8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 0000000e when read
[0000000e] *pgd=80000080004003, *pmd=00000000
Internal error: Oops: 206 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 19189 Comm: kworker/u5:1 Not tainted 6.6.0-rc4-syzkaller #0
Hardware name: ARM-Versatile Express
Workqueue: events_unbound io_ring_exit_work
PC is at __io_remove_buffers io_uring/kbuf.c:219 [inline]
PC is at __io_remove_buffers+0x38/0x184 io_uring/kbuf.c:209
LR is at io_destroy_buffers+0xa0/0x138 io_uring/kbuf.c:269
pc : [<807c96e4>]    lr : [<807c9cf8>]    psr: 20000013
sp : eae91e48  ip : eae91e78  fp : eae91e74
r10: 827e4712  r9 : 8420a800  r8 : ffffffff
r7 : 8420ab4c  r6 : 00000001  r5 : 8c9d9c80  r4 : 00000000
r3 : 00000000  r2 : 00000000  r1 : 8c9d9c80  r0 : 8420a800
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84695640  DAC: fffffffd
Register r0 information: slab kmalloc-2k start 8420a800 pointer offset 0 size 2048
Register r1 information: slab kmalloc-64 start 8c9d9c80 pointer offset 0 size 64
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: NULL pointer
Register r5 information: slab kmalloc-64 start 8c9d9c80 pointer offset 0 size 64
Register r6 information: non-paged memory
Register r7 information: slab kmalloc-2k start 8420a800 pointer offset 844 size 2048
Register r8 information: non-paged memory
Register r9 information: slab kmalloc-2k start 8420a800 pointer offset 0 size 2048
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xeae90000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Register r12 information: 2-page vmalloc region starting at 0xeae90000 allocated at kernel_clone+0xac/0x424 kernel/fork.c:2909
Process kworker/u5:1 (pid: 19189, stack limit = 0xeae90000)
Stack: (0xeae91e48 to 0xeae92000)
1e40:                   00000000 8c9d9c80 8420a800 8420a8bc 8420ab4c 82604d40
1e60: 8420abcc 827e4712 eae91e9c eae91e78 807c9cf8 807c96b8 0000fffe cee942c1
1e80: 8420abbc 8420a800 8420a840 8420ab4c eae91f04 eae91ea0 81826728 807c9c64
1ea0: eae91ebc eae91eb0 00107622 8420a800 00000000 eae91ec0 00000000 81825258
1ec0: 00000000 00000000 eae91ec8 eae91ec8 8420a800 cee942c1 eae91f48 866d4f00
1ee0: 8420abbc 82c21400 82c0f000 00000140 83ec1780 82c21405 eae91f44 eae91f08
1f00: 80265fd4 8182638c eae91f2c eae91f18 eae91f44 eae91f20 8026196c 866d4f00
1f20: 866d4f2c 82c0f000 82604d40 82c0f020 83ec1780 61c88647 eae91f84 eae91f48
1f40: 80266520 80265e44 eae91f64 eae91f58 81847e08 80278e68 eae91f84 86c54840
1f60: 83ec1780 802662e0 866d4f00 86c540c0 ec629e98 00000000 eae91fac eae91f88
1f80: 8026d8e0 802662ec 86c54840 8026d7dc 00000000 00000000 00000000 00000000
1fa0: 00000000 eae91fb0 80200104 8026d7e8 00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
Backtrace: 
[<807c96ac>] (__io_remove_buffers) from [<807c9cf8>] (io_destroy_buffers+0xa0/0x138 io_uring/kbuf.c:269)
 r10:827e4712 r9:8420abcc r8:82604d40 r7:8420ab4c r6:8420a8bc r5:8420a800
 r4:8c9d9c80 r3:00000000
[<807c9c58>] (io_destroy_buffers) from [<81826728>] (io_ring_ctx_free io_uring/io_uring.c:2895 [inline])
[<807c9c58>] (io_destroy_buffers) from [<81826728>] (io_ring_exit_work+0x3a8/0x5ec io_uring/io_uring.c:3151)
 r7:8420ab4c r6:8420a840 r5:8420a800 r4:8420abbc
[<81826380>] (io_ring_exit_work) from [<80265fd4>] (process_one_work+0x19c/0x4a8 kernel/workqueue.c:2630)
 r10:82c21405 r9:83ec1780 r8:00000140 r7:82c0f000 r6:82c21400 r5:8420abbc
 r4:866d4f00
[<80265e38>] (process_one_work) from [<80266520>] (process_scheduled_works kernel/workqueue.c:2703 [inline])
[<80265e38>] (process_one_work) from [<80266520>] (worker_thread+0x240/0x48c kernel/workqueue.c:2784)
 r10:61c88647 r9:83ec1780 r8:82c0f020 r7:82604d40 r6:82c0f000 r5:866d4f2c
 r4:866d4f00
[<802662e0>] (worker_thread) from [<8026d8e0>] (kthread+0x104/0x134 kernel/kthread.c:388)
 r10:00000000 r9:ec629e98 r8:86c540c0 r7:866d4f00 r6:802662e0 r5:83ec1780
 r4:86c54840
[<8026d7dc>] (kthread) from [<80200104>] (ret_from_fork+0x14/0x30 arch/arm/kernel/entry-common.S:134)
Exception stack(0xeae91fb0 to 0xeae91ff8)
1fa0:                                     00000000 00000000 00000000 00000000
1fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1fe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026d7dc r4:86c54840
Code: 0a000022 e5913004 e1d120be e5d14013 (e1d380be) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	0a000022 	beq	0x90
   4:	e5913004 	ldr	r3, [r1, #4]
   8:	e1d120be 	ldrh	r2, [r1, #14]
   c:	e5d14013 	ldrb	r4, [r1, #19]
* 10:	e1d380be 	ldrh	r8, [r3, #14] <-- trapping instruction