8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 0000000e when read
[0000000e] *pgd=80000080004003, *pmd=00000000
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 24 Comm: kworker/u5:0 Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
Workqueue: events_unbound io_ring_exit_work
PC is at __io_remove_buffers io_uring/kbuf.c:219 [inline]
PC is at __io_remove_buffers+0x38/0x184 io_uring/kbuf.c:209
LR is at io_destroy_buffers+0x48/0x138 io_uring/kbuf.c:264
pc : [<807c9634>]    lr : [<807c9bf0>]    psr: 20000013
sp : df87de48  ip : df87de78  fp : df87de74
r10: 827e4691  r9 : 84787800  r8 : ffffffff
r7 : 84787b4c  r6 : 00000001  r5 : 8478203c  r4 : 00000000
r3 : 00000000  r2 : 00000000  r1 : 8478203c  r0 : 84787800
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85583c00  DAC: fffffffd
Register r0 information: slab kmalloc-2k start 84787800 pointer offset 0 size 2048
Register r1 information: slab kmalloc-2k start 84782000 pointer offset 60 size 2048
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: NULL pointer
Register r5 information: slab kmalloc-2k start 84782000 pointer offset 60 size 2048
Register r6 information: non-paged memory
Register r7 information: slab kmalloc-2k start 84787800 pointer offset 844 size 2048
Register r8 information: non-paged memory
Register r9 information: slab kmalloc-2k start 84787800 pointer offset 0 size 2048
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xdf87c000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Register r12 information: 2-page vmalloc region starting at 0xdf87c000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Process kworker/u5:0 (pid: 24, stack limit = 0xdf87c000)
Stack: (0xdf87de48 to 0xdf87e000)
de40:                   82dfaf00 00000050 84787800 84787840 84787b4c 82604d40
de60: 84787bcc 827e4691 df87de9c df87de78 807c9bf0 807c9608 00000000 2f5c4de0
de80: 84787bbc 84787800 84787840 84787b4c df87df04 df87dea0 81826490 807c9bb4
dea0: df87debc df87deb0 0003b940 84787800 00000000 df87dec0 00000000 81824fc0
dec0: 00000000 00000000 df87dec8 df87dec8 84787800 2f5c4de0 df87df48 82c0bc80
dee0: 84787bbc 82c21400 82c0f000 00000140 82dfaf00 82c21405 df87df44 df87df08
df00: 80265fd4 818260f4 df87df2c df87df18 df87df44 df87df20 8026196c 82c0bc80
df20: 82c0bcac 82c0f000 82604d40 82c0f020 82dfaf00 61c88647 df87df84 df87df48
df40: 80266520 80265e44 82604d40 82604d40 61c88647 82c0bcac df87df84 82cc6e00
df60: 82dfaf00 802662e0 82c0bc80 82cc6f00 df819e28 00000000 df87dfac df87df88
df80: 8026d8e0 802662ec 82cc6e00 8026d7dc 00000000 00000000 00000000 00000000
dfa0: 00000000 df87dfb0 80200104 8026d7e8 00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
Backtrace: 
[<807c95fc>] (__io_remove_buffers) from [<807c9bf0>] (io_destroy_buffers+0x48/0x138 io_uring/kbuf.c:264)
 r10:827e4691 r9:84787bcc r8:82604d40 r7:84787b4c r6:84787840 r5:84787800
 r4:00000050 r3:82dfaf00
[<807c9ba8>] (io_destroy_buffers) from [<81826490>] (io_ring_ctx_free io_uring/io_uring.c:2895 [inline])
[<807c9ba8>] (io_destroy_buffers) from [<81826490>] (io_ring_exit_work+0x3a8/0x5ec io_uring/io_uring.c:3151)
 r7:84787b4c r6:84787840 r5:84787800 r4:84787bbc
[<818260e8>] (io_ring_exit_work) from [<80265fd4>] (process_one_work+0x19c/0x4a8 kernel/workqueue.c:2630)
 r10:82c21405 r9:82dfaf00 r8:00000140 r7:82c0f000 r6:82c21400 r5:84787bbc
 r4:82c0bc80
[<80265e38>] (process_one_work) from [<80266520>] (process_scheduled_works kernel/workqueue.c:2703 [inline])
[<80265e38>] (process_one_work) from [<80266520>] (worker_thread+0x240/0x48c kernel/workqueue.c:2784)
 r10:61c88647 r9:82dfaf00 r8:82c0f020 r7:82604d40 r6:82c0f000 r5:82c0bcac
 r4:82c0bc80
[<802662e0>] (worker_thread) from [<8026d8e0>] (kthread+0x104/0x134 kernel/kthread.c:388)
 r10:00000000 r9:df819e28 r8:82cc6f00 r7:82c0bc80 r6:802662e0 r5:82dfaf00
 r4:82cc6e00
[<8026d7dc>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30 arch/arm/kernel/entry-common.S:134)
Exception stack(0xdf87dfb0 to 0xdf87dff8)
dfa0:                                     00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026d7dc r4:82cc6e00
Code: 0a000022 e5913004 e1d120be e5d14013 (e1d380be) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a000022 	beq	0x90
   4:	e5913004 	ldr	r3, [r1, #4]
   8:	e1d120be 	ldrh	r2, [r1, #14]
   c:	e5d14013 	ldrb	r4, [r1, #19]
* 10:	e1d380be 	ldrh	r8, [r3, #14] <-- trapping instruction