8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000038 when read
[00000038] *pgd=8535c003, *pmd=df2c0003

Internal error: Oops: 205 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 6245 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at rb_first include/linux/rbtree.h:54 [inline]
PC is at simple_xattrs_free+0x1c/0x8c fs/xattr.c:1564
LR is at __kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684
pc : [<805a57bc>]    lr : [<80636120>]    psr: 600c0013
sp : df9fdd70  ip : df9fdd90  fp : df9fdd8c
r10: 8309f49c  r9 : 8537a400  r8 : 82498a44
r7 : 00000038  r6 : 00000000  r5 : 8309f480  r4 : 8518a5d8
r3 : 8537a400  r2 : 00000000  r1 : 00000000  r0 : 00000038
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 84cf0400  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab task_struct start 8537a400 pointer offset 0 size 3072
Register r4 information: slab kernfs_node_cache start 8518a5d8 pointer offset 0 size 88
Register r5 information: slab kmalloc-192 start 8309f480 pointer offset 0 size 192
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: slab task_struct start 8537a400 pointer offset 0 size 3072
Register r10 information: slab kmalloc-192 start 8309f480 pointer offset 28 size 192
Register r11 information: 2-page vmalloc region starting at 0xdf9fc000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Register r12 information: 2-page vmalloc region starting at 0xdf9fc000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Process syz-executor (pid: 6245, stack limit = 0xdf9fc000)
Stack: (0xdf9fdd70 to 0xdf9fe000)
dd60:                                     8518a5d8 8309f480 86399040 830a31b8
dd80: df9fde2c df9fdd90 80636120 805a57ac 00000820 df9fdda0 8309f488 00000001
dda0: 0000008d 000041c0 00000000 ffffffff 60000013 85757900 824986c8 deffc560
ddc0: 85757900 a40316c4 000056c4 00000008 df9fde6c df9fdde0 804b74d8 804b5f10
dde0: 807ae0d4 83001240 84d74408 00000dc0 00000000 0000001c df9fde14 eb442071
de00: 8053a3a0 830a31b8 000041c0 00000000 00000001 00000000 8581602c 8309f480
de20: df9fde6c df9fde30 80637bf4 80635f6c 00000000 00000000 00000001 eb442071
de40: 00000000 828fa180 830a31b8 830a31b8 8581602c 000001c0 00000000 84d74408
de60: df9fde8c df9fde70 8063813c 80637b80 00000000 00000001 828fa180 84d74400
de80: df9fdedc df9fde90 803613fc 8063811c 00000000 84d74400 00000000 eb442071
dea0: 00000002 837e56c0 828fa140 00000000 8291fa94 830a31b8 828fa090 85816000
dec0: 000001c0 8537a400 00000000 000001c0 df9fdefc df9fdee0 80637b14 803612e4
dee0: 837e56c0 80637aa8 85816000 8291fa94 df9fdf44 df9fdf00 8057b8a0 80637ab4
df00: ffffff9c 86063250 85816000 eb442071 00000000 00000000 df9fdf44 85816000
df20: 00000000 838ed000 000001ff ffffff9c 8537a400 00000002 df9fdf8c df9fdf48
df40: 80582264 8057b690 df9fdf50 8099f810 00000000 86063250 83798cc0 eb442071
df60: 8020029c 000001ff 00000001 7ef89a98 00000027 8020029c 8537a400 00000027
df80: df9fdfa4 df9fdf90 80582320 805820ec 00300000 00000001 00000000 df9fdfa8
dfa0: 80200060 80582304 00300000 00000001 7ef89a98 000001ff 00000000 00000000
dfc0: 00300000 00000001 7ef89a98 00000027 7ef89c80 002e8000 7ef89c84 00000008
dfe0: 00000003 7ef89a4c 000287a8 0012feac 60000010 7ef89a98 00000000 00000000
Call trace: 
[<805a57a0>] (simple_xattrs_free) from [<80636120>] (__kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684)
 r7:830a31b8 r6:86399040 r5:8309f480 r4:8518a5d8
[<80635f60>] (__kernfs_new_node) from [<80637bf4>] (kernfs_new_node+0x80/0xa4 fs/kernfs/dir.c:716)
 r10:8309f480 r9:8581602c r8:00000000 r7:00000001 r6:00000000 r5:000041c0
 r4:830a31b8
[<80637b74>] (kernfs_new_node) from [<8063813c>] (kernfs_create_dir_ns+0x2c/0x80 fs/kernfs/dir.c:1086)
 r10:84d74408 r9:00000000 r8:000001c0 r7:8581602c r6:830a31b8 r5:830a31b8
 r4:828fa180
[<80638110>] (kernfs_create_dir_ns) from [<803613fc>] (cgroup_create kernel/cgroup/cgroup.c:5859 [inline])
[<80638110>] (kernfs_create_dir_ns) from [<803613fc>] (cgroup_mkdir+0x124/0x52c kernel/cgroup/cgroup.c:6007)
 r5:84d74400 r4:828fa180
[<803612d8>] (cgroup_mkdir) from [<80637b14>] (kernfs_iop_mkdir+0x6c/0x90 fs/kernfs/dir.c:1271)
 r10:000001c0 r9:00000000 r8:8537a400 r7:000001c0 r6:85816000 r5:828fa090
 r4:830a31b8
[<80637aa8>] (kernfs_iop_mkdir) from [<8057b8a0>] (vfs_mkdir+0x21c/0x2fc fs/namei.c:5130)
 r7:8291fa94 r6:85816000 r5:80637aa8 r4:837e56c0
[<8057b684>] (vfs_mkdir) from [<80582264>] (do_mkdirat+0x184/0x1e0 fs/namei.c:5164)
 r10:00000002 r9:8537a400 r8:ffffff9c r7:000001ff r6:838ed000 r5:00000000
 r4:85816000
[<805820e0>] (do_mkdirat) from [<80582320>] (__do_sys_mkdir fs/namei.c:5191 [inline])
[<805820e0>] (do_mkdirat) from [<80582320>] (sys_mkdir+0x28/0x2c fs/namei.c:5189)
 r10:00000027 r9:8537a400 r8:8020029c r7:00000027 r6:7ef89a98 r5:00000001
 r4:000001ff
[<805822f8>] (sys_mkdir) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdf9fdfa8 to 0xdf9fdff0)
dfa0:                   00300000 00000001 7ef89a98 000001ff 00000000 00000000
dfc0: 00300000 00000001 7ef89a98 00000027 7ef89c80 002e8000 7ef89c84 00000008
dfe0: 00000003 7ef89a4c 000287a8 0012feac
 r5:00000001 r4:00300000
Code: e2516000 e1a07000 13a03000 15863000 (e5903000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e2516000 	subs	r6, r1, #0
   4:	e1a07000 	mov	r7, r0
   8:	13a03000 	movne	r3, #0
   c:	15863000 	strne	r3, [r6]
* 10:	e5903000 	ldr	r3, [r0] <-- trapping instruction