8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000038 when read
[00000038] *pgd=854b7003, *pmd=fc86b003
Internal error: Oops: 205 [#1] SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 5352 Comm: syz.1.482 Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at rb_first include/linux/rbtree.h:54 [inline]
PC is at simple_xattrs_free+0x1c/0x8c fs/xattr.c:1564
LR is at __kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684
pc : [<805a5784>]    lr : [<806360e8>]    psr: 60000013
sp : ea745d70  ip : ea745d90  fp : ea745d8c
r10: 8309f49c  r9 : 85e20000  r8 : 82498a44
r7 : 00000038  r6 : 00000000  r5 : 8309f480  r4 : 8641a898
r3 : 85e20000  r2 : 00000000  r1 : 00000000  r0 : 00000038
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 867fc100  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab task_struct start 85e20000 pointer offset 0 size 3072
Register r4 information: slab kernfs_node_cache start 8641a898 pointer offset 0 size 88
Register r5 information: slab kmalloc-192 start 8309f480 pointer offset 0 size 192
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: slab task_struct start 85e20000 pointer offset 0 size 3072
Register r10 information: slab kmalloc-192 start 8309f480 pointer offset 28 size 192
Register r11 information: 2-page vmalloc region starting at 0xea744000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Register r12 information: 2-page vmalloc region starting at 0xea744000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Process syz.1.482 (pid: 5352, stack limit = 0xea744000)
Stack: (0xea745d70 to 0xea746000)
5d60:                                     8641a898 8309f480 8640c4c0 830a31b8
5d80: ea745e2c ea745d90 806360e8 805a5774 00000820 ea745da0 8309f488 00000001
5da0: 0000005b 00004000 00000000 ffffffff 60000013 84d870c0 824986c8 deffc540
5dc0: 84d870c0 a40b2cfc 0000ecfc 00000008 ea745e6c ea745de0 804b74a0 804b5ed8
5de0: 807ae09c 83001240 85e3e408 00000dc0 00000000 0000001c ea745e14 548c2e29
5e00: 8053a368 830a31b8 00004000 00000000 00000001 00000000 8379668c 8309f480
5e20: ea745e6c ea745e30 80637bbc 80635f34 00000000 00000000 00000001 548c2e29
5e40: 00000000 828fa180 830a31b8 830a31b8 8379668c 00000000 00000000 85e3e408
5e60: ea745e8c ea745e70 80638104 80637b48 00000000 00000001 828fa180 85e3e400
5e80: ea745edc ea745e90 803613c4 806380e4 00000000 85e3e400 00000000 548c2e29
5ea0: 00000002 85801ba0 828fa140 00000000 8291fa94 830a31b8 828fa090 83796660
5ec0: 00000000 85e20000 00000000 00000000 ea745efc ea745ee0 80637adc 803612ac
5ee0: 85801ba0 80637a70 83796660 8291fa94 ea745f44 ea745f00 8057b868 80637a7c
5f00: ffffff9c 85cf5910 83796660 548c2e29 00000000 00000000 ea745f44 83796660
5f20: 00000000 83834000 00000000 ffffff9c 85e20000 00000002 ea745f8c ea745f48
5f40: 8058222c 8057b658 ea745f50 8099f7d0 00000000 85cf5910 85822990 548c2e29
5f60: 8020029c 00000000 00000000 0031630c 00000027 8020029c 85e20000 00000027
5f80: ea745fa4 ea745f90 805822e8 805820b4 00000000 00000000 00000000 ea745fa8
5fa0: 80200060 805822cc 00000000 00000000 20000000 00000000 00000000 00000000
5fc0: 00000000 00000000 0031630c 00000027 00300000 00000000 00006364 76f730bc
5fe0: 76f72ec0 76f72eb0 0001929c 00132320 60000010 20000000 00000000 00000000
Call trace: 
[<805a5768>] (simple_xattrs_free) from [<806360e8>] (__kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684)
 r7:830a31b8 r6:8640c4c0 r5:8309f480 r4:8641a898
[<80635f28>] (__kernfs_new_node) from [<80637bbc>] (kernfs_new_node+0x80/0xa4 fs/kernfs/dir.c:716)
 r10:8309f480 r9:8379668c r8:00000000 r7:00000001 r6:00000000 r5:00004000
 r4:830a31b8
[<80637b3c>] (kernfs_new_node) from [<80638104>] (kernfs_create_dir_ns+0x2c/0x80 fs/kernfs/dir.c:1086)
 r10:85e3e408 r9:00000000 r8:00000000 r7:8379668c r6:830a31b8 r5:830a31b8
 r4:828fa180
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_create kernel/cgroup/cgroup.c:5859 [inline])
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_mkdir+0x124/0x52c kernel/cgroup/cgroup.c:6007)
 r5:85e3e400 r4:828fa180
[<803612a0>] (cgroup_mkdir) from [<80637adc>] (kernfs_iop_mkdir+0x6c/0x90 fs/kernfs/dir.c:1271)
 r10:00000000 r9:00000000 r8:85e20000 r7:00000000 r6:83796660 r5:828fa090
 r4:830a31b8
[<80637a70>] (kernfs_iop_mkdir) from [<8057b868>] (vfs_mkdir+0x21c/0x2fc fs/namei.c:5130)
 r7:8291fa94 r6:83796660 r5:80637a70 r4:85801ba0
[<8057b64c>] (vfs_mkdir) from [<8058222c>] (do_mkdirat+0x184/0x1e0 fs/namei.c:5164)
 r10:00000002 r9:85e20000 r8:ffffff9c r7:00000000 r6:83834000 r5:00000000
 r4:83796660
[<805820a8>] (do_mkdirat) from [<805822e8>] (__do_sys_mkdir fs/namei.c:5191 [inline])
[<805820a8>] (do_mkdirat) from [<805822e8>] (sys_mkdir+0x28/0x2c fs/namei.c:5189)
 r10:00000027 r9:85e20000 r8:8020029c r7:00000027 r6:0031630c r5:00000000
 r4:00000000
[<805822c0>] (sys_mkdir) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xea745fa8 to 0xea745ff0)
5fa0:                   00000000 00000000 20000000 00000000 00000000 00000000
5fc0: 00000000 00000000 0031630c 00000027 00300000 00000000 00006364 76f730bc
5fe0: 76f72ec0 76f72eb0 0001929c 00132320
 r5:00000000 r4:00000000
Code: e2516000 e1a07000 13a03000 15863000 (e5903000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e2516000 	subs	r6, r1, #0
   4:	e1a07000 	mov	r7, r0
   8:	13a03000 	movne	r3, #0
   c:	15863000 	strne	r3, [r6]
* 10:	e5903000 	ldr	r3, [r0] <-- trapping instruction