While developing the WireGuard host2host encryption feature (#19407), I noticed that if redirecting after calling bpf_skb_set_tunnel_key() to a device which doesn't support the tunnel metadata crashes a VM. Unfortunately, I couldn't retrieve the dmesg as VirtualBox had immediately rebooted the machine.

I had the following modification in the to-overlay section:

__section("to-overlay")
int to_overlay(struct __ctx_buff *ctx)
{
	int ret;

	ret = encap_remap_v6_host_address(ctx, true);
	if (unlikely(ret < 0))
		goto out;

#ifdef ENABLE_WIREGUARD
	ret = wg_maybe_redirect_to_encrypt(ctx);
	if (ret == CTX_ACT_REDIRECT)
		return ret;
	else if (IS_ERR(ret))
		return send_drop_notify_error(ctx, src_id, ret, CTX_ACT_DROP,
					      METRIC_EGRESS);
#endif /* ENABLE_WIREGUARD */

...

The crash was triggered immediately after a pod has sent a packet to a remote pod via the tunnel.

Affected kernels: 5.15 and 5.17