BUG: sleeping function called from invalid context at arch/arm64/mm/fault.c:603
in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 3371, name: syz-executor.1
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
6 locks held by syz-executor.1/3371:
 #0: ffff80000d8c6268 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 net/netlink/genetlink.c:860
 #1: ffff80000d8c6178 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
 #1: ffff80000d8c6178 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x80/0x4f4 net/netlink/genetlink.c:848
 #2: ffff0001148a7900 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #2: ffff0001148a7900 (&dev->mutex){....}-{3:3}, at: nfc_dev_up+0x30/0x1b0 net/nfc/core.c:95
 #3: ffff0001148a4b50 (&ndev->req_lock){+.+.}-{3:3}, at: nci_open_device+0x40/0x518 net/nfc/nci/core.c:477
 #4: ffff80000d4d4640 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:303
 #5: ffff00010f75c148 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #5: ffff00010f75c148 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:593
irq event stamp: 64
hardirqs last  enabled at (63): [<ffff80000c0b7c04>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (63): [<ffff80000c0b7c04>] _raw_spin_unlock_irqrestore+0x48/0x8c kernel/locking/spinlock.c:194
hardirqs last disabled at (64): [<ffff80000812fd60>] queue_work_on+0x78/0x15c kernel/workqueue.c:1542
softirqs last  enabled at (8): [<ffff80000801c38c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (6): [<ffff80000801c358>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 1 PID: 3371 Comm: syz-executor.1 Not tainted 6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __might_resched+0x208/0x218 kernel/sched/core.c:9890
 __might_sleep+0x48/0x78 kernel/sched/core.c:9819
 do_page_fault+0x214/0x79c arch/arm64/mm/fault.c:603
 do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:695
 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:831
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
 __queue_work+0x3c4/0x8b4 kernel/workqueue.c:1458
 queue_work_on+0xb0/0x15c kernel/workqueue.c:1545
 queue_work include/linux/workqueue.h:503 [inline]
 nci_send_cmd+0xe8/0x154 net/nfc/nci/core.c:1376
 nci_reset_req net/nfc/nci/core.c:166 [inline]
 __nci_request net/nfc/nci/core.c:107 [inline]
 nci_open_device+0x168/0x518 net/nfc/nci/core.c:502
 nci_dev_up+0x20/0x30 net/nfc/nci/core.c:631
 nfc_dev_up+0xcc/0x1b0 net/nfc/core.c:118
 nfc_genl_dev_up+0x40/0x78 net/nfc/netlink.c:770
 genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
 genl_rcv_msg+0x458/0x4f4 net/netlink/genetlink.c:850
 netlink_rcv_skb+0xe8/0x1d4 net/netlink/af_netlink.c:2540
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
 netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
 netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
 ___sys_sendmsg net/socket.c:2536 [inline]
 __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
 __do_sys_sendmsg net/socket.c:2574 [inline]
 __se_sys_sendmsg net/socket.c:2572 [inline]
 __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=00000001500c0000
[0000000000000000] pgd=0800000153f66003, p4d=0800000153f66003, pud=08000001556c5003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3371 Comm: syz-executor.1 Tainted: G        W          6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __queue_work+0x3c4/0x8b4
lr : __queue_work+0x3c4/0x8b4 kernel/workqueue.c:1458
sp : ffff800020afb710
x29: ffff800020afb710 x28: 0000000000000001 x27: ffff80000d3a9000
x26: ffff80000d3ad050 x25: ffff80000d2fe008 x24: ffff80000db54000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff0000c7d87400
x20: 0000000000000008 x19: ffff0001148a48f8 x18: 00000000000000cc
x17: 0000000000000000 x16: ffff80000dc18158 x15: ffff000115253480
x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000
x11: 0000000000000ae0 x10: ffff80001dbce000 x9 : ffff80000c07dfe4
x8 : 0000000000000ae1 x7 : ffff80000813bae8 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff0000c0014c00
Call trace:
 __queue_work+0x3c4/0x8b4 kernel/workqueue.c:1458
 queue_work_on+0xb0/0x15c kernel/workqueue.c:1545
 queue_work include/linux/workqueue.h:503 [inline]
 nci_send_cmd+0xe8/0x154 net/nfc/nci/core.c:1376
 nci_reset_req net/nfc/nci/core.c:166 [inline]
 __nci_request net/nfc/nci/core.c:107 [inline]
 nci_open_device+0x168/0x518 net/nfc/nci/core.c:502
 nci_dev_up+0x20/0x30 net/nfc/nci/core.c:631
 nfc_dev_up+0xcc/0x1b0 net/nfc/core.c:118
 nfc_genl_dev_up+0x40/0x78 net/nfc/netlink.c:770
 genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
 genl_rcv_msg+0x458/0x4f4 net/netlink/genetlink.c:850
 netlink_rcv_skb+0xe8/0x1d4 net/netlink/af_netlink.c:2540
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
 netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
 netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg net/socket.c:734 [inline]
 ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
 ___sys_sendmsg net/socket.c:2536 [inline]
 __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
 __do_sys_sendmsg net/socket.c:2574 [inline]
 __se_sys_sendmsg net/socket.c:2572 [inline]
 __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: 94001384 aa0003f7 aa1303e0 9400144a (f94002f8) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	94001384 	bl	0x4e10
   4:	aa0003f7 	mov	x23, x0
   8:	aa1303e0 	mov	x0, x19
   c:	9400144a 	bl	0x5134
* 10:	f94002f8 	ldr	x24, [x23] <-- trapping instruction