8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=8522b003, *pmd=feca4003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 7655 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __queue_work+0xa0/0x74c kernel/workqueue.c:1459
LR is at 0x82c00000
pc : [<80260410>]    lr : [<82c00000>]    psr: 60000193
sp : eb161ac8  ip : 82c00024  fp : eb161b0c
r10: 8280e800  r9 : 00000000  r8 : 82449498
r7 : 8220c940  r6 : 00000008  r5 : 84d78400  r4 : 84c4005c
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 8280e800
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 8506ba80  DAC: 00000000
Register r0 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-2k start 84c40000 pointer offset 92 size 2048
Register r5 information: slab kmalloc-512 start 84d78400 pointer offset 0 size 512
Register r6 information: non-paged memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r11 information: 2-page vmalloc region starting at 0xeb160000 allocated at kernel_clone+0x9c/0x3f4 kernel/fork.c:2671
Register r12 information: slab radix_tree_node start 82c00000 pointer offset 36
Process syz-executor.0 (pid: 7655, stack limit = 0xeb160000)
Stack: (0xeb161ac8 to 0xeb162000)
1ac0:                   80275518 802a0f18 820a235c 83f28b80 00000023 00000001
1ae0: 80000113 84c4005c 00000008 84d78400 60000113 eb161b63 8250f9c0 8515f574
1b00: eb161b2c eb161b10 80260b0c 8026037c 83ebc300 84c40000 00000000 00000001
1b20: eb161b5c eb161b30 816cb278 80260ac8 8167bbd0 eb161bbc eb161ba8 84c40000
1b40: 84c400d8 000001f4 816cb2f8 00000000 eb161b74 eb161b60 816cb32c 816cb1d4
1b60: 01275518 76b47be8 eb161b94 eb161b78 816c9eb8 816cb304 84c40000 81ed8f0c
1b80: 84c40018 84c400c4 eb161bbc eb161b98 816ca530 816c9e90 eb161bbc 76b47be8
1ba0: 8515fc00 81ed8f0c 8515fc5c 85239780 eb161bdc eb161bc0 816be830 816ca424
1bc0: 8515fc00 81ed8f0c 83ebcb40 85239780 eb161bf4 eb161be0 816bfe24 816be7c8
1be0: 84d79c14 81ed8f0c eb161c9c eb161bf8 813b6a80 816bfe00 00000001 ddeae008
1c00: 806b8ef8 00000006 00000000 84228480 eb161c54 eb161c20 80481b64 807a9dc0
1c20: 806b8754 818d0014 eb161c78 850722c0 816bfdf4 00000000 00000000 00000000
1c40: 81a4d3a0 0000001f 03010002 00000123 0000067a 84d79c00 84d79c10 84d79c14
1c60: 85239780 8250f9c0 00000000 00000000 eb161ca4 76b47be8 83ebcb40 813b68b8
1c80: 84d79c00 0000001c 82210b94 00000000 eb161cec eb161ca0 813b5b6c 813b68c4
1ca0: 82801480 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1cc0: 00000000 00000000 00000000 76b47be8 83ebcb40 823bfe4c 8515f400 83ebcb40
1ce0: eb161d04 eb161cf0 813b63dc 813b5ab4 82930000 82930064 eb161d44 eb161d08
1d00: 813b50a8 813b63bc 8515f400 0000001c 7fffffff 76b47be8 eb161d44 0000001c
1d20: eb161f38 83ebcb40 0000001c 8515f400 00000000 00000000 eb161da4 eb161d48
1d40: 813b53f0 813b4e60 00000000 00000000 84d79c00 00000000 00000000 84186a00
1d60: 00000000 0000067a 00000000 00000000 00000000 76b47be8 eb161da4 eb161f38
1d80: 84637400 84637400 00000000 00000000 00000000 eb161ddc eb161dbc eb161da8
1da0: 8128ff6c 813b51e8 eb161f38 00000000 eb161e2c eb161dc0 81290d50 8128ff3c
1dc0: 80795b6c 807959e8 eb161e38 eb161f48 00000000 00000000 eb161e2c eb161de8
1de0: 8129295c 80795b4c eb161e38 eb161f48 00000000 00000000 20000180 76b47be8
1e00: 00000000 00000000 eb161f38 84637400 00000000 00000000 83f28b80 00000128
1e20: eb161f24 eb161e30 81292a04 81290b50 00000000 8175a274 00000000 200001c0
1e40: 0000001c 83f28b80 eb161f24 eb161e58 80300518 802fc984 eb161e6c 00000000
1e60: eb161eb4 83f28b80 80275908 828fcb00 83f41700 83feee00 00000001 83feefd0
1e80: eb161eb4 83f41700 8026ac60 83f41700 ddde5d80 83f28b80 83feee00 83feee00
1ea0: 00000001 83feefd0 00000064 eb161eac eb161ef4 eb161ec0 802fab54 810b235c
1ec0: eb161efc eb161ed0 804cbfe8 802ce8a8 00000000 eb161f34 eb161f30 00000000
1ee0: 00000128 80200288 83f28b80 00000128 eb161f0c eb161f00 804cc05c 76b47be8
1f00: eb161f24 84637400 20000140 00000000 00000128 80200288 eb161fa4 eb161f28
1f20: 81292e58 8129299c 00000000 00000000 00000001 fffffff7 00000000 00000000
1f40: eb161f5c eb161f50 01010000 00000000 00000000 eb161e44 00000000 00000000
1f60: 00000000 00000001 00000000 00000000 00000000 00000000 eb161f9c eb161f88
1f80: 803ecf68 76b47be8 00000000 00000000 00000000 0014c2c0 00000000 eb161fa8
1fa0: 80200060 81292e0c 00000000 00000000 00000006 20000140 00000000 00000000
1fc0: 00000000 00000000 0014c2c0 00000128 7e8283d2 76aed6d0 7e828544 76aed20c
1fe0: 76aed020 76aed010 000164dc 0004d5a0 60000010 00000006 00000000 00000000
Backtrace: 
[<80260370>] (__queue_work) from [<80260b0c>] (queue_work_on+0x50/0x5c kernel/workqueue.c:1545)
 r10:8515f574 r9:8250f9c0 r8:eb161b63 r7:60000113 r6:84d78400 r5:00000008
 r4:84c4005c
[<80260abc>] (queue_work_on) from [<816cb278>] (queue_work include/linux/workqueue.h:503 [inline])
[<80260abc>] (queue_work_on) from [<816cb278>] (nci_send_cmd+0xb0/0x110 net/nfc/nci/core.c:1376)
 r7:00000001 r6:00000000 r5:84c40000 r4:83ebc300
[<816cb1c8>] (nci_send_cmd) from [<816cb32c>] (nci_reset_req+0x34/0x5c net/nfc/nci/core.c:166)
 r8:00000000 r7:816cb2f8 r6:000001f4 r5:84c400d8 r4:84c40000
[<816cb2f8>] (nci_reset_req) from [<816c9eb8>] (__nci_request+0x34/0xd8 net/nfc/nci/core.c:107)
[<816c9e84>] (__nci_request) from [<816ca530>] (nci_open_device net/nfc/nci/core.c:502 [inline])
[<816c9e84>] (__nci_request) from [<816ca530>] (nci_dev_up+0x118/0x1f8 net/nfc/nci/core.c:631)
 r7:84c400c4 r6:84c40018 r5:81ed8f0c r4:84c40000
[<816ca418>] (nci_dev_up) from [<816be830>] (nfc_dev_up+0x74/0x11c net/nfc/core.c:118)
 r7:85239780 r6:8515fc5c r5:81ed8f0c r4:8515fc00
[<816be7bc>] (nfc_dev_up) from [<816bfe24>] (nfc_genl_dev_up+0x30/0x58 net/nfc/netlink.c:770)
 r7:85239780 r6:83ebcb40 r5:81ed8f0c r4:8515fc00
[<816bfdf4>] (nfc_genl_dev_up) from [<813b6a80>] (genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline])
[<816bfdf4>] (nfc_genl_dev_up) from [<813b6a80>] (genl_family_rcv_msg net/netlink/genetlink.c:833 [inline])
[<816bfdf4>] (nfc_genl_dev_up) from [<813b6a80>] (genl_rcv_msg+0x1c8/0x3f4 net/netlink/genetlink.c:850)
 r5:81ed8f0c r4:84d79c14
[<813b68b8>] (genl_rcv_msg) from [<813b5b6c>] (netlink_rcv_skb+0xc4/0x128 net/netlink/af_netlink.c:2540)
 r9:00000000 r8:82210b94 r7:0000001c r6:84d79c00 r5:813b68b8 r4:83ebcb40
[<813b5aa8>] (netlink_rcv_skb) from [<813b63dc>] (genl_rcv+0x2c/0x3c net/netlink/genetlink.c:861)
 r7:83ebcb40 r6:8515f400 r5:823bfe4c r4:83ebcb40
[<813b63b0>] (genl_rcv) from [<813b50a8>] (netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline])
[<813b63b0>] (genl_rcv) from [<813b50a8>] (netlink_unicast+0x254/0x388 net/netlink/af_netlink.c:1345)
 r5:82930064 r4:82930000
[<813b4e54>] (netlink_unicast) from [<813b53f0>] (netlink_sendmsg+0x214/0x4a8 net/netlink/af_netlink.c:1921)
 r10:00000000 r9:00000000 r8:8515f400 r7:0000001c r6:83ebcb40 r5:eb161f38
 r4:0000001c
[<813b51dc>] (netlink_sendmsg) from [<8128ff6c>] (sock_sendmsg_nosec net/socket.c:714 [inline])
[<813b51dc>] (netlink_sendmsg) from [<8128ff6c>] (sock_sendmsg+0x3c/0x4c net/socket.c:734)
 r10:eb161ddc r9:00000000 r8:00000000 r7:00000000 r6:84637400 r5:84637400
 r4:eb161f38
[<8128ff30>] (sock_sendmsg) from [<81290d50>] (____sys_sendmsg+0x20c/0x2a4 net/socket.c:2482)
 r5:00000000 r4:eb161f38
[<81290b44>] (____sys_sendmsg) from [<81292a04>] (___sys_sendmsg+0x74/0xac net/socket.c:2536)
 r10:00000128 r9:83f28b80 r8:00000000 r7:00000000 r6:84637400 r5:eb161f38
 r4:00000000
[<81292990>] (___sys_sendmsg) from [<81292e58>] (__sys_sendmsg net/socket.c:2565 [inline])
[<81292990>] (___sys_sendmsg) from [<81292e58>] (__do_sys_sendmsg net/socket.c:2574 [inline])
[<81292990>] (___sys_sendmsg) from [<81292e58>] (sys_sendmsg+0x58/0xa0 net/socket.c:2572)
 r8:80200288 r7:00000128 r6:00000000 r5:20000140 r4:84637400
[<81292e00>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:64)
Exception stack(0xeb161fa8 to 0xeb161ff0)
1fa0:                   00000000 00000000 00000006 20000140 00000000 00000000
1fc0: 00000000 00000000 0014c2c0 00000128 7e8283d2 76aed6d0 7e828544 76aed20c
1fe0: 76aed020 76aed010 000164dc 0004d5a0
 r6:0014c2c0 r5:00000000 r4:00000000
Code: 0a00003b e59f06a8 eb52dc03 e1a0a000 (e5990000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a00003b 	beq	0xf4
   4:	e59f06a8 	ldr	r0, [pc, #1704]	; 0x6b4
   8:	eb52dc03 	bl	0x14b701c
   c:	e1a0a000 	mov	sl, r0
* 10:	e5990000 	ldr	r0, [r9] <-- trapping instruction