8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=85037003, *pmd=fe612003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 4048 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __queue_work+0xa0/0x74c kernel/workqueue.c:1459
LR is at 0x82c00000
pc : [<80260410>]    lr : [<82c00000>]    psr: 60000193
sp : edbf5ac8  ip : 82c00024  fp : edbf5b0c
r10: 8280e800  r9 : 00000000  r8 : 82446498
r7 : 8220c940  r6 : 00000008  r5 : 85074a00  r4 : 860ba85c
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 8280e800
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 857f2540  DAC: fffffffd
Register r0 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-2k start 860ba800 pointer offset 92 size 2048
Register r5 information: slab kmalloc-512 start 85074a00 pointer offset 0 size 512
Register r6 information: non-paged memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r11 information: 2-page vmalloc region starting at 0xedbf4000 allocated at kernel_clone+0x9c/0x3f4 kernel/fork.c:2671
Register r12 information: slab radix_tree_node start 82c00000 pointer offset 36
Process syz-executor.0 (pid: 4048, stack limit = 0xedbf4000)
Stack: (0xedbf5ac8 to 0xedbf6000)
5ac0:                   80275518 802a0f18 820a235c 83ec3980 0000002a 00000000
5ae0: 80000113 860ba85c 00000008 85074a00 60000113 edbf5b63 8250ca80 853c5174
5b00: edbf5b2c edbf5b10 80260b0c 8026037c 842c70c0 860ba800 00000000 00000001
5b20: edbf5b5c edbf5b30 816df870 80260ac8 816901c8 edbf5bbc edbf5ba8 860ba800
5b40: 860ba8d8 000001f4 816df8f0 00000000 edbf5b74 edbf5b60 816df924 816df7cc
5b60: 01275518 b47d4f94 edbf5b94 edbf5b78 816de4b0 816df8fc 860ba800 81ed5f0c
5b80: 860ba818 860ba8c4 edbf5bbc edbf5b98 816deb28 816de488 edbf5bbc b47d4f94
5ba0: 853c6000 81ed5f0c 853c605c 857d4c80 edbf5bdc edbf5bc0 816d2e28 816dea1c
5bc0: 853c6000 81ed5f0c 842c79c0 857d4c80 edbf5bf4 edbf5be0 816d441c 816d2dc0
5be0: 85079c14 81ed5f0c edbf5c9c edbf5bf8 813bf7d4 816d43f8 00000001 edbf5c08
5c00: 8020d4c4 8020c2fc edbf5c34 edbf5c18 8020c314 8020d440 00000000 00000001
5c20: 81777be8 000014ff edbf5c74 edbf5c38 816d43ec 00000000 00000000 00000000
5c40: 81a4ae68 0000001f 03010002 00000000 00003f3a 85079c00 85079c10 85079c14
5c60: 857d4c80 8250ca80 00000000 00000000 edbf5ca4 b47d4f94 842c79c0 813bf60c
5c80: 85079c00 0000001c 82210b94 00000000 edbf5cec edbf5ca0 813be8c0 813bf618
5ca0: 82801480 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5cc0: 00000000 00000000 00000000 b47d4f94 842c79c0 823c074c 853c5000 842c79c0
5ce0: edbf5d04 edbf5cf0 813bf130 813be808 82930000 82930064 edbf5d44 edbf5d08
5d00: 813bddfc 813bf110 853c5000 0000001c 7fffffff b47d4f94 edbf5d44 0000001c
5d20: edbf5f38 842c79c0 0000001c 853c5000 00000000 00000000 edbf5da4 edbf5d48
5d40: 813be144 813bdbb4 00000000 00000000 85079c00 00000000 00000000 84228a00
5d60: 00000000 00003f3a 00000000 00000000 00000000 b47d4f94 edbf5da4 edbf5f38
5d80: 846d5b80 846d5b80 00000000 00000000 00000000 edbf5ddc edbf5dbc edbf5da8
5da0: 81295f24 813bdf3c edbf5f38 00000000 edbf5e2c edbf5dc0 81296d50 81295ef4
5dc0: 80795af4 80795970 edbf5e38 edbf5f48 00000000 00000000 edbf5e2c edbf5de8
5de0: 8129895c 80795ad4 edbf5e38 edbf5f48 00000000 00000000 20000180 b47d4f94
5e00: 00000000 00000000 edbf5f38 846d5b80 00000000 00000000 83ec3980 00000128
5e20: edbf5f24 edbf5e30 81298a04 81296b50 00000000 81770264 00000000 200001c0
5e40: 0000001c 83ec3980 edbf5f24 edbf5e58 80300518 802fc984 edbf5e6c 00000000
5e60: dddd5640 83ec3980 804a984c 828fde00 edbf5e8c edbf5e80 8176e29c 8176e188
5e80: 00000000 edbf5ee0 edbf5ed4 edbf5e98 802fbfd8 808112f0 00088019 8589d4c8
5ea0: 8580b440 b47d4f94 00000064 edbf5eac edbf5eac edbf5eb4 edbf5eb4 83ec3980
5ec0: edbf5efc edbf5ed0 804cc504 802ce8a8 00000000 edbf5f34 edbf5f30 00000000
5ee0: 00000128 80200288 83ec3980 00000128 edbf5f0c edbf5f00 804cc578 b47d4f94
5f00: edbf5f24 846d5b80 20000140 00000000 00000128 80200288 edbf5fa4 edbf5f28
5f20: 81298e58 8129899c 00000000 00000000 00000001 fffffff7 00000000 00000000
5f40: edbf5fa4 edbf5f50 01010000 00000000 00000000 edbf5e44 00000000 00000000
5f60: 00000000 edbf5f71 00000000 00000000 00000000 00000000 00000008 b47d4f94
5f80: 80200288 b47d4f94 00000000 00000000 00000000 0014c080 00000000 edbf5fa8
5fa0: 80200060 81298e0c 00000000 00000000 00000006 20000140 00000000 00000000
5fc0: 00000000 00000000 0014c080 00000128 7ef5f3d2 76bd66d0 7ef5f544 76bd620c
5fe0: 76bd6020 76bd6010 000164dc 0004d5a0 60000010 00000006 00000000 00000000
Backtrace: 
[<80260370>] (__queue_work) from [<80260b0c>] (queue_work_on+0x50/0x5c kernel/workqueue.c:1545)
 r10:853c5174 r9:8250ca80 r8:edbf5b63 r7:60000113 r6:85074a00 r5:00000008
 r4:860ba85c
[<80260abc>] (queue_work_on) from [<816df870>] (queue_work include/linux/workqueue.h:503 [inline])
[<80260abc>] (queue_work_on) from [<816df870>] (nci_send_cmd+0xb0/0x110 net/nfc/nci/core.c:1376)
 r7:00000001 r6:00000000 r5:860ba800 r4:842c70c0
[<816df7c0>] (nci_send_cmd) from [<816df924>] (nci_reset_req+0x34/0x5c net/nfc/nci/core.c:166)
 r8:00000000 r7:816df8f0 r6:000001f4 r5:860ba8d8 r4:860ba800
[<816df8f0>] (nci_reset_req) from [<816de4b0>] (__nci_request+0x34/0xd8 net/nfc/nci/core.c:107)
[<816de47c>] (__nci_request) from [<816deb28>] (nci_open_device net/nfc/nci/core.c:502 [inline])
[<816de47c>] (__nci_request) from [<816deb28>] (nci_dev_up+0x118/0x1f8 net/nfc/nci/core.c:631)
 r7:860ba8c4 r6:860ba818 r5:81ed5f0c r4:860ba800
[<816dea10>] (nci_dev_up) from [<816d2e28>] (nfc_dev_up+0x74/0x11c net/nfc/core.c:118)
 r7:857d4c80 r6:853c605c r5:81ed5f0c r4:853c6000
[<816d2db4>] (nfc_dev_up) from [<816d441c>] (nfc_genl_dev_up+0x30/0x58 net/nfc/netlink.c:770)
 r7:857d4c80 r6:842c79c0 r5:81ed5f0c r4:853c6000
[<816d43ec>] (nfc_genl_dev_up) from [<813bf7d4>] (genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline])
[<816d43ec>] (nfc_genl_dev_up) from [<813bf7d4>] (genl_family_rcv_msg net/netlink/genetlink.c:833 [inline])
[<816d43ec>] (nfc_genl_dev_up) from [<813bf7d4>] (genl_rcv_msg+0x1c8/0x3f4 net/netlink/genetlink.c:850)
 r5:81ed5f0c r4:85079c14
[<813bf60c>] (genl_rcv_msg) from [<813be8c0>] (netlink_rcv_skb+0xc4/0x128 net/netlink/af_netlink.c:2540)
 r9:00000000 r8:82210b94 r7:0000001c r6:85079c00 r5:813bf60c r4:842c79c0
[<813be7fc>] (netlink_rcv_skb) from [<813bf130>] (genl_rcv+0x2c/0x3c net/netlink/genetlink.c:861)
 r7:842c79c0 r6:853c5000 r5:823c074c r4:842c79c0
[<813bf104>] (genl_rcv) from [<813bddfc>] (netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline])
[<813bf104>] (genl_rcv) from [<813bddfc>] (netlink_unicast+0x254/0x388 net/netlink/af_netlink.c:1345)
 r5:82930064 r4:82930000
[<813bdba8>] (netlink_unicast) from [<813be144>] (netlink_sendmsg+0x214/0x4a8 net/netlink/af_netlink.c:1921)
 r10:00000000 r9:00000000 r8:853c5000 r7:0000001c r6:842c79c0 r5:edbf5f38
 r4:0000001c
[<813bdf30>] (netlink_sendmsg) from [<81295f24>] (sock_sendmsg_nosec net/socket.c:714 [inline])
[<813bdf30>] (netlink_sendmsg) from [<81295f24>] (sock_sendmsg+0x3c/0x4c net/socket.c:734)
 r10:edbf5ddc r9:00000000 r8:00000000 r7:00000000 r6:846d5b80 r5:846d5b80
 r4:edbf5f38
[<81295ee8>] (sock_sendmsg) from [<81296d50>] (____sys_sendmsg+0x20c/0x2a4 net/socket.c:2482)
 r5:00000000 r4:edbf5f38
[<81296b44>] (____sys_sendmsg) from [<81298a04>] (___sys_sendmsg+0x74/0xac net/socket.c:2536)
 r10:00000128 r9:83ec3980 r8:00000000 r7:00000000 r6:846d5b80 r5:edbf5f38
 r4:00000000
[<81298990>] (___sys_sendmsg) from [<81298e58>] (__sys_sendmsg net/socket.c:2565 [inline])
[<81298990>] (___sys_sendmsg) from [<81298e58>] (__do_sys_sendmsg net/socket.c:2574 [inline])
[<81298990>] (___sys_sendmsg) from [<81298e58>] (sys_sendmsg+0x58/0xa0 net/socket.c:2572)
 r8:80200288 r7:00000128 r6:00000000 r5:20000140 r4:846d5b80
[<81298e00>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:64)
Exception stack(0xedbf5fa8 to 0xedbf5ff0)
5fa0:                   00000000 00000000 00000006 20000140 00000000 00000000
5fc0: 00000000 00000000 0014c080 00000128 7ef5f3d2 76bd66d0 7ef5f544 76bd620c
5fe0: 76bd6020 76bd6010 000164dc 0004d5a0
 r6:0014c080 r5:00000000 r4:00000000
Code: 0a00003b e59f06a8 eb532efb e1a0a000 (e5990000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a00003b 	beq	0xf4
   4:	e59f06a8 	ldr	r0, [pc, #1704]	; 0x6b4
   8:	eb532efb 	bl	0x14cbbfc
   c:	e1a0a000 	mov	sl, r0
* 10:	e5990000 	ldr	r0, [r9] <-- trapping instruction