp)
* 2a: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 df mov %rbx,%rdi
34: e8 e0 74 23 00 call 0x237519
39: 48 89 5c 24 08 mov %rbx,0x8(%rsp)
3e: 4c rex.WR
3f: 8b .byte 0x8b