8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000004 when read
[00000004] *pgd=84f6f003, *pmd=fe44e003
Internal error: Oops: 205 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 9748 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at bpf_link_free+0x90/0xd4 kernel/bpf/syscall.c:3078
LR is at debug_smp_processor_id+0x20/0x24 lib/smp_processor_id.c:60
pc : [<80398bf4>]    lr : [<818f22dc>]    psr: 40000013
sp : dfbcdf18  ip : dfbcdeb8  fp : dfbcdf2c
r10: 00000006  r9 : 844bec00  r8 : 82e99550
r7 : 830bf950  r6 : 833e7b40  r5 : 00000000  r4 : 84f1c300
r3 : 00000000  r2 : 00000000  r1 : 00000000  r0 : 00000001
Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84f032c0  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab kmalloc-64 start 84f1c300 pointer offset 0 size 64
Register r5 information: NULL pointer
Register r6 information: slab dentry start 833e7b40 pointer offset 0 size 144
Register r7 information: slab inode_cache start 830bf950 pointer offset 0 size 424
Register r8 information: slab mnt_cache start 82e99540 pointer offset 16 size 184
Register r9 information: slab task_struct start 844bec00 pointer offset 0 size 3072
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdfbcc000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2797
Register r12 information: 2-page vmalloc region starting at 0xdfbcc000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2797
Process syz-executor.0 (pid: 9748, stack limit = 0xdfbcc000)
Stack: (0xdfbcdf18 to 0xdfbce000)
df00:                                                       00000001 00000000
df20: dfbcdf44 dfbcdf30 80398d50 80398b70 83f90900 000a0001 dfbcdf7c dfbcdf48
df40: 80503448 80398d14 83f90900 00000000 8447f600 00000006 00000000 83f90900
df60: 00154298 00000006 8020029c 844bec00 dfbcdf8c dfbcdf80 8050370c 80503380
df80: dfbcdfa4 dfbcdf90 804fead0 805036dc 00000006 00155498 00000000 dfbcdfa8
dfa0: 80200060 804feaac 00000006 00155498 00000006 00000002 00000000 00000000
dfc0: 00000006 00155498 00154298 00000006 00000000 001542a4 000f4240 000a6ebf
dfe0: 00000000 7eecc3e0 00091488 0004ff8c 40000010 00000006 00000000 00000000
Call trace: 
[<80398b64>] (bpf_link_free) from [<80398d50>] (bpf_link_put_direct kernel/bpf/syscall.c:3106 [inline])
[<80398b64>] (bpf_link_free) from [<80398d50>] (bpf_link_release+0x48/0x50 kernel/bpf/syscall.c:3113)
 r5:00000000 r4:00000001
[<80398d08>] (bpf_link_release) from [<80503448>] (__fput+0xd4/0x2dc fs/file_table.c:422)
 r5:000a0001 r4:83f90900
[<80503374>] (__fput) from [<8050370c>] (__fput_sync+0x3c/0x40 fs/file_table.c:507)
 r9:844bec00 r8:8020029c r7:00000006 r6:00154298 r5:83f90900 r4:00000000
[<805036d0>] (__fput_sync) from [<804fead0>] (__do_sys_close fs/open.c:1555 [inline])
[<805036d0>] (__fput_sync) from [<804fead0>] (sys_close+0x30/0x64 fs/open.c:1540)
[<804feaa0>] (sys_close) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdfbcdfa8 to 0xdfbcdff0)
dfa0:                   00000006 00155498 00000006 00000002 00000000 00000000
dfc0: 00000006 00155498 00154298 00000006 00000000 001542a4 000f4240 000a6ebf
dfe0: 00000000 7eecc3e0 00091488 0004ff8c
 r5:00155498 r4:00000006
Code: e30816c0 e3481039 ebfcea68 e5943010 (e5933004) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e30816c0 	movw	r1, #34496	@ 0x86c0
   4:	e3481039 	movt	r1, #32825	@ 0x8039
   8:	ebfcea68 	bl	0xfff3a9b0
   c:	e5943010 	ldr	r3, [r4, #16]
* 10:	e5933004 	ldr	r3, [r3, #4] <-- trapping instruction