8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=80000080004003, *pmd=00000000
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __queue_work+0xa0/0x74c kernel/workqueue.c:1459
LR is at 0x82c00000
pc : [<80260410>]    lr : [<82c00000>]    psr: 60000193
sp : 82201cd0  ip : 82c00024  fp : 82201d14
r10: 8280e800  r9 : 00000000  r8 : 82446498
r7 : 8220c940  r6 : 00000008  r5 : 852c9400  r4 : 849b305c
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 8280e800
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84b5f880  DAC: fffffffd
Register r0 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-2k start 849b3000 pointer offset 92 size 2048
Register r5 information: slab kmalloc-512 start 852c9400 pointer offset 0 size 512
Register r6 information: non-paged memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r11 information: non-slab/vmalloc memory
Register r12 information: slab radix_tree_node start 82c00000 pointer offset 36
Process swapper/0 (pid: 0, stack limit = 0x82200000)
Stack: (0x82201cd0 to 0x82202000)
1cc0:                                     80279278 802745b4 820a235c 8221aec0
1ce0: 00000029 00000000 20000113 849b305c 00000008 852c9400 20000113 00000101
1d00: 00005f50 dddcc900 82201d34 82201d18 80260b0c 8026037c 849b3030 816def8c
1d20: 8221aec0 816def8c 82201d44 82201d38 816defb4 80260ac8 82201d7c 82201d48
1d40: 802e4f18 816def98 0000007e dddcc900 802e407c abbf0ff6 849b3030 816def8c
1d60: 82201da0 823d9d10 00005f50 8221aec0 82201dec 82201d80 802e5454 802e4ef4
1d80: 8221aec0 82204d40 8220c5d8 8220c498 00000002 00000000 8221aec0 85578708
1da0: 00000000 82201db0 8029b138 802fab28 82201dec 82201dc0 80293fc8 abbf0ff6
1dc0: 82204084 82204084 00000002 00000001 82201ea0 00000082 00000101 8221aec0
1de0: 82201e5c 82201df0 8020133c 802e512c 8176e334 8176e220 04200002 82204d40
1e00: 00005f51 81eba81c 820a2344 0000000a 820aaa00 823d843a 823d94a0 8220c5d8
1e20: 8220c498 81ea8ef0 820a23d0 82204080 8176e354 820aaa00 81eba81c 81eba804
1e40: 82201ea0 00000000 8221aec0 823d84b4 82201e74 82201e60 80249f48 802011dc
1e60: 820aa9dc 81eba81c 82201e9c 82201e78 8176d898 80249eb8 80208f00 60000013
1e80: ffffffff 82201ed4 00000000 8221aec0 82201efc 82201ea0 80200b34 8176d828
1ea0: 00000000 00000000 002a4f71 8021c220 8221aec0 00000000 8221aec0 8220c5d8
1ec0: 00000000 00000000 823d84b4 82201efc 82201f00 82201ef0 80208efc 80208f00
1ee0: 60000013 ffffffff 8176dbdc 8176dadc 82201f1c 82201f00 81777ae4 80208ecc
1f00: 00000000 8220c498 8221aec0 8220c5d8 82201f5c 82201f20 8028e944 81777ab8
1f20: 81cf0d7c 820a9a78 8220c440 abbf0ff6 00000000 000000ec 82225a6c 8220c440
1f40: deffc0c0 00000000 8221a9f4 82445000 82201f6c 82201f60 8028ece8 8028e738
1f60: 82201f84 82201f70 8176e430 8028ecd4 82445068 00000022 82201f94 82201f88
1f80: 82000bb8 8176e364 82201ff4 82201f98 8200134c 82000bb4 00000000 00000000
1fa0: 00000000 00000000 ffffffff 00000000 00000000 81e13440 00000000 82081a70
1fc0: abb90ef6 00000000 00000000 82000420 00000000 30c0387d 000008e0 88000000
1fe0: 412fc0f1 30c5387d 00000000 82201ff8 00000000 82000c24 00000000 00000000
Backtrace: 
[<80260370>] (__queue_work) from [<80260b0c>] (queue_work_on+0x50/0x5c kernel/workqueue.c:1545)
 r10:dddcc900 r9:00005f50 r8:00000101 r7:20000113 r6:852c9400 r5:00000008
 r4:849b305c
[<80260abc>] (queue_work_on) from [<816defb4>] (queue_work include/linux/workqueue.h:503 [inline])
[<80260abc>] (queue_work_on) from [<816defb4>] (nci_cmd_timer+0x28/0x2c net/nfc/nci/core.c:615)
 r7:816def8c r6:8221aec0 r5:816def8c r4:849b3030
[<816def8c>] (nci_cmd_timer) from [<802e4f18>] (call_timer_fn+0x30/0x238 kernel/time/timer.c:1474)
[<802e4ee8>] (call_timer_fn) from [<802e5454>] (expire_timers kernel/time/timer.c:1519 [inline])
[<802e4ee8>] (call_timer_fn) from [<802e5454>] (__run_timers kernel/time/timer.c:1790 [inline])
[<802e4ee8>] (call_timer_fn) from [<802e5454>] (run_timer_softirq+0x334/0x470 kernel/time/timer.c:1803)
 r9:8221aec0 r8:00005f50 r7:823d9d10 r6:82201da0 r5:816def8c r4:849b3030
[<802e5120>] (run_timer_softirq) from [<8020133c>] (__do_softirq+0x16c/0x498 kernel/softirq.c:571)
 r10:8221aec0 r9:00000101 r8:00000082 r7:82201ea0 r6:00000001 r5:00000002
 r4:82204084
[<802011d0>] (__do_softirq) from [<80249f48>] (invoke_softirq kernel/softirq.c:445 [inline])
[<802011d0>] (__do_softirq) from [<80249f48>] (__irq_exit_rcu kernel/softirq.c:650 [inline])
[<802011d0>] (__do_softirq) from [<80249f48>] (__irq_exit_rcu kernel/softirq.c:640 [inline])
[<802011d0>] (__do_softirq) from [<80249f48>] (irq_exit+0x9c/0xe8 kernel/softirq.c:674)
 r10:823d84b4 r9:8221aec0 r8:00000000 r7:82201ea0 r6:81eba804 r5:81eba81c
 r4:820aaa00
[<80249eac>] (irq_exit) from [<8176d898>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240)
 r5:81eba81c r4:820aa9dc
[<8176d81c>] (generic_handle_arch_irq) from [<80200b34>] (__irq_svc+0x74/0xac arch/arm/kernel/entry-armv.S:221)
Exception stack(0x82201ea0 to 0x82201ee8)
1ea0: 00000000 00000000 002a4f71 8021c220 8221aec0 00000000 8221aec0 8220c5d8
1ec0: 00000000 00000000 823d84b4 82201efc 82201f00 82201ef0 80208efc 80208f00
1ee0: 60000013 ffffffff
 r9:8221aec0 r8:00000000 r7:82201ed4 r6:ffffffff r5:60000013 r4:80208f00
[<80208ec0>] (arch_cpu_idle) from [<81777ae4>] (default_idle_call+0x38/0x1b4 kernel/sched/idle.c:109)
[<81777aac>] (default_idle_call) from [<8028e944>] (cpuidle_idle_call kernel/sched/idle.c:191 [inline])
[<81777aac>] (default_idle_call) from [<8028e944>] (do_idle+0x218/0x2a0 kernel/sched/idle.c:303)
 r7:8220c5d8 r6:8221aec0 r5:8220c498 r4:00000000
[<8028e72c>] (do_idle) from [<8028ece8>] (cpu_startup_entry+0x20/0x24 kernel/sched/idle.c:400)
 r10:82445000 r9:8221a9f4 r8:00000000 r7:deffc0c0 r6:8220c440 r5:82225a6c
 r4:000000ec
[<8028ecc8>] (cpu_startup_entry) from [<8176e430>] (rest_init+0xd8/0xdc init/main.c:729)
[<8176e358>] (rest_init) from [<82000bb8>] (arch_post_acpi_subsys_init+0x0/0x20 init/main.c:890)
 r5:00000022 r4:82445068
[<82000ba8>] (arch_call_rest_init) from [<8200134c>] (start_kernel+0x734/0x78c init/main.c:1145)
[<82000c18>] (start_kernel) from [<00000000>] (0x0)
Code: 0a00003b e59f06a8 eb532f1b e1a0a000 (e5990000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a00003b 	beq	0xf4
   4:	e59f06a8 	ldr	r0, [pc, #1704]	; 0x6b4
   8:	eb532f1b 	bl	0x14cbc7c
   c:	e1a0a000 	mov	sl, r0
* 10:	e5990000 	ldr	r0, [r9] <-- trapping instruction