Unable to handle kernel NULL pointer dereference at virtual address 00000038 when read
[00000038] *pgd=859c7003, *pmd=dfb82003
Internal error: Oops: 205 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 7859 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at rb_first include/linux/rbtree.h:54 [inline]
PC is at simple_xattrs_free+0x1c/0x8c fs/xattr.c:1564
LR is at __kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684
pc : [<805a5784>]    lr : [<806360e8>]    psr: 60000013
sp : ea7e9d70  ip : ea7e9d90  fp : ea7e9d8c
r10: 8309f49c  r9 : 8522e000  r8 : 82498a44
r7 : 00000038  r6 : 00000000  r5 : 8309f480  r4 : 867e6e70
r3 : 8522e000  r2 : 00000000  r1 : 00000000  r0 : 00000038
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85d56400  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab task_struct start 8522e000 pointer offset 0 size 3072
Register r4 information: slab kernfs_node_cache start 867e6e70 pointer offset 0 size 88
Register r5 information: slab kmalloc-192 start 8309f480 pointer offset 0 size 192
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: slab task_struct start 8522e000 pointer offset 0 size 3072
Register r10 information: slab kmalloc-192 start 8309f480 pointer offset 28 size 192
Register r11 information: 2-page vmalloc region starting at 0xea7e8000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Register r12 information: 2-page vmalloc region starting at 0xea7e8000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Process syz-executor (pid: 7859, stack limit = 0xea7e8000)
Stack: (0xea7e9d70 to 0xea7ea000)
9d60:                                     867e6e70 8309f480 8624ecc0 830a31b8
9d80: ea7e9e2c ea7e9d90 806360e8 805a5774 00000820 ea7e9da0 8309f488 00000001
9da0: 000000f1 000041c0 00000000 ffffffff 60000013 84be56c0 824986c8 deffc548
9dc0: 84be56c0 a40a9b54 00005b54 00000008 ea7e9e6c ea7e9de0 804b74a0 804b5ed8
9de0: 807ae09c 83001240 86bbe408 00000dc0 00000000 0000001c ea7e9e14 cd3d2337
9e00: 8053a368 830a31b8 000041c0 00000000 00000001 00000000 854ea02c 8309f480
9e20: ea7e9e6c ea7e9e30 80637bbc 80635f34 00000000 00000000 00000001 cd3d2337
9e40: 00000000 828fa180 830a31b8 830a31b8 854ea02c 000001c0 00000000 86bbe408
9e60: ea7e9e8c ea7e9e70 80638104 80637b48 00000000 00000001 828fa180 86bbe400
9e80: ea7e9edc ea7e9e90 803613c4 806380e4 00000000 86bbe400 00000000 cd3d2337
9ea0: 00000002 837d9040 828fa140 00000000 8291fa94 830a31b8 828fa090 854ea000
9ec0: 000001c0 8522e000 00000000 000001c0 ea7e9efc ea7e9ee0 80637adc 803612ac
9ee0: 837d9040 80637a70 854ea000 8291fa94 ea7e9f44 ea7e9f00 8057b868 80637a7c
9f00: ffffff9c 84f93190 854ea000 cd3d2337 00000000 00000000 ea7e9f44 854ea000
9f20: 00000000 83955000 000001ff ffffff9c 8522e000 00000002 ea7e9f8c ea7e9f48
9f40: 8058222c 8057b658 ea7e9f50 8099f7d0 00000000 84f93190 835a8a18 cd3d2337
9f60: 8020029c 000001ff 00000001 7e8afa98 00000027 8020029c 8522e000 00000027
9f80: ea7e9fa4 ea7e9f90 805822e8 805820b4 00300000 00000001 00000000 ea7e9fa8
9fa0: 80200060 805822cc 00300000 00000001 7e8afa98 000001ff 00000000 00000000
9fc0: 00300000 00000001 7e8afa98 00000027 7e8afc80 002e8000 7e8afc84 00000008
9fe0: 00000003 7e8afa4c 000287a8 0012feac 60000010 7e8afa98 00000000 00000000
Call trace: 
[<805a5768>] (simple_xattrs_free) from [<806360e8>] (__kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684)
 r7:830a31b8 r6:8624ecc0 r5:8309f480 r4:867e6e70
[<80635f28>] (__kernfs_new_node) from [<80637bbc>] (kernfs_new_node+0x80/0xa4 fs/kernfs/dir.c:716)
 r10:8309f480 r9:854ea02c r8:00000000 r7:00000001 r6:00000000 r5:000041c0
 r4:830a31b8
[<80637b3c>] (kernfs_new_node) from [<80638104>] (kernfs_create_dir_ns+0x2c/0x80 fs/kernfs/dir.c:1086)
 r10:86bbe408 r9:00000000 r8:000001c0 r7:854ea02c r6:830a31b8 r5:830a31b8
 r4:828fa180
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_create kernel/cgroup/cgroup.c:5859 [inline])
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_mkdir+0x124/0x52c kernel/cgroup/cgroup.c:6007)
 r5:86bbe400 r4:828fa180
[<803612a0>] (cgroup_mkdir) from [<80637adc>] (kernfs_iop_mkdir+0x6c/0x90 fs/kernfs/dir.c:1271)
 r10:000001c0 r9:00000000 r8:8522e000 r7:000001c0 r6:854ea000 r5:828fa090
 r4:830a31b8
[<80637a70>] (kernfs_iop_mkdir) from [<8057b868>] (vfs_mkdir+0x21c/0x2fc fs/namei.c:5130)
 r7:8291fa94 r6:854ea000 r5:80637a70 r4:837d9040
[<8057b64c>] (vfs_mkdir) from [<8058222c>] (do_mkdirat+0x184/0x1e0 fs/namei.c:5164)
 r10:00000002 r9:8522e000 r8:ffffff9c r7:000001ff r6:83955000 r5:00000000
 r4:854ea000
[<805820a8>] (do_mkdirat) from [<805822e8>] (__do_sys_mkdir fs/namei.c:5191 [inline])
[<805820a8>] (do_mkdirat) from [<805822e8>] (sys_mkdir+0x28/0x2c fs/namei.c:5189)
 r10:00000027 r9:8522e000 r8:8020029c r7:00000027 r6:7e8afa98 r5:00000001
 r4:000001ff
[<805822c0>] (sys_mkdir) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xea7e9fa8 to 0xea7e9ff0)
9fa0:                   00300000 00000001 7e8afa98 000001ff 00000000 00000000
9fc0: 00300000 00000001 7e8afa98 00000027 7e8afc80 002e8000 7e8afc84 00000008
9fe0: 00000003 7e8afa4c 000287a8 0012feac
 r5:00000001 r4:00300000
Code: e2516000 e1a07000 13a03000 15863000 (e5903000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e2516000 	subs	r6, r1, #0
   4:	e1a07000 	mov	r7, r0
   8:	13a03000 	movne	r3, #0
   c:	15863000 	strne	r3, [r6]
* 10:	e5903000 	ldr	r3, [r0] <-- trapping instruction