general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 20127 Comm: kworker/u4:1 Tainted: G W 5.15.178-syzkaller-00193-g058abb720bd1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
RIP: 0010:dev_map_generic_redirect+0x91/0x6f0 kernel/bpf/devmap.c:667
Code: f1 00 f2 f2 f2 4b 89 44 35 00 43 c7 44 35 0f f3 f3 f3 f3 43 c6 44 35 13 f3 e8 cb 0f e1 ff 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 30 00 74 08 48 89 df e8 f0 74 23 00 48 89 5c 24 08 4c 8b
RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888111a762c0
RDX: 0000000000000100 RSI: ffff888123bf8b40 RDI: 0000000000000000
RBP: ffffc90000007830 R08: ffffffff83f17c5d R09: ffffffff83f17b7b
R10: 0000000000000004 R11: ffff888111a762c0 R12: 0000000000000019
R13: 1ffff92000000ee8 R14: dffffc0000000000 R15: ffff888123bf8b40
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000100000000 CR3: 0000000142c84000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
xdp_do_generic_redirect_map net/core/filter.c:4177 [inline]
xdp_do_generic_redirect+0x42e/0xb40 net/core/filter.c:4236
do_xdp_generic+0x50b/0x7c0 net/core/dev.c:4919
__netif_receive_skb_core+0x1706/0x3640 net/core/dev.c:5324
__netif_receive_skb_one_core net/core/dev.c:5499 [inline]
__netif_receive_skb+0x11c/0x530 net/core/dev.c:5615
process_backlog+0x31c/0x650 net/core/dev.c:6492
__napi_poll+0xc4/0x5a0 net/core/dev.c:7051
napi_poll net/core/dev.c:7118 [inline]
net_rx_action+0x47d/0xc50 net/core/dev.c:7208
handle_softirqs+0x25e/0x5c0 kernel/softirq.c:565
__do_softirq+0xb/0xd kernel/softirq.c:603
do_softirq+0xf6/0x150 kernel/softirq.c:452
__local_bh_enable_ip+0x75/0x80 kernel/softirq.c:379
__raw_read_unlock_bh include/linux/rwlock_api_smp.h:251 [inline]
_raw_read_unlock_bh+0x29/0x30 kernel/locking/spinlock.c:284
wg_socket_send_skb_to_peer+0x178/0x1d0 drivers/net/wireguard/socket.c:184
wg_socket_send_buffer_to_peer+0x11a/0x170 drivers/net/wireguard/socket.c:200
wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline]
wg_packet_handshake_send_worker+0x1d4/0x240 drivers/net/wireguard/send.c:51
process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325
worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472
kthread+0x421/0x510 kernel/kthread.c:337
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
Modules linked in:
---[ end trace 5ea44e33c2a2ec5c ]---
RIP: 0010:dev_map_generic_redirect+0x91/0x6f0 kernel/bpf/devmap.c:667
Code: f1 00 f2 f2 f2 4b 89 44 35 00 43 c7 44 35 0f f3 f3 f3 f3 43 c6 44 35 13 f3 e8 cb 0f e1 ff 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 30 00 74 08 48 89 df e8 f0 74 23 00 48 89 5c 24 08 4c 8b
RSP: 0018:ffffc900000076e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888111a762c0
RDX: 0000000000000100 RSI: ffff888123bf8b40 RDI: 0000000000000000
RBP: ffffc90000007830 R08: ffffffff83f17c5d R09: ffffffff83f17b7b
R10: 0000000000000004 R11: ffff888111a762c0 R12: 0000000000000019
R13: 1ffff92000000ee8 R14: dffffc0000000000 R15: ffff888123bf8b40
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000100000000 CR3: 0000000006a0f000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: f1 int1
1: 00 f2 add %dh,%dl
3: f2 f2 4b 89 44 35 00 repnz repnz mov %rax,0x0(%r13,%r14,1)
a: 43 c7 44 35 0f f3 f3 movl $0xf3f3f3f3,0xf(%r13,%r14,1)
11: f3 f3
13: 43 c6 44 35 13 f3 movb $0xf3,0x13(%r13,%r14,1)
19: e8 cb 0f e1 ff call 0xffe10fe9
1e: 48 89 d8 mov %rbx,%rax
21: 48 c1 e8 03 shr $0x3,%rax
25: 48 89 44 24 40 mov %rax,0x40(%rsp)
* 2a: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 df mov %rbx,%rdi
34: e8 f0 74 23 00 call 0x237529
39: 48 89 5c 24 08 mov %rbx,0x8(%rsp)
3e: 4c rex.WR
3f: 8b .byte 0x8b