general protection fault, probably for non-canonical address 0xdffffc000000013d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000009e8-0x00000000000009ef]
CPU: 1 PID: 5130 Comm: kworker/1:4 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: wg-crypt-wg0 wg_packet_tx_worker
RIP: 0010:debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
RIP: 0010:do_raw_spin_lock+0x6e/0x2b0 kernel/locking/spinlock_debug.c:114
Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
RSP: 0018:ffffc900001f06b0 EFLAGS: 00010003
RAX: dffffc0000000000 RBX: 00000000000009e8 RCX: 0000000000000000
RDX: 000000000000013d RSI: ffffffff8ae928a0 RDI: 00000000000009ec
RBP: 1ffff9200003e0d7 R08: 0000000000000000 R09: fffffbfff1d9c4b2
R10: ffffffff8ece2597 R11: ffffc900001f0ff8 R12: 178503743ecc804e
R13: 0000000000000003 R14: 00000000000009e8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdd4e20cf8 CR3: 000000000c976000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0x42/0x50 kernel/locking/spinlock.c:162
 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:518 [inline]
 try_to_wake_up+0xb0/0x15b0 kernel/sched/core.c:4230
 rxrpc_wake_up_io_thread net/rxrpc/ar-internal.h:1046 [inline]
 rxrpc_encap_rcv+0x133/0x250 net/rxrpc/io_thread.c:50
 udpv6_queue_rcv_one_skb+0xaff/0x1860 net/ipv6/udp.c:714
 udpv6_queue_rcv_skb+0x193/0xa20 net/ipv6/udp.c:775
 udp6_unicast_rcv_skb+0x161/0x2f0 net/ipv6/udp.c:918
 __udp6_lib_rcv+0x1665/0x2f10 net/ipv6/udp.c:1007
 ip6_protocol_deliver_rcu+0x33b/0x13d0 net/ipv6/ip6_input.c:438
 ip6_input_finish+0x151/0x300 net/ipv6/ip6_input.c:483
 NF_HOOK include/linux/netfilter.h:304 [inline]
 NF_HOOK include/linux/netfilter.h:298 [inline]
 ip6_input+0xca/0x420 net/ipv6/ip6_input.c:492
 dst_input include/net/dst.h:468 [inline]
 ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
 NF_HOOK include/linux/netfilter.h:304 [inline]
 NF_HOOK include/linux/netfilter.h:298 [inline]
 ipv6_rcv+0x4a9/0x6f0 net/ipv6/ip6_input.c:310
 __netif_receive_skb_one_core+0x115/0x180 net/core/dev.c:5523
 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5637
 process_backlog+0x101/0x6c0 net/core/dev.c:5965
 __napi_poll.constprop.0+0xb4/0x530 net/core/dev.c:6527
 napi_poll net/core/dev.c:6594 [inline]
 net_rx_action+0x956/0xe90 net/core/dev.c:6727
 __do_softirq+0x218/0x965 kernel/softirq.c:553
 do_softirq kernel/softirq.c:454 [inline]
 do_softirq+0xaa/0xe0 kernel/softirq.c:441
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:381
 wg_socket_send_skb_to_peer+0x14c/0x210 drivers/net/wireguard/socket.c:184
 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
 wg_packet_tx_worker+0x1ab/0x780 drivers/net/wireguard/send.c:276
 process_one_work+0x887/0x15d0 kernel/workqueue.c:2630
 process_scheduled_works kernel/workqueue.c:2703 [inline]
 worker_thread+0x8bb/0x1290 kernel/workqueue.c:2784
 kthread+0x33a/0x430 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline]
RIP: 0010:do_raw_spin_lock+0x6e/0x2b0 kernel/locking/spinlock_debug.c:114
Code: 81 48 8d 54 05 00 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 65 48 8b 14 25 28 00 00 00 48 89 54 24 60 31 d2 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e3
RSP: 0018:ffffc900001f06b0 EFLAGS: 00010003
RAX: dffffc0000000000 RBX: 00000000000009e8 RCX: 0000000000000000
RDX: 000000000000013d RSI: ffffffff8ae928a0 RDI: 00000000000009ec
RBP: 1ffff9200003e0d7 R08: 0000000000000000 R09: fffffbfff1d9c4b2
R10: ffffffff8ece2597 R11: ffffc900001f0ff8 R12: 178503743ecc804e
R13: 0000000000000003 R14: 00000000000009e8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdd4e20cf8 CR3: 000000000c976000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	81 48 8d 54 05 00 c7 	orl    $0xc7000554,-0x73(%rax)
   7:	02 f1                	add    %cl,%dh
   9:	f1                   	int1
   a:	f1                   	int1
   b:	f1                   	int1
   c:	c7 42 04 04 f3 f3 f3 	movl   $0xf3f3f304,0x4(%rdx)
  13:	65 48 8b 14 25 28 00 	mov    %gs:0x28,%rdx
  1a:	00 00
  1c:	48 89 54 24 60       	mov    %rdx,0x60(%rsp)
  21:	31 d2                	xor    %edx,%edx
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 14 02          	movzbl (%rdx,%rax,1),%edx <-- trapping instruction
  2e:	48 89 f8             	mov    %rdi,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 03             	add    $0x3,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 08                	jl     0x43
  3b:	84 d2                	test   %dl,%dl
  3d:	0f                   	.byte 0xf
  3e:	85 e3                	test   %esp,%ebx