8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
[00000000] *pgd=84b5e003, *pmd=e6b3f003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 3529 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at page_zonenum include/linux/mmzone.h:1086 [inline]
PC is at __kmap_local_page_prot+0xc/0x74 mm/highmem.c:573
LR is at kmap_local_page include/linux/highmem-internal.h:73 [inline]
LR is at copy_page_to_iter+0xf8/0x184 lib/iov_iter.c:479
pc : [<80464c78>]    lr : [<807d7024>]    psr: 60000013
sp : dfb15d28  ip : dfb15d38  fp : dfb15d34
r10: 00000018  r9 : 828544e8  r8 : 00000000
r7 : 00000000  r6 : 00000000  r5 : 00000000  r4 : 8a1cb400
r3 : 00c00000  r2 : 0000071f  r1 : 00000000  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 8b45a7c0  DAC: fffffffd
Register r0 information: NULL pointer
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: slab kmalloc-1k start 8a1cb400 pointer offset 0 size 1024
Register r5 information: NULL pointer
Register r6 information: NULL pointer
Register r7 information: NULL pointer
Register r8 information: NULL pointer
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdfb14000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Register r12 information: 2-page vmalloc region starting at 0xdfb14000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Process syz-executor.0 (pid: 3529, stack limit = 0xdfb14000)
Stack: (0xdfb15d28 to 0xdfb16000)
5d20:                   dfb15d6c dfb15d38 807d7024 80464c78 dfb15d5c dfb15e98
5d40: 8024bc7c 8a1cb400 8a1cb400 00000000 00000000 00000000 00033fe0 00000018
5d60: dfb15dbc dfb15d70 813c63cc 807d6f38 8183c860 a3e6e970 88c08800 88c088d0
5d80: 82ee8900 88c088d8 dfb15e98 00000002 00000000 82ee8900 00033fe0 88c08800
5da0: 83ec3ac0 00000000 40000002 00000000 dfb15e2c dfb15dc0 815e0a34 813c62e8
5dc0: 40000002 00000002 dfb15dd4 00000000 00000000 00000000 82ee89a8 88c088ec
5de0: 82ee8b3c dfb15e88 00000000 00000000 00000000 00000000 00000000 215b70d6
5e00: 00000000 815e08e4 dfb15e88 84e70c80 40000002 00000000 00000000 00033fe0
5e20: dfb15e4c dfb15e30 815dfd74 815e08f0 00000000 40000002 00000000 815dfd3c
5e40: dfb15e6c dfb15e50 8133d1b8 815dfd48 00000000 40000002 84e70c80 dfb15edc
5e60: dfb15f8c dfb15e70 8133f81c 8133d174 dfb15e98 83ec3ac0 fffffff7 00000001
5e80: 00000000 00000000 00000000 00000000 00000000 00000000 00000005 00000001
5ea0: 00000000 200003c0 00033fe0 00000000 00000001 00000000 00000000 00000000
5ec0: 00000000 00000000 00000000 00000000 00000000 00000000 dfb15f04 00000000
5ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5f40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 215b70d6
5f60: 8261c9e8 00000000 00000000 0014c2cc 00000124 80200288 83ec3ac0 00000124
5f80: dfb15fa4 dfb15f90 8133f8b8 8133f750 00000000 00000000 00000000 dfb15fa8
5fa0: 80200060 8133f8a8 00000000 00000000 00000003 200003c0 00033fe0 40000002
5fc0: 00000000 00000000 0014c2cc 00000124 7ef7032e 7ef7032f 003d0f00 76b990fc
5fe0: 76b98f08 76b98ef8 00016680 000509d0 60000010 00000003 00000000 00000000
Backtrace: 
[<80464c6c>] (__kmap_local_page_prot) from [<807d7024>] (kmap_local_page include/linux/highmem-internal.h:73 [inline])
[<80464c6c>] (__kmap_local_page_prot) from [<807d7024>] (copy_page_to_iter+0xf8/0x184 lib/iov_iter.c:479)
[<807d6f2c>] (copy_page_to_iter) from [<813c63cc>] (sk_msg_recvmsg+0xf0/0x3cc net/core/skmsg.c:437)
 r10:00000018 r9:00033fe0 r8:00000000 r7:00000000 r6:00000000 r5:8a1cb400
 r4:8a1cb400
[<813c62dc>] (sk_msg_recvmsg) from [<815e0a34>] (unix_bpf_recvmsg net/unix/unix_bpf.c:73 [inline])
[<813c62dc>] (sk_msg_recvmsg) from [<815e0a34>] (unix_bpf_recvmsg+0x150/0x444 net/unix/unix_bpf.c:50)
 r10:00000000 r9:40000002 r8:00000000 r7:83ec3ac0 r6:88c08800 r5:00033fe0
 r4:82ee8900
[<815e08e4>] (unix_bpf_recvmsg) from [<815dfd74>] (unix_dgram_recvmsg+0x38/0x4c net/unix/af_unix.c:2457)
 r10:00033fe0 r9:00000000 r8:00000000 r7:40000002 r6:84e70c80 r5:dfb15e88
 r4:815e08e4
[<815dfd3c>] (unix_dgram_recvmsg) from [<8133d1b8>] (sock_recvmsg_nosec net/socket.c:1044 [inline])
[<815dfd3c>] (unix_dgram_recvmsg) from [<8133d1b8>] (sock_recvmsg+0x50/0x78 net/socket.c:1066)
 r4:815dfd3c
[<8133d168>] (sock_recvmsg) from [<8133f81c>] (__sys_recvfrom+0xd8/0x158 net/socket.c:2246)
 r7:dfb15edc r6:84e70c80 r5:40000002 r4:00000000
[<8133f744>] (__sys_recvfrom) from [<8133f8b8>] (__do_sys_recvfrom net/socket.c:2264 [inline])
[<8133f744>] (__sys_recvfrom) from [<8133f8b8>] (sys_recvfrom+0x1c/0x24 net/socket.c:2260)
 r10:00000124 r9:83ec3ac0 r8:80200288 r7:00000124 r6:0014c2cc r5:00000000
 r4:00000000
[<8133f89c>] (sys_recvfrom) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdfb15fa8 to 0xdfb15ff0)
5fa0:                   00000000 00000000 00000003 200003c0 00033fe0 40000002
5fc0: 00000000 00000000 0014c2cc 00000124 7ef7032e 7ef7032f 003d0f00 76b990fc
5fe0: 76b98f08 76b98ef8 00016680 000509d0
Code: eaffffe8 e1a0c00d e92dd800 e24cb004 (e5901000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	eaffffe8 	b	0xffffffa8
   4:	e1a0c00d 	mov	ip, sp
   8:	e92dd800 	push	{fp, ip, lr, pc}
   c:	e24cb004 	sub	fp, ip, #4
* 10:	e5901000 	ldr	r1, [r0] <-- trapping instruction