8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read
[00000000] *pgd=925ff003, *pmd=fe2cc003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 8140 Comm: syz-executor.1 Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at page_zonenum include/linux/mmzone.h:1086 [inline]
PC is at __kmap_local_page_prot+0xc/0x74 mm/highmem.c:573
LR is at kmap_local_page include/linux/highmem-internal.h:73 [inline]
LR is at copy_page_to_iter+0xf8/0x184 lib/iov_iter.c:479
pc : [<80464094>]    lr : [<807da6a4>]    psr: 60000013
sp : dfb31bf8  ip : dfb31c08  fp : dfb31c04
r10: 00000018  r9 : 828544e8  r8 : 00000000
r7 : 00000000  r6 : 00000000  r5 : 00000000  r4 : 8a40d000
r3 : 00c00000  r2 : 0000071f  r1 : 00000000  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 847dac40  DAC: fffffffd
Register r0 information: NULL pointer
Register r1 information: NULL pointer
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: slab kmalloc-1k start 8a40d000 pointer offset 0 size 1024
Register r5 information: NULL pointer
Register r6 information: NULL pointer
Register r7 information: NULL pointer
Register r8 information: NULL pointer
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdfb30000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Register r12 information: 2-page vmalloc region starting at 0xdfb30000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Process syz-executor.1 (pid: 8140, stack limit = 0xdfb30000)
Stack: (0xdfb31bf8 to 0xdfb32000)
1be0:                                                       dfb31c3c dfb31c08
1c00: 807da6a4 80464094 dfb31c2c dfb31ee8 8024bc7c 8a40d000 8a40d000 00000000
1c20: 00000000 00000000 00022fe0 00000018 dfb31c8c dfb31c40 813c9400 807da5b8
1c40: 052171bc 0000b6c1 847c8a00 847c8ad0 92354000 847c8ad8 dfb31ee8 00000002
1c60: 00000000 92354000 00022fe0 847c8a00 844a4680 00000000 00000002 00000000
1c80: dfb31cfc dfb31c90 815e3338 813c931c 00000002 00000002 dfb31ca4 00000000
1ca0: 00000000 00000000 923540a8 847c8aec 9235423c dfb31ed8 00000000 00000000
1cc0: 00000000 00000000 00000000 932d22ec 00000000 815e31e8 dfb31ed8 8484af00
1ce0: 00000002 00000000 00000002 dfb31d4c dfb31d1c dfb31d00 815e2678 815e31f4
1d00: 00000000 00000002 00000000 815e2640 dfb31d3c dfb31d20 81340128 815e264c
1d20: dfb31ed8 8484af00 200033c0 00000000 dfb31dfc dfb31d40 8134032c 813400e4
1d40: 00000000 00000000 00000001 00000000 00000000 00000000 00000000 00000000
1d60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1d80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1da0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1dc0: 00000000 00000000 00000000 932d22ec 00000000 00000000 dfb31ed8 200033c0
1de0: 00000002 8484af00 844a4680 00000001 dfb31e7c dfb31e00 81342e78 813402a8
1e00: 00000002 00000000 dfb31e6c 00000000 00000000 200003c0 00022fe0 00000000
1e20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1e40: 00000000 00000000 00000000 00000000 00000000 932d22ec dfb31e7c dfb31eb8
1e60: 200033c0 00000000 00000002 00000000 dfb31f5c dfb31e80 81342fa0 81342dfc
1e80: 00000000 dfb31e90 80889c10 8484af00 00000001 00000000 00000000 00000000
1ea0: 00000000 00000000 00000000 00000000 00000000 00000000 dfb31eb4 844a4680
1ec0: 00000000 00000000 82f9e100 000509e0 00000000 00000000 dfb31d4c 00000000
1ee0: 00000000 00000000 00000005 00000001 00000000 200003c0 00022fe0 00000000
1f00: 00000001 00000000 00000000 00000001 00000000 00000000 00000000 00000000
1f20: 00000000 00000000 dfb31f44 932d22ec 8183bf54 00000003 200033c0 00000000
1f40: 00000002 00000001 844a4680 0000016d dfb31fa4 dfb31f60 81343970 81342eb8
1f60: 00000000 dfb31fb0 00000000 00000000 00000000 00000000 dfb31fac 932d22ec
1f80: 8020c8d0 00000000 00000000 0014c2c8 0000016d 80200288 00000000 dfb31fa8
1fa0: 80200060 813438b8 00000000 00000000 00000003 200033c0 00000001 00000002
1fc0: 00000000 00000000 0014c2c8 0000016d 7e9ea32e 7e9ea32f 003d0f00 76b210fc
1fe0: 76b20f08 76b20ef8 00016688 000509e0 60000010 00000003 00000000 00000000
Backtrace: 
[<80464088>] (__kmap_local_page_prot) from [<807da6a4>] (kmap_local_page include/linux/highmem-internal.h:73 [inline])
[<80464088>] (__kmap_local_page_prot) from [<807da6a4>] (copy_page_to_iter+0xf8/0x184 lib/iov_iter.c:479)
[<807da5ac>] (copy_page_to_iter) from [<813c9400>] (sk_msg_recvmsg+0xf0/0x3cc net/core/skmsg.c:437)
 r10:00000018 r9:00022fe0 r8:00000000 r7:00000000 r6:00000000 r5:8a40d000
 r4:8a40d000
[<813c9310>] (sk_msg_recvmsg) from [<815e3338>] (unix_bpf_recvmsg net/unix/unix_bpf.c:73 [inline])
[<813c9310>] (sk_msg_recvmsg) from [<815e3338>] (unix_bpf_recvmsg+0x150/0x444 net/unix/unix_bpf.c:50)
 r10:00000000 r9:00000002 r8:00000000 r7:844a4680 r6:847c8a00 r5:00022fe0
 r4:92354000
[<815e31e8>] (unix_bpf_recvmsg) from [<815e2678>] (unix_dgram_recvmsg+0x38/0x4c net/unix/af_unix.c:2457)
 r10:dfb31d4c r9:00000002 r8:00000000 r7:00000002 r6:8484af00 r5:dfb31ed8
 r4:815e31e8
[<815e2640>] (unix_dgram_recvmsg) from [<81340128>] (sock_recvmsg_nosec net/socket.c:1027 [inline])
[<815e2640>] (unix_dgram_recvmsg) from [<81340128>] (sock_recvmsg+0x50/0x78 net/socket.c:1049)
 r4:815e2640
[<813400d8>] (sock_recvmsg) from [<8134032c>] (____sys_recvmsg+0x90/0x158 net/socket.c:2760)
 r7:00000000 r6:200033c0 r5:8484af00 r4:dfb31ed8
[<8134029c>] (____sys_recvmsg) from [<81342e78>] (___sys_recvmsg+0x88/0xbc net/socket.c:2802)
 r10:00000001 r9:844a4680 r8:8484af00 r7:00000002 r6:200033c0 r5:dfb31ed8
 r4:00000000
[<81342df0>] (___sys_recvmsg) from [<81342fa0>] (do_recvmmsg+0xf4/0x298 net/socket.c:2896)
 r8:00000000 r7:00000002 r6:00000000 r5:200033c0 r4:dfb31eb8
[<81342eac>] (do_recvmmsg) from [<81343970>] (__sys_recvmmsg net/socket.c:2975 [inline])
[<81342eac>] (do_recvmmsg) from [<81343970>] (__do_sys_recvmmsg_time32 net/socket.c:3009 [inline])
[<81342eac>] (do_recvmmsg) from [<81343970>] (sys_recvmmsg_time32+0xc4/0xd8 net/socket.c:3002)
 r10:0000016d r9:844a4680 r8:00000001 r7:00000002 r6:00000000 r5:200033c0
 r4:00000003
[<813438ac>] (sys_recvmmsg_time32) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdfb31fa8 to 0xdfb31ff0)
1fa0:                   00000000 00000000 00000003 200033c0 00000001 00000002
1fc0: 00000000 00000000 0014c2c8 0000016d 7e9ea32e 7e9ea32f 003d0f00 76b210fc
1fe0: 76b20f08 76b20ef8 00016688 000509e0
 r8:80200288 r7:0000016d r6:0014c2c8 r5:00000000 r4:00000000
Code: eaffffe8 e1a0c00d e92dd800 e24cb004 (e5901000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	eaffffe8 	b	0xffffffa8
   4:	e1a0c00d 	mov	ip, sp
   8:	e92dd800 	push	{fp, ip, lr, pc}
   c:	e24cb004 	sub	fp, ip, #4
* 10:	e5901000 	ldr	r1, [r0] <-- trapping instruction