nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=86791003, *pmd=fe7b6003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 18561 Comm: syz-executor.0 Not tainted 6.1.0-rc6-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __queue_work+0xa0/0x74c kernel/workqueue.c:1459
LR is at 0x82c00000
pc : [<80260410>]    lr : [<82c00000>]    psr: 600f0093
sp : ec449ac8  ip : 82c00024  fp : ec449b0c
r10: 8280e800  r9 : 00000000  r8 : 82446498
r7 : 8220c940  r6 : 00000008  r5 : 86640c00  r4 : 850b485c
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 8280e800
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 850a62c0  DAC: fffffffd
Register r0 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-2k start 850b4800 pointer offset 92 size 2048
Register r5 information: slab kmalloc-512 start 86640c00 pointer offset 0 size 512
Register r6 information: non-paged memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r11 information: 2-page vmalloc region starting at 0xec448000 allocated at kernel_clone+0x9c/0x3f4 kernel/fork.c:2671
Register r12 information: slab radix_tree_node start 82c00000 pointer offset 36
Process syz-executor.0 (pid: 18561, stack limit = 0xec448000)
Stack: (0xec449ac8 to 0xec44a000)
9ac0:                   80275518 802a0f38 820a235c 84c1b980 0000000c 00000000
9ae0: 800f0013 850b485c 00000008 86640c00 600f0013 ec449b63 8250ca80 8511d174
9b00: ec449b2c ec449b10 80260b0c 8026037c 842fa240 850b4800 00000000 00000001
9b20: ec449b5c ec449b30 816dfb40 80260ac8 81690480 00000100 00000122 850b4800
9b40: 850b48d8 000001f4 816dfbc0 00000000 ec449b74 ec449b60 816dfbf4 816dfa9c
9b60: 0150ca80 7e8ce633 ec449b94 ec449b78 816de780 816dfbcc 850b4800 81ed5f0c
9b80: 850b4818 850b48c4 ec449bbc ec449b98 816dedf8 816de758 ec449bbc 7e8ce633
9ba0: 8511dc00 81ed5f0c 8511dc5c 85c21b80 ec449bdc ec449bc0 816d30f8 816decec
9bc0: 8511dc00 81ed5f0c 842fa000 85c21b80 ec449bf4 ec449be0 816d46ec 816d3090
9be0: 86640014 81ed5f0c ec449c9c ec449bf8 813bfb44 816d46c8 00000001 61c88647
9c00: 86641000 824d584c 00000113 842fa000 ec449c34 ec449c20 ec449c34 ec449c28
9c20: 8177857c 802745b4 ec449c94 ec449c38 816d46bc 00000000 00000000 00000000
9c40: 81a4afa8 0000001f 03010002 00000000 00000e99 86640000 86640010 86640014
9c60: 85c21b80 8250ca80 00000000 00000000 ec449ca4 7e8ce633 842fa000 813bf97c
9c80: 86640000 0000001c 82210b94 00000000 ec449cec ec449ca0 813bec30 813bf988
9ca0: 82801480 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9cc0: 00000000 00000000 00000000 7e8ce633 842fa000 823c074c 8511d000 842fa000
9ce0: ec449d04 ec449cf0 813bf4a0 813beb78 82930000 82930064 ec449d44 ec449d08
9d00: 813be16c 813bf480 8511d000 0000001c 7fffffff 7e8ce633 ec449d44 0000001c
9d20: ec449f38 842fa000 0000001c 8511d000 00000000 00000000 ec449da4 ec449d48
9d40: 813be4b4 813bdf24 00000000 00000000 86640000 00000000 00000000 86680900
9d60: 00000000 00000e99 00000000 00000000 00000000 7e8ce633 ec449da4 ec449f38
9d80: 84784280 84784280 00000000 00000000 00000000 ec449ddc ec449dbc ec449da8
9da0: 81296298 813be2ac ec449f38 00000000 ec449e2c ec449dc0 812970c4 81296268
9dc0: 80795dc4 80795c40 ec449e38 ec449f48 00000000 00000000 ec449e2c ec449de8
9de0: 81298cd0 80795da4 ec449e38 ec449f48 00000000 00000000 20000180 7e8ce633
9e00: 00000000 00000000 ec449f38 84784280 00000000 00000000 84c1b980 00000128
9e20: ec449f24 ec449e30 81298d78 81296ec4 00000000 8177053c 00000000 200001c0
9e40: 0000001c 84c1b980 ec449f24 ec449e58 80300538 802fc9a4 ec449e6c 00000000
9e60: 80279278 84c1b980 ec449e9c 828fea80 8220c4a4 820aad80 20000013 00000000
9e80: ec449ed8 7e8ce633 828fb8c4 85182288 00000001 85182280 00000000 828fb8c4
9ea0: 828fb8c8 00000001 00000064 ec449eac ec449eac ec449eb4 ec449eb4 84c1b980
9ec0: ec449efc ec449ed0 804cc73c 802ce8c8 00000000 ec449f34 ec449f30 00000000
9ee0: 00000128 80200288 84c1b980 00000128 ec449f0c ec449f00 804cc7b0 7e8ce633
9f00: ec449f24 84784280 20000140 00000000 00000128 80200288 ec449fa4 ec449f28
9f20: 812991cc 81298d10 00000000 00000000 00000001 fffffff7 00000000 00000000
9f40: ec449fa4 ec449f50 01010000 00000000 00000000 ec449e44 00000000 00000000
9f60: 00000000 7e8ce631 00000000 00000000 00000000 00000000 80200288 7e8ce633
9f80: ec449fa4 7e8ce633 00000000 00000000 00000000 0014c2b8 00000000 ec449fa8
9fa0: 80200060 81299180 00000000 00000000 00000006 20000140 00000000 00000000
9fc0: 00000000 00000000 0014c2b8 00000128 7ea333d2 76b416d0 7ea33544 76b4120c
9fe0: 76b41020 76b41010 00016fb4 0004df40 60000010 00000006 00000000 00000000
Backtrace: 
[<80260370>] (__queue_work) from [<80260b0c>] (queue_work_on+0x50/0x5c kernel/workqueue.c:1545)
 r10:8511d174 r9:8250ca80 r8:ec449b63 r7:600f0013 r6:86640c00 r5:00000008
 r4:850b485c
[<80260abc>] (queue_work_on) from [<816dfb40>] (queue_work include/linux/workqueue.h:503 [inline])
[<80260abc>] (queue_work_on) from [<816dfb40>] (nci_send_cmd+0xb0/0x110 net/nfc/nci/core.c:1376)
 r7:00000001 r6:00000000 r5:850b4800 r4:842fa240
[<816dfa90>] (nci_send_cmd) from [<816dfbf4>] (nci_reset_req+0x34/0x5c net/nfc/nci/core.c:166)
 r8:00000000 r7:816dfbc0 r6:000001f4 r5:850b48d8 r4:850b4800
[<816dfbc0>] (nci_reset_req) from [<816de780>] (__nci_request+0x34/0xd8 net/nfc/nci/core.c:107)
[<816de74c>] (__nci_request) from [<816dedf8>] (nci_open_device net/nfc/nci/core.c:502 [inline])
[<816de74c>] (__nci_request) from [<816dedf8>] (nci_dev_up+0x118/0x1f8 net/nfc/nci/core.c:631)
 r7:850b48c4 r6:850b4818 r5:81ed5f0c r4:850b4800
[<816dece0>] (nci_dev_up) from [<816d30f8>] (nfc_dev_up+0x74/0x11c net/nfc/core.c:118)
 r7:85c21b80 r6:8511dc5c r5:81ed5f0c r4:8511dc00
[<816d3084>] (nfc_dev_up) from [<816d46ec>] (nfc_genl_dev_up+0x30/0x58 net/nfc/netlink.c:770)
 r7:85c21b80 r6:842fa000 r5:81ed5f0c r4:8511dc00
[<816d46bc>] (nfc_genl_dev_up) from [<813bfb44>] (genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline])
[<816d46bc>] (nfc_genl_dev_up) from [<813bfb44>] (genl_family_rcv_msg net/netlink/genetlink.c:833 [inline])
[<816d46bc>] (nfc_genl_dev_up) from [<813bfb44>] (genl_rcv_msg+0x1c8/0x3f4 net/netlink/genetlink.c:850)
 r5:81ed5f0c r4:86640014
[<813bf97c>] (genl_rcv_msg) from [<813bec30>] (netlink_rcv_skb+0xc4/0x128 net/netlink/af_netlink.c:2540)
 r9:00000000 r8:82210b94 r7:0000001c r6:86640000 r5:813bf97c r4:842fa000
[<813beb6c>] (netlink_rcv_skb) from [<813bf4a0>] (genl_rcv+0x2c/0x3c net/netlink/genetlink.c:861)
 r7:842fa000 r6:8511d000 r5:823c074c r4:842fa000
[<813bf474>] (genl_rcv) from [<813be16c>] (netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline])
[<813bf474>] (genl_rcv) from [<813be16c>] (netlink_unicast+0x254/0x388 net/netlink/af_netlink.c:1345)
 r5:82930064 r4:82930000
[<813bdf18>] (netlink_unicast) from [<813be4b4>] (netlink_sendmsg+0x214/0x4a8 net/netlink/af_netlink.c:1921)
 r10:00000000 r9:00000000 r8:8511d000 r7:0000001c r6:842fa000 r5:ec449f38
 r4:0000001c
[<813be2a0>] (netlink_sendmsg) from [<81296298>] (sock_sendmsg_nosec net/socket.c:714 [inline])
[<813be2a0>] (netlink_sendmsg) from [<81296298>] (sock_sendmsg+0x3c/0x4c net/socket.c:734)
 r10:ec449ddc r9:00000000 r8:00000000 r7:00000000 r6:84784280 r5:84784280
 r4:ec449f38
[<8129625c>] (sock_sendmsg) from [<812970c4>] (____sys_sendmsg+0x20c/0x2a4 net/socket.c:2482)
 r5:00000000 r4:ec449f38
[<81296eb8>] (____sys_sendmsg) from [<81298d78>] (___sys_sendmsg+0x74/0xac net/socket.c:2536)
 r10:00000128 r9:84c1b980 r8:00000000 r7:00000000 r6:84784280 r5:ec449f38
 r4:00000000
[<81298d04>] (___sys_sendmsg) from [<812991cc>] (__sys_sendmsg net/socket.c:2565 [inline])
[<81298d04>] (___sys_sendmsg) from [<812991cc>] (__do_sys_sendmsg net/socket.c:2574 [inline])
[<81298d04>] (___sys_sendmsg) from [<812991cc>] (sys_sendmsg+0x58/0xa0 net/socket.c:2572)
 r8:80200288 r7:00000128 r6:00000000 r5:20000140 r4:84784280
[<81299174>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:64)
Exception stack(0xec449fa8 to 0xec449ff0)
9fa0:                   00000000 00000000 00000006 20000140 00000000 00000000
9fc0: 00000000 00000000 0014c2b8 00000128 7ea333d2 76b416d0 7ea33544 76b4120c
9fe0: 76b41020 76b41010 00016fb4 0004df40
 r6:0014c2b8 r5:00000000 r4:00000000
Code: 0a00003b e59f06a8 eb532fab e1a0a000 (e5990000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a00003b 	beq	0xf4
   4:	e59f06a8 	ldr	r0, [pc, #1704]	; 0x6b4
   8:	eb532fab 	bl	0x14cbebc
   c:	e1a0a000 	mov	sl, r0
* 10:	e5990000 	ldr	r0, [r9] <-- trapping instruction