8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
[00000000] *pgd=88a9c003, *pmd=df692003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 17402 Comm: syz-executor.1 Not tainted 6.8.0-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at page_zonenum include/linux/mmzone.h:1100 [inline]
PC is at __kmap_local_page_prot+0xc/0x74 mm/highmem.c:573
LR is at kmap_local_page include/linux/highmem-internal.h:73 [inline]
LR is at copy_page_to_iter+0xf8/0x184 lib/iov_iter.c:360
pc : [<804777ec>]    lr : [<807e69c4>]    psr: 60000013
sp : df9edc00  ip : df9edc10  fp : df9edc0c
r10: 00000018  r9 : 828574e8  r8 : 00000000
r7 : 00000000  r6 : 00000000  r5 : 00000000  r4 : 850e8000
r3 : 00c00000  r2 : 0000071f  r1 : 00000000  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85044800  DAC: 00000000
Register r0 information: NULL pointer
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: slab kmalloc-1k start 850e8000 pointer offset 0 size 1024
Register r5 information: NULL pointer
Register r6 information: NULL pointer
Register r7 information: NULL pointer
Register r8 information: NULL pointer
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdf9ec000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Register r12 information: 2-page vmalloc region starting at 0xdf9ec000 allocated at kernel_clone+0xac/0x3cc kernel/fork.c:2796
Process syz-executor.1 (pid: 17402, stack limit = 0xdf9ec000)
Stack: (0xdf9edc00 to 0xdf9ee000)
dc00: df9edc44 df9edc10 807e69c4 804777ec df9edc34 df9edef0 8024c680 850e8000
dc20: 850e8000 00000000 00000001 00000000 0000002d 00000018 df9edc94 df9edc48
dc40: 813fa09c 807e68d8 00000000 ddde4280 83825e00 83825ed0 83524c00 83825ed8
dc60: df9edef0 00000000 00000002 83524c00 0000002d 83825e00 84c86000 00000000
dc80: 00000000 00000000 df9edd04 df9edc98 8161c79c 813f9fb8 00000000 8027ad68
dca0: 8161b828 20000013 df9edd24 df9edcb8 83524c88 83825eec 83524e34 df9edee0
dcc0: 0000002d 00000000 8161b800 df9edee0 833cc280 18267ea4 00000000 8161c64c
dce0: df9edee0 833cc280 00000000 00000000 00000000 df9edd54 df9edd24 df9edd08
dd00: 8161b838 8161c658 00000000 00000000 00000000 8161b800 df9edd44 df9edd28
dd20: 8136a934 8161b80c df9edee0 833cc280 20000d00 00000000 df9ede04 df9edd48
dd40: 8136ab34 8136a8f0 00000000 00000000 00000001 00000000 00000000 00000000
dd60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dd80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dda0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ddc0: 00000000 00000000 00000000 00000000 00000000 18267ea4 00000000 00000000
dde0: df9edee0 20000d00 00000000 833cc280 84c86000 00000001 df9ede84 df9ede08
de00: 8136da78 8136aab0 00000000 00000000 81a02940 00000000 00000000 20000040
de20: 0000002d 00000000 00000000 00000000 00000000 00000000 00000000 00000000
de40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 18267ea4
de60: df9ede84 df9edec0 20000d00 00000000 00000000 00000000 df9edf5c df9ede88
de80: 8136dba0 8136d9fc 00000000 df9ede98 80897a30 833cc280 00000001 00000000
dea0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dec0: 000f4240 df9eded8 00050bc0 00000000 00000000 00000000 df9edf04 df9edee8
dee0: df9edd54 00000000 00000000 00000000 00000000 00000001 20000040 0000002c
df00: 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000
df20: 00000000 00000000 df9edf44 18267ea4 81882504 00000004 20000d00 00000000
df40: 00000000 00000001 84c86000 0000016d df9edfa4 df9edf60 8136e570 8136dab8
df60: 00000000 df9edfb0 00000000 00000000 00000000 00000000 df9edfac 18267ea4
df80: 8020ca3c 00000000 00000000 0014c2d0 0000016d 80200288 00000000 df9edfa8
dfa0: 80200060 8136e4b8 00000000 00000000 00000004 20000d00 00000001 00000000
dfc0: 00000000 00000000 0014c2d0 0000016d 7ed5b32e 7ed5b32f 003d0f00 76b8f0fc
dfe0: 76b8ef08 76b8eef8 000167f8 00050bc0 60000010 00000004 00000000 00000000
Backtrace: 
[<804777e0>] (__kmap_local_page_prot) from [<807e69c4>] (kmap_local_page include/linux/highmem-internal.h:73 [inline])
[<804777e0>] (__kmap_local_page_prot) from [<807e69c4>] (copy_page_to_iter+0xf8/0x184 lib/iov_iter.c:360)
[<807e68cc>] (copy_page_to_iter) from [<813fa09c>] (sk_msg_recvmsg+0xf0/0x3cc net/core/skmsg.c:437)
 r10:00000018 r9:0000002d r8:00000000 r7:00000001 r6:00000000 r5:850e8000
 r4:850e8000
[<813f9fac>] (sk_msg_recvmsg) from [<8161c79c>] (unix_bpf_recvmsg net/unix/unix_bpf.c:73 [inline])
[<813f9fac>] (sk_msg_recvmsg) from [<8161c79c>] (unix_bpf_recvmsg+0x150/0x444 net/unix/unix_bpf.c:50)
 r10:00000000 r9:00000000 r8:00000000 r7:84c86000 r6:83825e00 r5:0000002d
 r4:83524c00
[<8161c64c>] (unix_bpf_recvmsg) from [<8161b838>] (unix_dgram_recvmsg+0x38/0x4c net/unix/af_unix.c:2529)
 r10:df9edd54 r9:00000000 r8:00000000 r7:00000000 r6:833cc280 r5:df9edee0
 r4:8161c64c
[<8161b800>] (unix_dgram_recvmsg) from [<8136a934>] (sock_recvmsg_nosec net/socket.c:1046 [inline])
[<8161b800>] (unix_dgram_recvmsg) from [<8136a934>] (sock_recvmsg+0x50/0x78 net/socket.c:1068)
 r4:8161b800
[<8136a8e4>] (sock_recvmsg) from [<8136ab34>] (____sys_recvmsg+0x90/0x158 net/socket.c:2803)
 r7:00000000 r6:20000d00 r5:833cc280 r4:df9edee0
[<8136aaa4>] (____sys_recvmsg) from [<8136da78>] (___sys_recvmsg+0x88/0xbc net/socket.c:2845)
 r10:00000001 r9:84c86000 r8:833cc280 r7:00000000 r6:20000d00 r5:df9edee0
 r4:00000000
[<8136d9f0>] (___sys_recvmsg) from [<8136dba0>] (do_recvmmsg+0xf4/0x298 net/socket.c:2939)
 r8:00000000 r7:00000000 r6:00000000 r5:20000d00 r4:df9edec0
[<8136daac>] (do_recvmmsg) from [<8136e570>] (__sys_recvmmsg net/socket.c:3018 [inline])
[<8136daac>] (do_recvmmsg) from [<8136e570>] (__do_sys_recvmmsg_time32 net/socket.c:3052 [inline])
[<8136daac>] (do_recvmmsg) from [<8136e570>] (sys_recvmmsg_time32+0xc4/0xd8 net/socket.c:3045)
 r10:0000016d r9:84c86000 r8:00000001 r7:00000000 r6:00000000 r5:20000d00
 r4:00000004
[<8136e4ac>] (sys_recvmmsg_time32) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdf9edfa8 to 0xdf9edff0)
dfa0:                   00000000 00000000 00000004 20000d00 00000001 00000000
dfc0: 00000000 00000000 0014c2d0 0000016d 7ed5b32e 7ed5b32f 003d0f00 76b8f0fc
dfe0: 76b8ef08 76b8eef8 000167f8 00050bc0
 r8:80200288 r7:0000016d r6:0014c2d0 r5:00000000 r4:00000000
Code: eaffffe8 e1a0c00d e92dd800 e24cb004 (e5901000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	eaffffe8 	b	0xffffffa8
   4:	e1a0c00d 	mov	ip, sp
   8:	e92dd800 	push	{fp, ip, lr, pc}
   c:	e24cb004 	sub	fp, ip, #4
* 10:	e5901000 	ldr	r1, [r0] <-- trapping instruction