==================================================================
BUG: KASAN: null-ptr-deref in __queue_work+0x242/0xed0 kernel/workqueue.c:1476
Read of size 8 at addr 0000000000000000 by task syz-executor.0/4406

CPU: 1 PID: 4406 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline]
[<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459
[<ffffffff80475b20>] check_region_inline mm/kasan/generic.c:183 [inline]
[<ffffffff80475b20>] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256
[<ffffffff800924a4>] __queue_work+0x242/0xed0 kernel/workqueue.c:1476
[<ffffffff8009321a>] queue_work_on+0xe8/0xfe kernel/workqueue.c:1562
[<ffffffff830d0c26>] queue_work include/linux/workqueue.h:502 [inline]
[<ffffffff830d0c26>] nci_send_cmd+0x14e/0x1e4 net/nfc/nci/core.c:1372
[<ffffffff830d0dae>] nci_reset_req+0x90/0xb8 net/nfc/nci/core.c:166
[<ffffffff830ced64>] __nci_request+0x50/0x1a6 net/nfc/nci/core.c:107
[<ffffffff830cf8a2>] nci_open_device net/nfc/nci/core.c:502 [inline]
[<ffffffff830cf8a2>] nci_dev_up+0x1b0/0x3fe net/nfc/nci/core.c:627
[<ffffffff830b88fc>] nfc_dev_up+0x128/0x26c net/nfc/core.c:118
[<ffffffff830bb742>] nfc_genl_dev_up+0x5e/0x8a net/nfc/netlink.c:770
[<ffffffff8296f9ae>] genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
[<ffffffff82970420>] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
[<ffffffff82970420>] genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
[<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
[<ffffffff8296ecb2>] genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
[<ffffffff8296cbcc>] netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
[<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
[<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
[<ffffffff826d264e>] sock_sendmsg_nosec net/socket.c:705 [inline]
[<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4 net/socket.c:725
[<ffffffff826d4dd4>] ____sys_sendmsg+0x46e/0x484 net/socket.c:2413
[<ffffffff826d8bca>] ___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
[<ffffffff826d8e78>] __sys_sendmsg+0xba/0x150 net/socket.c:2496
[<ffffffff826d8f3a>] __do_sys_sendmsg net/socket.c:2505 [inline]
[<ffffffff826d8f3a>] sys_sendmsg+0x2c/0x3a net/socket.c:2503
[<ffffffff80005716>] ret_from_syscall+0x0/0x2
==================================================================
Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000000
Oops [#1]
Modules linked in:
CPU: 1 PID: 4406 Comm: syz-executor.0 Tainted: G    B             5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
epc : __queue_work+0x242/0xed0 kernel/workqueue.c:1476
 ra : __queue_work+0x242/0xed0 kernel/workqueue.c:1476
epc : ffffffff800924a4 ra : ffffffff800924a4 sp : ffffaf800e493010
 gp : ffffffff85863ac0 tp : ffffaf800e6648c0 t0 : ffffffff86bcb657
 t1 : fffff5ef0b53c90c t2 : 0000000000000000 s0 : ffffaf800e4930a0
 s1 : ffffaf805a9f1840 a0 : 0000000000000001 a1 : 0000000000000007
 a2 : 1ffff5f001ccc918 a3 : ffffffff831afd6c a4 : 0000000000000000
 a5 : ffffaf800e6658c0 a6 : 0000000000f00000 a7 : ffffaf805a9e4863
 s2 : 0000000000000000 s3 : ffffaf80124970f8 s4 : ffffaf80108d4000
 s5 : ffffaf8007229800 s6 : 0000000000000001 s7 : 0000000000000008
 s8 : ffffffff83449840 s9 : ffffffff86c1a620 s10: ffffaf80108d41c0
 s11: ffffffff855c0c80 t3 : 0000000061736944 t4 : fffff5ef0b53c90c
 t5 : fffff5ef0b53c90d t6 : ffffaf800e492a58
status: 0000000000000100 badaddr: 0000000000000000 cause: 000000000000000d
[<ffffffff8009321a>] queue_work_on+0xe8/0xfe kernel/workqueue.c:1562
[<ffffffff830d0c26>] queue_work include/linux/workqueue.h:502 [inline]
[<ffffffff830d0c26>] nci_send_cmd+0x14e/0x1e4 net/nfc/nci/core.c:1372
[<ffffffff830d0dae>] nci_reset_req+0x90/0xb8 net/nfc/nci/core.c:166
[<ffffffff830ced64>] __nci_request+0x50/0x1a6 net/nfc/nci/core.c:107
[<ffffffff830cf8a2>] nci_open_device net/nfc/nci/core.c:502 [inline]
[<ffffffff830cf8a2>] nci_dev_up+0x1b0/0x3fe net/nfc/nci/core.c:627
[<ffffffff830b88fc>] nfc_dev_up+0x128/0x26c net/nfc/core.c:118
[<ffffffff830bb742>] nfc_genl_dev_up+0x5e/0x8a net/nfc/netlink.c:770
[<ffffffff8296f9ae>] genl_family_rcv_msg_doit+0x19a/0x23c net/netlink/genetlink.c:731
[<ffffffff82970420>] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
[<ffffffff82970420>] genl_rcv_msg+0x236/0x3ba net/netlink/genetlink.c:792
[<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be net/netlink/af_netlink.c:2494
[<ffffffff8296ecb2>] genl_rcv+0x36/0x4c net/netlink/genetlink.c:803
[<ffffffff8296cbcc>] netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
[<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe net/netlink/af_netlink.c:1343
[<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994 net/netlink/af_netlink.c:1919
[<ffffffff826d264e>] sock_sendmsg_nosec net/socket.c:705 [inline]
[<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4 net/socket.c:725
[<ffffffff826d4dd4>] ____sys_sendmsg+0x46e/0x484 net/socket.c:2413
[<ffffffff826d8bca>] ___sys_sendmsg+0x16c/0x1f6 net/socket.c:2467
[<ffffffff826d8e78>] __sys_sendmsg+0xba/0x150 net/socket.c:2496
[<ffffffff826d8f3a>] __do_sys_sendmsg net/socket.c:2505 [inline]
[<ffffffff826d8f3a>] sys_sendmsg+0x2c/0x3a net/socket.c:2503
[<ffffffff80005716>] ret_from_syscall+0x0/0x2
---[ end trace 0000000000000000 ]---