8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=947c1003, *pmd=fe7cb003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 14397 Comm: syz-executor.1 Not tainted 6.1.0-rc6-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __queue_work+0xa0/0x74c kernel/workqueue.c:1459
LR is at 0x82c00000
pc : [<80260410>]    lr : [<82c00000>]    psr: 60000093
sp : e037dac8  ip : 82c00024  fp : e037db0c
r10: 8280e800  r9 : 00000000  r8 : 82446498
r7 : 8220c940  r6 : 00000008  r5 : 8dc0ea00  r4 : 83f9c85c
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 8280e800
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 94693380  DAC: fffffffd
Register r0 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-2k start 83f9c800 pointer offset 92 size 2048
Register r5 information: slab kmalloc-512 start 8dc0ea00 pointer offset 0 size 512
Register r6 information: non-paged memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r11 information: 2-page vmalloc region starting at 0xe037c000 allocated at kernel_clone+0x9c/0x3f4 kernel/fork.c:2671
Register r12 information: slab radix_tree_node start 82c00000 pointer offset 36
Process syz-executor.1 (pid: 14397, stack limit = 0xe037c000)
Stack: (0xe037dac8 to 0xe037e000)
dac0:                   80275518 802a0f38 820a235c 84b02e00 0000002f 00000000
dae0: 80000013 83f9c85c 00000008 8dc0ea00 60000013 e037db63 8250ca80 9445d974
db00: e037db2c e037db10 80260b0c 8026037c 853646c0 83f9c800 00000000 00000001
db20: e037db5c e037db30 816dfb40 80260ac8 81690480 e037dbbc e037dba8 83f9c800
db40: 83f9c8d8 000001f4 816dfbc0 00000000 e037db74 e037db60 816dfbf4 816dfa9c
db60: 01275518 807f8cb8 e037db94 e037db78 816de780 816dfbcc 83f9c800 81ed5f0c
db80: 83f9c818 83f9c8c4 e037dbbc e037db98 816dedf8 816de758 e037dbbc 807f8cb8
dba0: 9445e000 81ed5f0c 9445e05c 8501cc80 e037dbdc e037dbc0 816d30f8 816decec
dbc0: 9445e000 81ed5f0c 85364b40 8501cc80 e037dbf4 e037dbe0 816d46ec 816d3090
dbe0: 8dc0fa14 81ed5f0c e037dc9c e037dbf8 813bfb44 816d46c8 00000001 e037dc08
dc00: 8020d4c4 8020c2fc e037dc34 e037dc18 8020c314 8020d440 00000000 00000001
dc20: 81777ec0 00003cd6 e037dc74 e037dc38 816d46bc 00000000 00000000 00000000
dc40: 81a4afa8 0000001f 03010002 00000000 00000027 8dc0fa00 8dc0fa10 8dc0fa14
dc60: 8501cc80 8250ca80 00000000 00000000 e037dca4 807f8cb8 85364b40 813bf97c
dc80: 8dc0fa00 0000001c 82210b94 00000000 e037dcec e037dca0 813bec30 813bf988
dca0: 82801480 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dcc0: 00000000 00000000 00000000 807f8cb8 85364b40 823c074c 9445d800 85364b40
dce0: e037dd04 e037dcf0 813bf4a0 813beb78 82930000 82930064 e037dd44 e037dd08
dd00: 813be16c 813bf480 9445d800 0000001c 7fffffff 807f8cb8 e037dd44 0000001c
dd20: e037df38 85364b40 0000001c 9445d800 00000000 00000000 e037dda4 e037dd48
dd40: 813be4b4 813bdf24 00000000 00000000 8dc0fa00 00000000 00000000 947c8980
dd60: 00000000 00000027 00000000 00000000 00000000 807f8cb8 e037dda4 e037df38
dd80: 8353ef00 8353ef00 00000000 00000000 00000000 e037dddc e037ddbc e037dda8
dda0: 81296298 813be2ac e037df38 00000000 e037de2c e037ddc0 812970c4 81296268
ddc0: 80795dc4 80795c40 e037de38 e037df48 00000000 00000000 e037de2c e037dde8
dde0: 81298cd0 80795da4 e037de38 e037df48 00000000 00000000 20000180 807f8cb8
de00: 00000000 00000000 e037df38 8353ef00 00000000 00000000 84b02e00 00000128
de20: e037df24 e037de30 81298d78 81296ec4 00000000 8177053c 00000000 200001c0
de40: 0000001c 84b02e00 e037df24 e037de58 80300538 802fc9a4 e037de6c 00000000
de60: dddd5640 84b02e00 804a9a84 828f9f00 e037de8c e037de80 8176e574 8176e460
de80: 00000000 e037dee0 e037ded4 e037de98 802fbff8 808115c0 00088019 846ce110
dea0: 8d41c510 807f8cb8 00000064 e037deac e037deac e037deb4 e037deb4 84b02e00
dec0: e037defc e037ded0 804cc73c 802ce8c8 00000000 e037df34 e037df30 00000000
dee0: 00000128 80200288 84b02e00 00000128 e037df0c e037df00 804cc7b0 807f8cb8
df00: e037df24 8353ef00 20000140 00000000 00000128 80200288 e037dfa4 e037df28
df20: 812991cc 81298d10 00000000 00000000 00000001 fffffff7 00000000 00000000
df40: e037dfa4 e037df50 01010000 00000000 00000000 e037de44 00000000 00000000
df60: 00000000 e037df71 00000000 00000000 00000000 00000000 0000000e 807f8cb8
df80: 80200288 807f8cb8 00000000 00000000 00000000 0014c348 00000000 e037dfa8
dfa0: 80200060 81299180 00000000 00000000 00000009 20000140 00000000 00000000
dfc0: 00000000 00000000 0014c348 00000128 7e9f73d2 76b936d0 7e9f7544 76b9320c
dfe0: 76b93020 76b93010 00016fb4 0004df40 60000010 00000009 00000000 00000000
Backtrace: 
[<80260370>] (__queue_work) from [<80260b0c>] (queue_work_on+0x50/0x5c kernel/workqueue.c:1545)
 r10:9445d974 r9:8250ca80 r8:e037db63 r7:60000013 r6:8dc0ea00 r5:00000008
 r4:83f9c85c
[<80260abc>] (queue_work_on) from [<816dfb40>] (queue_work include/linux/workqueue.h:503 [inline])
[<80260abc>] (queue_work_on) from [<816dfb40>] (nci_send_cmd+0xb0/0x110 net/nfc/nci/core.c:1376)
 r7:00000001 r6:00000000 r5:83f9c800 r4:853646c0
[<816dfa90>] (nci_send_cmd) from [<816dfbf4>] (nci_reset_req+0x34/0x5c net/nfc/nci/core.c:166)
 r8:00000000 r7:816dfbc0 r6:000001f4 r5:83f9c8d8 r4:83f9c800
[<816dfbc0>] (nci_reset_req) from [<816de780>] (__nci_request+0x34/0xd8 net/nfc/nci/core.c:107)
[<816de74c>] (__nci_request) from [<816dedf8>] (nci_open_device net/nfc/nci/core.c:502 [inline])
[<816de74c>] (__nci_request) from [<816dedf8>] (nci_dev_up+0x118/0x1f8 net/nfc/nci/core.c:631)
 r7:83f9c8c4 r6:83f9c818 r5:81ed5f0c r4:83f9c800
[<816dece0>] (nci_dev_up) from [<816d30f8>] (nfc_dev_up+0x74/0x11c net/nfc/core.c:118)
 r7:8501cc80 r6:9445e05c r5:81ed5f0c r4:9445e000
[<816d3084>] (nfc_dev_up) from [<816d46ec>] (nfc_genl_dev_up+0x30/0x58 net/nfc/netlink.c:770)
 r7:8501cc80 r6:85364b40 r5:81ed5f0c r4:9445e000
[<816d46bc>] (nfc_genl_dev_up) from [<813bfb44>] (genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline])
[<816d46bc>] (nfc_genl_dev_up) from [<813bfb44>] (genl_family_rcv_msg net/netlink/genetlink.c:833 [inline])
[<816d46bc>] (nfc_genl_dev_up) from [<813bfb44>] (genl_rcv_msg+0x1c8/0x3f4 net/netlink/genetlink.c:850)
 r5:81ed5f0c r4:8dc0fa14
[<813bf97c>] (genl_rcv_msg) from [<813bec30>] (netlink_rcv_skb+0xc4/0x128 net/netlink/af_netlink.c:2540)
 r9:00000000 r8:82210b94 r7:0000001c r6:8dc0fa00 r5:813bf97c r4:85364b40
[<813beb6c>] (netlink_rcv_skb) from [<813bf4a0>] (genl_rcv+0x2c/0x3c net/netlink/genetlink.c:861)
 r7:85364b40 r6:9445d800 r5:823c074c r4:85364b40
[<813bf474>] (genl_rcv) from [<813be16c>] (netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline])
[<813bf474>] (genl_rcv) from [<813be16c>] (netlink_unicast+0x254/0x388 net/netlink/af_netlink.c:1345)
 r5:82930064 r4:82930000
[<813bdf18>] (netlink_unicast) from [<813be4b4>] (netlink_sendmsg+0x214/0x4a8 net/netlink/af_netlink.c:1921)
 r10:00000000 r9:00000000 r8:9445d800 r7:0000001c r6:85364b40 r5:e037df38
 r4:0000001c
[<813be2a0>] (netlink_sendmsg) from [<81296298>] (sock_sendmsg_nosec net/socket.c:714 [inline])
[<813be2a0>] (netlink_sendmsg) from [<81296298>] (sock_sendmsg+0x3c/0x4c net/socket.c:734)
 r10:e037dddc r9:00000000 r8:00000000 r7:00000000 r6:8353ef00 r5:8353ef00
 r4:e037df38
[<8129625c>] (sock_sendmsg) from [<812970c4>] (____sys_sendmsg+0x20c/0x2a4 net/socket.c:2482)
 r5:00000000 r4:e037df38
[<81296eb8>] (____sys_sendmsg) from [<81298d78>] (___sys_sendmsg+0x74/0xac net/socket.c:2536)
 r10:00000128 r9:84b02e00 r8:00000000 r7:00000000 r6:8353ef00 r5:e037df38
 r4:00000000
[<81298d04>] (___sys_sendmsg) from [<812991cc>] (__sys_sendmsg net/socket.c:2565 [inline])
[<81298d04>] (___sys_sendmsg) from [<812991cc>] (__do_sys_sendmsg net/socket.c:2574 [inline])
[<81298d04>] (___sys_sendmsg) from [<812991cc>] (sys_sendmsg+0x58/0xa0 net/socket.c:2572)
 r8:80200288 r7:00000128 r6:00000000 r5:20000140 r4:8353ef00
[<81299174>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:64)
Exception stack(0xe037dfa8 to 0xe037dff0)
dfa0:                   00000000 00000000 00000009 20000140 00000000 00000000
dfc0: 00000000 00000000 0014c348 00000128 7e9f73d2 76b936d0 7e9f7544 76b9320c
dfe0: 76b93020 76b93010 00016fb4 0004df40
 r6:0014c348 r5:00000000 r4:00000000
Code: 0a00003b e59f06a8 eb532fab e1a0a000 (e5990000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a00003b 	beq	0xf4
   4:	e59f06a8 	ldr	r0, [pc, #1704]	; 0x6b4
   8:	eb532fab 	bl	0x14cbebc
   c:	e1a0a000 	mov	sl, r0
* 10:	e5990000 	ldr	r0, [r9] <-- trapping instruction