==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1457 [inline]
BUG: KASAN: null-ptr-deref in __rcuref_put include/linux/rcuref.h:87 [inline]
BUG: KASAN: null-ptr-deref in rcuref_put include/linux/rcuref.h:150 [inline]
BUG: KASAN: null-ptr-deref in dst_release+0x4e/0x1e0 net/core/dst.c:164
Write of size 4 at addr 00000000000000a4 by task kswapd0/112

CPU: 0 PID: 112 Comm: kswapd0 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_add_negative_release include/linux/atomic/atomic-instrumented.h:1457 [inline]
 __rcuref_put include/linux/rcuref.h:87 [inline]
 rcuref_put include/linux/rcuref.h:150 [inline]
 dst_release+0x4e/0x1e0 net/core/dst.c:164
 dst_cache_reset_now net/core/dst_cache.c:181 [inline]
 dst_cache_reset_now+0x18f/0x2e0 net/core/dst_cache.c:167
 wg_socket_clear_peer_endpoint_src+0x3c/0x50 drivers/net/wireguard/socket.c:312
 wg_expired_retransmit_handshake+0xd6/0x340 drivers/net/wireguard/timers.c:73
 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1792
 expire_timers kernel/time/timer.c:1843 [inline]
 __run_timers+0x74b/0xaf0 kernel/time/timer.c:2417
 __run_timer_base kernel/time/timer.c:2428 [inline]
 __run_timer_base kernel/time/timer.c:2421 [inline]
 run_timer_base+0x111/0x190 kernel/time/timer.c:2437
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2447
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__sanitizer_cov_trace_pc+0x58/0x60 kernel/kcov.c:225
Code: 82 f8 15 00 00 83 f8 02 75 20 48 8b 8a 00 16 00 00 8b 92 fc 15 00 00 48 8b 01 48 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 <c3> cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90001f57728 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000089 RCX: ffffffff81f51e9b
RDX: ffff88801b324880 RSI: ffffffff81f51d56 RDI: 0000000000000005
RBP: ffff88801e0d2450 R08: 0000000000000005 R09: 00000000ffffffff
R10: 0000000000000089 R11: 0000000000000001 R12: dffffc0000000000
R13: 000000000000008c R14: 0000000000000000 R15: ffff88801e4a5000
 zs_shrinker_count+0x66/0x240 mm/zsmalloc.c:2034
 do_shrink_slab+0x82/0x11c0 mm/shrinker.c:382
 shrink_slab+0x18a/0x1310 mm/shrinker.c:662
 shrink_one+0x493/0x7c0 mm/vmscan.c:4790
 shrink_many mm/vmscan.c:4851 [inline]
 lru_gen_shrink_node+0x89f/0x1750 mm/vmscan.c:4951
 shrink_node mm/vmscan.c:5910 [inline]
 kswapd_shrink_node mm/vmscan.c:6720 [inline]
 balance_pgdat+0x1105/0x1970 mm/vmscan.c:6911
 kswapd+0x5ea/0xbf0 mm/vmscan.c:7180
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
==================================================================
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	f8                   	clc
   1:	15 00 00 83 f8       	adc    $0xf8830000,%eax
   6:	02 75 20             	add    0x20(%rbp),%dh
   9:	48 8b 8a 00 16 00 00 	mov    0x1600(%rdx),%rcx
  10:	8b 92 fc 15 00 00    	mov    0x15fc(%rdx),%edx
  16:	48 8b 01             	mov    (%rcx),%rax
  19:	48 83 c0 01          	add    $0x1,%rax
  1d:	48 39 d0             	cmp    %rdx,%rax
  20:	73 07                	jae    0x29
  22:	48 89 01             	mov    %rax,(%rcx)
  25:	48 89 34 c1          	mov    %rsi,(%rcx,%rax,8)
* 29:	c3                   	ret <-- trapping instruction
  2a:	cc                   	int3
  2b:	cc                   	int3
  2c:	cc                   	int3
  2d:	cc                   	int3
  2e:	0f 1f 00             	nopl   (%rax)
  31:	90                   	nop
  32:	90                   	nop
  33:	90                   	nop
  34:	90                   	nop
  35:	90                   	nop
  36:	90                   	nop
  37:	90                   	nop
  38:	90                   	nop
  39:	90                   	nop
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop