program: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newtaction={0x6c, 0x30, 0x48b, 0x1000, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0xfc000000, 0x7, 0x4, 0xfffffffd}, @multicast1, @empty, 0xffffffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x63}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5800000000020000000000000000000000000000100001800c0002800500010000000000300003802c000180140003"], 0x58}}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b80)={0x4c, r3, 0x1, 0x0, 0x800, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x4c}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wg0\x00', 0x0}) r5 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r5, &(0x7f0000000180)='`', 0xca, 0x0, &(0x7f0000000240)={0x6, 0x0, r4, 0x1, 0x0, 0x6, @random="4a99fee2a74d"}, 0x14) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\b\x00\x00\x00Z\x00\n']) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240100003b0007010000000000000000047c0000040000000c00018006000600800a000000010280f90017"], 0x124}}, 0xc000) [ 80.901940][ T5097] Bluetooth: hci0: command tx timeout [ 81.815245][ T5116] program syz.0.0 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 81.819092][ T5116] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 81.824479][ T5116] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 81.828376][ T5116] CPU: 0 UID: 0 PID: 5116 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 81.832704][ T5116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.836968][ T5116] RIP: 0010:ata_msense_control+0x966/0x1cf0 [ 81.839565][ T5116] Code: b6 04 10 84 c0 0f 85 9b 0f 00 00 4c 89 e8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 b6 0f 00 00 66 c7 03 00 e4 49 89 ec 49 c1 ec 03 <41> 0f b6 04 14 84 c0 0f 85 cc 0f 00 00 0f b6 5d 00 c0 e3 04 80 e3 [ 81.848149][ T5116] RSP: 0018:ffffc9000315f068 EFLAGS: 00010046 [ 81.850569][ T5116] RAX: 0000000000000000 RBX: ffffffff9a71ea9e RCX: ffffffff864b9db2 [ 81.853838][ T5116] RDX: dffffc0000000000 RSI: ffffffff8c922180 RDI: ffffffff9a71ea9d [ 81.857111][ T5116] RBP: 0000000000000000 R08: 0000000000020a0a R09: 1e00ffff00000000 [ 81.860846][ T5116] R10: dffffc0000000000 R11: fffffbfff34e3d54 R12: 0000000000000000 [ 81.864301][ T5116] R13: ffffffff9a71ea9f R14: 000000000000000a R15: ffff8880009fadf8 [ 81.867462][ T5116] FS: 00007f840652b6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 81.871122][ T5116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.874435][ T5116] CR2: 00007f84058a0c68 CR3: 000000001abd4000 CR4: 0000000000350ef0 [ 81.877892][ T5116] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.881161][ T5116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.884464][ T5116] Call Trace: [ 81.886031][ T5116] [ 81.887356][ T5116] ? __die_body+0x5f/0xb0 [ 81.889261][ T5116] ? die_addr+0xb0/0xe0 [ 81.891048][ T5116] ? exc_general_protection+0x3dd/0x5d0 [ 81.893302][ T5116] ? asm_exc_general_protection+0x26/0x30 [ 81.895707][ T5116] ? ata_msense_control+0x862/0x1cf0 [ 81.897913][ T5116] ? ata_msense_control+0x966/0x1cf0 [ 81.900376][ T5116] ? ata_msense_control+0x862/0x1cf0 [ 81.903068][ T5116] ata_scsi_simulate+0xfe5/0x2320 [ 81.905164][ T5116] ? __pfx_ata_scsi_simulate+0x10/0x10 [ 81.907309][ T5116] __ata_scsi_queuecmd+0x21e/0x1030 [ 81.909387][ T5116] ata_scsi_queuecmd+0x3bb/0x530 [ 81.911380][ T5116] scsi_queue_rq+0x1d7c/0x2e90 [ 81.913524][ T5116] blk_mq_dispatch_rq_list+0xb89/0x1b30 [ 81.916469][ T5116] ? __pfx_lock_release+0x10/0x10 [ 81.919216][ T5116] ? do_raw_spin_lock+0x14f/0x370 [ 81.921231][ T5116] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 81.923602][ T5116] __blk_mq_sched_dispatch_requests+0x424/0x1840 [ 81.926119][ T5116] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 81.928795][ T5116] ? blk_mq_run_hw_queue+0x136/0xae0 [ 81.930863][ T5116] ? __asan_memset+0x23/0x50 [ 81.932722][ T5116] ? __pfx_lock_release+0x10/0x10 [ 81.935033][ T5116] ? blk_mq_insert_request+0x72e/0x810 [ 81.938094][ T5116] ? bio_add_hw_page+0x2d0/0xa10 [ 81.940739][ T5116] blk_mq_sched_dispatch_requests+0xcb/0x140 [ 81.943151][ T5116] ? blk_mq_run_hw_queue+0x40c/0xae0 [ 81.945202][ T5116] blk_mq_run_hw_queue+0x9a5/0xae0 [ 81.947222][ T5116] ? blk_account_io_start+0x128/0x4c0 [ 81.949225][ T5116] blk_execute_rq+0x239/0x4b0 [ 81.951102][ T5116] ? bio_add_pc_page+0xb8/0x120 [ 81.953123][ T5116] ? __pfx_blk_execute_rq+0x10/0x10 [ 81.955583][ T5116] ? blk_rq_append_bio+0x2db/0x510 [ 81.958013][ T5116] scsi_ioctl+0x222f/0x2d80 [ 81.960151][ T5116] ? tomoyo_path_number_perm+0x68d/0x880 [ 81.962416][ T5116] ? do_vfs_ioctl+0xf08/0x2e40 [ 81.964465][ T5116] ? __pfx_scsi_ioctl+0x10/0x10 [ 81.966435][ T5116] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 81.968462][ T5116] ? mark_lock+0x9a/0x360 [ 81.970308][ T5116] ? tomoyo_path_number_perm+0x208/0x880 [ 81.972748][ T5116] ? __pfx_lock_release+0x10/0x10 [ 81.975109][ T5116] ? lockdep_hardirqs_on+0x99/0x150 [ 81.977493][ T5116] ? kfree+0x1a0/0x440 [ 81.979237][ T5116] ? tomoyo_path_number_perm+0x68d/0x880 [ 81.981452][ T5116] ? tomoyo_path_number_perm+0x71a/0x880 [ 81.983680][ T5116] ? tomoyo_path_number_perm+0x208/0x880 [ 81.985899][ T5116] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 81.988609][ T5116] sg_ioctl+0x16e9/0x2e80 [ 81.990628][ T5116] ? __pfx_sg_ioctl+0x10/0x10 [ 81.992727][ T5116] ? __fget_files+0x29/0x470 [ 81.994722][ T5116] ? __fget_files+0x3f3/0x470 [ 81.996526][ T5116] ? __pfx_sg_ioctl+0x10/0x10 [ 81.998381][ T5116] __se_sys_ioctl+0xf9/0x170 [ 82.000243][ T5116] do_syscall_64+0xf3/0x230 [ 82.002018][ T5116] ? clear_bhb_loop+0x35/0x90 [ 82.003913][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.006849][ T5116] RIP: 0033:0x7f840577df39 [ 82.009270][ T5116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.016993][ T5116] RSP: 002b:00007f840652b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.020631][ T5116] RAX: ffffffffffffffda RBX: 00007f8405935f80 RCX: 00007f840577df39 [ 82.024352][ T5116] RDX: 00000000200001c0 RSI: 0000000000000001 RDI: 0000000000000003 [ 82.028346][ T5116] RBP: 00007f84057f0216 R08: 0000000000000000 R09: 0000000000000000 [ 82.031551][ T5116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.034790][ T5116] R13: 0000000000000000 R14: 00007f8405935f80 R15: 00007ffd4f842f58 [ 82.037915][ T5116] [ 82.039210][ T5116] Modules linked in: [ 82.040959][ T5116] ---[ end trace 0000000000000000 ]--- [ 82.043761][ T5116] RIP: 0010:ata_msense_control+0x966/0x1cf0 [ 82.046638][ T5116] Code: b6 04 10 84 c0 0f 85 9b 0f 00 00 4c 89 e8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 b6 0f 00 00 66 c7 03 00 e4 49 89 ec 49 c1 ec 03 <41> 0f b6 04 14 84 c0 0f 85 cc 0f 00 00 0f b6 5d 00 c0 e3 04 80 e3 [ 82.054167][ T5116] RSP: 0018:ffffc9000315f068 EFLAGS: 00010046 [ 82.056760][ T5116] RAX: 0000000000000000 RBX: ffffffff9a71ea9e RCX: ffffffff864b9db2 [ 82.061304][ T5116] RDX: dffffc0000000000 RSI: ffffffff8c922180 RDI: ffffffff9a71ea9d [ 82.064767][ T5116] RBP: 0000000000000000 R08: 0000000000020a0a R09: 1e00ffff00000000 [ 82.067787][ T5116] R10: dffffc0000000000 R11: fffffbfff34e3d54 R12: 0000000000000000 [ 82.070917][ T5116] R13: ffffffff9a71ea9f R14: 000000000000000a R15: ffff8880009fadf8 [ 82.074070][ T5116] FS: 00007f840652b6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 82.078065][ T5116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.082000][ T5116] CR2: 00007f84058a0c68 CR3: 000000001abd4000 CR4: 0000000000350ef0 [ 82.085819][ T5116] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 82.089025][ T5116] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.092233][ T5116] Kernel panic - not syncing: Fatal exception [ 82.095123][ T5116] Kernel Offset: disabled [ 82.096780][ T5116] Rebooting in 86400 seconds..