8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=85099003, *pmd=fec51003
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 5730 Comm: syz-executor.0 Not tainted 6.1.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __queue_work+0xa0/0x74c kernel/workqueue.c:1459
LR is at 0x82c00000
pc : [<80260410>]    lr : [<82c00000>]    psr: 60000093
sp : ed2c9ac8  ip : 82c00024  fp : ed2c9b0c
r10: 8280e800  r9 : 00000000  r8 : 82449498
r7 : 8220c940  r6 : 00000008  r5 : 82ad2200  r4 : 84ea185c
r3 : 00000000  r2 : 00000000  r1 : 00000004  r0 : 8280e800
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85193c80  DAC: fffffffd
Register r0 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-2k start 84ea1800 pointer offset 92 size 2048
Register r5 information: slab kmalloc-512 start 82ad2200 pointer offset 0 size 512
Register r6 information: non-paged memory
Register r7 information: non-slab/vmalloc memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: slab kmalloc-512 start 8280e800 pointer offset 0 size 512
Register r11 information: 2-page vmalloc region starting at 0xed2c8000 allocated at kernel_clone+0x9c/0x3f4 kernel/fork.c:2671
Register r12 information: slab radix_tree_node start 82c00000 pointer offset 36
Process syz-executor.0 (pid: 5730, stack limit = 0xed2c8000)
Stack: (0xed2c9ac8 to 0xed2ca000)
9ac0:                   80275518 802a0f18 820a235c 8290b980 00000012 00000000
9ae0: 80000013 84ea185c 00000008 82ad2200 60000013 ed2c9b63 8250f9c0 84e44d74
9b00: ed2c9b2c ed2c9b10 80260b0c 8026037c 842346c0 84ea1800 00000000 00000001
9b20: ed2c9b5c ed2c9b30 816cb278 80260ac8 8167bbd0 ed2c9bbc ed2c9ba8 84ea1800
9b40: 84ea18d8 000001f4 816cb2f8 00000000 ed2c9b74 ed2c9b60 816cb32c 816cb1d4
9b60: 01275518 5d8b1fd0 ed2c9b94 ed2c9b78 816c9eb8 816cb304 84ea1800 81ed8f0c
9b80: 84ea1818 84ea18c4 ed2c9bbc ed2c9b98 816ca530 816c9e90 ed2c9bbc 5d8b1fd0
9ba0: 84e46c00 81ed8f0c 84e46c5c 851aa980 ed2c9bdc ed2c9bc0 816be830 816ca424
9bc0: 84e46c00 81ed8f0c 84234840 851aa980 ed2c9bf4 ed2c9be0 816bfe24 816be7c8
9be0: 82970c14 81ed8f0c ed2c9c9c ed2c9bf8 813b6a80 816bfe00 00000001 824484f8
9c00: ed2c9c1c ed2c9c10 817582ac 81758198 ed2c9c4c ed2c9c20 8027ae00 802745b4
9c20: ed2c9c28 00000000 80000113 5d8b1fd0 816bfdf4 00000000 00000000 00000000
9c40: 81a4d3a0 0000001f 03010002 00000000 000007d3 82970c00 82970c10 82970c14
9c60: 851aa980 8250f9c0 00000000 00000000 ed2c9ca4 5d8b1fd0 84234840 813b68b8
9c80: 82970c00 0000001c 82210b94 00000000 ed2c9cec ed2c9ca0 813b5b6c 813b68c4
9ca0: 82801480 00000000 00000000 00000000 00000000 00000000 00000000 00000000
9cc0: 00000000 00000000 00000000 5d8b1fd0 84234840 823bfe4c 84e44c00 84234840
9ce0: ed2c9d04 ed2c9cf0 813b63dc 813b5ab4 82930000 82930064 ed2c9d44 ed2c9d08
9d00: 813b50a8 813b63bc 84e44c00 0000001c 7fffffff 5d8b1fd0 ed2c9d44 0000001c
9d20: ed2c9f38 84234840 0000001c 84e44c00 00000000 00000000 ed2c9da4 ed2c9d48
9d40: 813b53f0 813b4e60 00000000 00000000 82970c00 00000000 00000000 8415c200
9d60: 00000000 000007d3 00000000 00000000 00000000 5d8b1fd0 ed2c9da4 ed2c9f38
9d80: 84696f00 84696f00 00000000 00000000 00000000 ed2c9ddc ed2c9dbc ed2c9da8
9da0: 8128ff6c 813b51e8 ed2c9f38 0000c000 ed2c9e2c ed2c9dc0 81290d50 8128ff3c
9dc0: 80795b6c 807959e8 ed2c9e38 ed2c9f48 00000000 00000000 ed2c9e2c ed2c9de8
9de0: 8129295c 80795b4c ed2c9e38 ed2c9f48 00000000 00000000 20000180 5d8b1fd0
9e00: 00000000 00000000 ed2c9f38 84696f00 0000c000 00000000 8290b980 00000128
9e20: ed2c9f24 ed2c9e30 81292a04 81290b50 00000000 ed2c9e40 00000000 200001c0
9e40: 0000001c dddd4d80 00000000 00000009 ed2c9e7c ed2c9e60 80278c10 802789b8
9e60: ed2c9e7c ed2c9e70 817622b4 802745b4 ed2c9ecc ed2c9e80 80279278 802745b4
9e80: 802783f0 00000000 8220c4a4 820aad80 20000113 00000000 802a0540 5d8b1fd0
9ea0: ed2c9ed4 840c8008 00000001 840c8000 ed2c9ef4 ed2c9ec0 802fab54 810b235c
9ec0: ed2c9efc ed2c9ed0 804cbfe8 802ce8a8 00000000 ed2c9f34 ed2c9f30 0000c000
9ee0: 00000128 80200288 8290b980 00000128 ed2c9f0c ed2c9f00 804cc05c 5d8b1fd0
9f00: ed2c9f24 84696f00 20000140 0000c000 00000128 80200288 ed2c9fa4 ed2c9f28
9f20: 81292e58 8129299c 00000000 00000000 00000001 fffffff7 00000000 00000000
9f40: ed2c9f5c ed2c9f50 01010000 00000000 00000000 ed2c9e44 00000000 00000000
9f60: 00000000 00000001 0000c000 00000000 00000000 00000000 ed2c9f9c ed2c9f88
9f80: 803ecf68 5d8b1fd0 00000000 00000000 00000000 0014c2c0 00000000 ed2c9fa8
9fa0: 80200060 81292e0c 00000000 00000000 00000004 20000140 0000c000 00000000
9fc0: 00000000 00000000 0014c2c0 00000128 7e8fb3d2 76b566d0 7e8fb544 76b5620c
9fe0: 76b56020 76b56010 000164dc 0004d5a0 60000010 00000004 00000000 00000000
Backtrace: 
[<80260370>] (__queue_work) from [<80260b0c>] (queue_work_on+0x50/0x5c kernel/workqueue.c:1545)
 r10:84e44d74 r9:8250f9c0 r8:ed2c9b63 r7:60000013 r6:82ad2200 r5:00000008
 r4:84ea185c
[<80260abc>] (queue_work_on) from [<816cb278>] (queue_work include/linux/workqueue.h:503 [inline])
[<80260abc>] (queue_work_on) from [<816cb278>] (nci_send_cmd+0xb0/0x110 net/nfc/nci/core.c:1376)
 r7:00000001 r6:00000000 r5:84ea1800 r4:842346c0
[<816cb1c8>] (nci_send_cmd) from [<816cb32c>] (nci_reset_req+0x34/0x5c net/nfc/nci/core.c:166)
 r8:00000000 r7:816cb2f8 r6:000001f4 r5:84ea18d8 r4:84ea1800
[<816cb2f8>] (nci_reset_req) from [<816c9eb8>] (__nci_request+0x34/0xd8 net/nfc/nci/core.c:107)
[<816c9e84>] (__nci_request) from [<816ca530>] (nci_open_device net/nfc/nci/core.c:502 [inline])
[<816c9e84>] (__nci_request) from [<816ca530>] (nci_dev_up+0x118/0x1f8 net/nfc/nci/core.c:631)
 r7:84ea18c4 r6:84ea1818 r5:81ed8f0c r4:84ea1800
[<816ca418>] (nci_dev_up) from [<816be830>] (nfc_dev_up+0x74/0x11c net/nfc/core.c:118)
 r7:851aa980 r6:84e46c5c r5:81ed8f0c r4:84e46c00
[<816be7bc>] (nfc_dev_up) from [<816bfe24>] (nfc_genl_dev_up+0x30/0x58 net/nfc/netlink.c:770)
 r7:851aa980 r6:84234840 r5:81ed8f0c r4:84e46c00
[<816bfdf4>] (nfc_genl_dev_up) from [<813b6a80>] (genl_family_rcv_msg_doit net/netlink/genetlink.c:756 [inline])
[<816bfdf4>] (nfc_genl_dev_up) from [<813b6a80>] (genl_family_rcv_msg net/netlink/genetlink.c:833 [inline])
[<816bfdf4>] (nfc_genl_dev_up) from [<813b6a80>] (genl_rcv_msg+0x1c8/0x3f4 net/netlink/genetlink.c:850)
 r5:81ed8f0c r4:82970c14
[<813b68b8>] (genl_rcv_msg) from [<813b5b6c>] (netlink_rcv_skb+0xc4/0x128 net/netlink/af_netlink.c:2540)
 r9:00000000 r8:82210b94 r7:0000001c r6:82970c00 r5:813b68b8 r4:84234840
[<813b5aa8>] (netlink_rcv_skb) from [<813b63dc>] (genl_rcv+0x2c/0x3c net/netlink/genetlink.c:861)
 r7:84234840 r6:84e44c00 r5:823bfe4c r4:84234840
[<813b63b0>] (genl_rcv) from [<813b50a8>] (netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline])
[<813b63b0>] (genl_rcv) from [<813b50a8>] (netlink_unicast+0x254/0x388 net/netlink/af_netlink.c:1345)
 r5:82930064 r4:82930000
[<813b4e54>] (netlink_unicast) from [<813b53f0>] (netlink_sendmsg+0x214/0x4a8 net/netlink/af_netlink.c:1921)
 r10:00000000 r9:00000000 r8:84e44c00 r7:0000001c r6:84234840 r5:ed2c9f38
 r4:0000001c
[<813b51dc>] (netlink_sendmsg) from [<8128ff6c>] (sock_sendmsg_nosec net/socket.c:714 [inline])
[<813b51dc>] (netlink_sendmsg) from [<8128ff6c>] (sock_sendmsg+0x3c/0x4c net/socket.c:734)
 r10:ed2c9ddc r9:00000000 r8:00000000 r7:00000000 r6:84696f00 r5:84696f00
 r4:ed2c9f38
[<8128ff30>] (sock_sendmsg) from [<81290d50>] (____sys_sendmsg+0x20c/0x2a4 net/socket.c:2482)
 r5:0000c000 r4:ed2c9f38
[<81290b44>] (____sys_sendmsg) from [<81292a04>] (___sys_sendmsg+0x74/0xac net/socket.c:2536)
 r10:00000128 r9:8290b980 r8:00000000 r7:0000c000 r6:84696f00 r5:ed2c9f38
 r4:00000000
[<81292990>] (___sys_sendmsg) from [<81292e58>] (__sys_sendmsg net/socket.c:2565 [inline])
[<81292990>] (___sys_sendmsg) from [<81292e58>] (__do_sys_sendmsg net/socket.c:2574 [inline])
[<81292990>] (___sys_sendmsg) from [<81292e58>] (sys_sendmsg+0x58/0xa0 net/socket.c:2572)
 r8:80200288 r7:00000128 r6:0000c000 r5:20000140 r4:84696f00
[<81292e00>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:64)
Exception stack(0xed2c9fa8 to 0xed2c9ff0)
9fa0:                   00000000 00000000 00000004 20000140 0000c000 00000000
9fc0: 00000000 00000000 0014c2c0 00000128 7e8fb3d2 76b566d0 7e8fb544 76b5620c
9fe0: 76b56020 76b56010 000164dc 0004d5a0
 r6:0014c2c0 r5:00000000 r4:00000000
Code: 0a00003b e59f06a8 eb52dc03 e1a0a000 (e5990000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a00003b 	beq	0xf4
   4:	e59f06a8 	ldr	r0, [pc, #1704]	; 0x6b4
   8:	eb52dc03 	bl	0x14b701c
   c:	e1a0a000 	mov	sl, r0
* 10:	e5990000 	ldr	r0, [r9] <-- trapping instruction