==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1457 [inline]
BUG: KASAN: null-ptr-deref in __rcuref_put include/linux/rcuref.h:87 [inline]
BUG: KASAN: null-ptr-deref in rcuref_put+0x120/0x200 include/linux/rcuref.h:150
Write of size 4 at addr 0000000000000044 by task kworker/u8:0/11
CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc7-syzkaller-g1950a0af2d55 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
print_report+0xf8/0x538 mm/kasan/report.c:492
kasan_report+0xd8/0x138 mm/kasan/report.c:602
kasan_check_range+0x268/0x2a8 mm/kasan/generic.c:189
__kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37
instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1457 [inline]
__rcuref_put include/linux/rcuref.h:87 [inline]
rcuref_put+0x120/0x200 include/linux/rcuref.h:150
dst_release+0x28/0xe0 net/core/dst.c:167
dst_cache_reset_now+0x1a4/0x204 net/core/dst_cache.c:183
wg_socket_clear_peer_endpoint_src+0x3c/0x54 drivers/net/wireguard/socket.c:312
wg_netns_pre_exit+0x10c/0x1d4 drivers/net/wireguard/device.c:424
ops_pre_exit_list net/core/net_namespace.c:162 [inline]
cleanup_net+0x4dc/0xa34 net/core/net_namespace.c:628
process_one_work+0x7a8/0x15cc kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x97c/0xeec kernel/workqueue.c:3398
kthread+0x288/0x310 kernel/kthread.c:389
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
==================================================================
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000044
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106cfa000
[0000000000000044] pgd=08000001148cf403, p4d=08000001148cf403, pud=0800000108d70403, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Tainted: G B 6.13.0-rc7-syzkaller-g1950a0af2d55 #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __lse_atomic_fetch_add_release arch/arm64/include/asm/atomic_lse.h:62 [inline]
pc : __lse_atomic_add_return_release arch/arm64/include/asm/atomic_lse.h:96 [inline]
pc : arch_atomic_add_return_release arch/arm64/include/asm/atomic.h:52 [inline]
pc : raw_atomic_add_return_release include/linux/atomic/atomic-arch-fallback.h:618 [inline]
pc : raw_atomic_add_negative_release include/linux/atomic/atomic-arch-fallback.h:2380 [inline]
pc : atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1458 [inline]
pc : __rcuref_put include/linux/rcuref.h:87 [inline]
pc : rcuref_put+0x12c/0x200 include/linux/rcuref.h:150
lr : arch_atomic_add_return_release arch/arm64/include/asm/atomic.h:52 [inline]
lr : raw_atomic_add_return_release include/linux/atomic/atomic-arch-fallback.h:618 [inline]
lr : raw_atomic_add_negative_release include/linux/atomic/atomic-arch-fallback.h:2380 [inline]
lr : atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1458 [inline]
lr : __rcuref_put include/linux/rcuref.h:87 [inline]
lr : rcuref_put+0x128/0x200 include/linux/rcuref.h:150
sp : ffff800097b27890
x29: ffff800097b27890 x28: 1fffffbff7ee0c96 x27: 1ffff00011e68866
x26: 0000000000000008 x25: 1fffe000197b815a x24: dfff800000000000
x23: 0000000000000004 x22: fffffdffbf7064b0 x21: dfff800000000000
x20: 0000000000000202 x19: 0000000000000044 x18: 0000000000000008
x17: 0000000000000000 x16: ffff80008069cc18 x15: 0000000000000001
x14: 1ffff000125ec2f0 x13: 0000000000000000 x12: 0000000000000000
x11: ffff7000125ec2f1 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000ffffffff x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800097b26eb8 x4 : ffff80008fb00460 x3 : ffff8000802f5e28
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
arch_atomic_add_return_release arch/arm64/include/asm/atomic.h:52 [inline] (P)
raw_atomic_add_return_release include/linux/atomic/atomic-arch-fallback.h:618 [inline] (P)
raw_atomic_add_negative_release include/linux/atomic/atomic-arch-fallback.h:2380 [inline] (P)
atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1458 [inline] (P)
__rcuref_put include/linux/rcuref.h:87 [inline] (P)
rcuref_put+0x12c/0x200 include/linux/rcuref.h:150 (P)
dst_release+0x28/0xe0 net/core/dst.c:167
dst_cache_reset_now+0x1a4/0x204 net/core/dst_cache.c:183
wg_socket_clear_peer_endpoint_src+0x3c/0x54 drivers/net/wireguard/socket.c:312
wg_netns_pre_exit+0x10c/0x1d4 drivers/net/wireguard/device.c:424
ops_pre_exit_list net/core/net_namespace.c:162 [inline]
cleanup_net+0x4dc/0xa34 net/core/net_namespace.c:628
process_one_work+0x7a8/0x15cc kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x97c/0xeec kernel/workqueue.c:3398
kthread+0x288/0x310 kernel/kthread.c:389
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
Code: 979ab24a d503201f 979aadb4 12800008 (b8680268)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 979ab24a bl 0xfffffffffe6ac928
4: d503201f nop
8: 979aadb4 bl 0xfffffffffe6ab6d8
c: 12800008 mov w8, #0xffffffff // #-1
* 10: b8680268 ldaddl w8, w8, [x19] <-- trapping instruction