8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000038 when read
[00000038] *pgd=85ddd003, *pmd=df0ad003
Internal error: Oops: 205 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 4814 Comm: syz.0.285 Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at rb_first include/linux/rbtree.h:54 [inline]
PC is at simple_xattrs_free+0x1c/0x8c fs/xattr.c:1564
LR is at __kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684
pc : [<805a57bc>]    lr : [<80636120>]    psr: 60000113
sp : dfb11d70  ip : dfb11d90  fp : dfb11d8c
r10: 8309f49c  r9 : 838fd400  r8 : 82498a44
r7 : 00000038  r6 : 00000000  r5 : 8309f480  r4 : 85dd49a0
r3 : 838fd400  r2 : 00000000  r1 : 00000000  r0 : 00000038
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 86113c40  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab task_struct start 838fd400 pointer offset 0 size 3072
Register r4 information: slab kernfs_node_cache start 85dd49a0 pointer offset 0 size 88
Register r5 information: slab kmalloc-192 start 8309f480 pointer offset 0 size 192
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: slab task_struct start 838fd400 pointer offset 0 size 3072
Register r10 information: slab kmalloc-192 start 8309f480 pointer offset 28 size 192
Register r11 information: 2-page vmalloc region starting at 0xdfb10000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Register r12 information: 2-page vmalloc region starting at 0xdfb10000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Process syz.0.285 (pid: 4814, stack limit = 0xdfb10000)
Stack: (0xdfb11d70 to 0xdfb12000)
1d60:                                     85dd49a0 8309f480 861139c0 830a31b8
1d80: dfb11e2c dfb11d90 80636120 805a57ac 00000820 dfb11da0 8309f488 00000001
1da0: 0000005b 00004000 00000000 ffffffff 60000113 851f6d80 824986c8 deffc540
1dc0: 851f6d80 a40b0aec 0000caec 00000008 dfb11e6c dfb11de0 804b74d8 804b5f10
1de0: 807ae0d4 83001240 85bbdc08 00000dc0 00000000 0000001c dfb11e14 7e8db352
1e00: 8053a3a0 830a31b8 00004000 00000000 00000001 00000000 837d09bc 8309f480
1e20: dfb11e6c dfb11e30 80637bf4 80635f6c 00000000 00000000 00000001 7e8db352
1e40: 00000000 828fa180 830a31b8 830a31b8 837d09bc 00000000 00000000 85bbdc08
1e60: dfb11e8c dfb11e70 8063813c 80637b80 00000000 00000001 828fa180 85bbdc00
1e80: dfb11edc dfb11e90 803613fc 8063811c 00000000 85bbdc00 00000000 7e8db352
1ea0: 00000002 85406680 828fa140 00000000 8291fa94 830a31b8 828fa090 837d0990
1ec0: 00000000 838fd400 00000000 00000000 dfb11efc dfb11ee0 80637b14 803612e4
1ee0: 85406680 80637aa8 837d0990 8291fa94 dfb11f44 dfb11f00 8057b8a0 80637ab4
1f00: ffffff9c 85333e50 837d0990 7e8db352 00000000 00000000 dfb11f44 837d0990
1f20: 00000000 8504c000 00000000 ffffff9c 838fd400 00000002 dfb11f8c dfb11f48
1f40: 80582264 8057b690 dfb11f50 8099f7d0 00000000 85333e50 837b1198 7e8db352
1f60: 8020029c 00000000 00000000 0031630c 00000027 8020029c 838fd400 00000027
1f80: dfb11fa4 dfb11f90 80582320 805820ec 00000000 00000000 00000000 dfb11fa8
1fa0: 80200060 80582304 00000000 00000000 20000000 00000000 00000000 00000000
1fc0: 00000000 00000000 0031630c 00000027 00300000 00000000 00006364 76f630bc
1fe0: 76f62ec0 76f62eb0 0001929c 00132320 60000010 20000000 00000000 00000000
Call trace: 
[<805a57a0>] (simple_xattrs_free) from [<80636120>] (__kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684)
 r7:830a31b8 r6:861139c0 r5:8309f480 r4:85dd49a0
[<80635f60>] (__kernfs_new_node) from [<80637bf4>] (kernfs_new_node+0x80/0xa4 fs/kernfs/dir.c:716)
 r10:8309f480 r9:837d09bc r8:00000000 r7:00000001 r6:00000000 r5:00004000
 r4:830a31b8
[<80637b74>] (kernfs_new_node) from [<8063813c>] (kernfs_create_dir_ns+0x2c/0x80 fs/kernfs/dir.c:1086)
 r10:85bbdc08 r9:00000000 r8:00000000 r7:837d09bc r6:830a31b8 r5:830a31b8
 r4:828fa180
[<80638110>] (kernfs_create_dir_ns) from [<803613fc>] (cgroup_create kernel/cgroup/cgroup.c:5859 [inline])
[<80638110>] (kernfs_create_dir_ns) from [<803613fc>] (cgroup_mkdir+0x124/0x52c kernel/cgroup/cgroup.c:6007)
 r5:85bbdc00 r4:828fa180
[<803612d8>] (cgroup_mkdir) from [<80637b14>] (kernfs_iop_mkdir+0x6c/0x90 fs/kernfs/dir.c:1271)
 r10:00000000 r9:00000000 r8:838fd400 r7:00000000 r6:837d0990 r5:828fa090
 r4:830a31b8
[<80637aa8>] (kernfs_iop_mkdir) from [<8057b8a0>] (vfs_mkdir+0x21c/0x2fc fs/namei.c:5130)
 r7:8291fa94 r6:837d0990 r5:80637aa8 r4:85406680
[<8057b684>] (vfs_mkdir) from [<80582264>] (do_mkdirat+0x184/0x1e0 fs/namei.c:5164)
 r10:00000002 r9:838fd400 r8:ffffff9c r7:00000000 r6:8504c000 r5:00000000
 r4:837d0990
[<805820e0>] (do_mkdirat) from [<80582320>] (__do_sys_mkdir fs/namei.c:5191 [inline])
[<805820e0>] (do_mkdirat) from [<80582320>] (sys_mkdir+0x28/0x2c fs/namei.c:5189)
 r10:00000027 r9:838fd400 r8:8020029c r7:00000027 r6:0031630c r5:00000000
 r4:00000000
[<805822f8>] (sys_mkdir) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdfb11fa8 to 0xdfb11ff0)
1fa0:                   00000000 00000000 20000000 00000000 00000000 00000000
1fc0: 00000000 00000000 0031630c 00000027 00300000 00000000 00006364 76f630bc
1fe0: 76f62ec0 76f62eb0 0001929c 00132320
 r5:00000000 r4:00000000
Code: e2516000 e1a07000 13a03000 15863000 (e5903000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e2516000 	subs	r6, r1, #0
   4:	e1a07000 	mov	r7, r0
   8:	13a03000 	movne	r3, #0
   c:	15863000 	strne	r3, [r6]
* 10:	e5903000 	ldr	r3, [r0] <-- trapping instruction