8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000038 when read
[00000038] *pgd=85c39003, *pmd=df88d003
Internal error: Oops: 205 [#1] SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 6940 Comm: syz.1.876 Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at rb_first include/linux/rbtree.h:54 [inline]
PC is at simple_xattrs_free+0x1c/0x8c fs/xattr.c:1564
LR is at __kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684
pc : [<805a5784>]    lr : [<806360e8>]    psr: 60000013
sp : dfc8dd70  ip : dfc8dd90  fp : dfc8dd8c
r10: 8309f49c  r9 : 85221800  r8 : 82498a44
r7 : 00000038  r6 : 00000000  r5 : 8309f480  r4 : 85a8a268
r3 : 85221800  r2 : 00000000  r1 : 00000000  r0 : 00000038
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85ff1a00  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab task_struct start 85221800 pointer offset 0 size 3072
Register r4 information: slab kernfs_node_cache start 85a8a268 pointer offset 0 size 88
Register r5 information: slab kmalloc-192 start 8309f480 pointer offset 0 size 192
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: slab task_struct start 85221800 pointer offset 0 size 3072
Register r10 information: slab kmalloc-192 start 8309f480 pointer offset 28 size 192
Register r11 information: 2-page vmalloc region starting at 0xdfc8c000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Register r12 information: 2-page vmalloc region starting at 0xdfc8c000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Process syz.1.876 (pid: 6940, stack limit = 0xdfc8c000)
Stack: (0xdfc8dd70 to 0xdfc8e000)
dd60:                                     85a8a268 8309f480 852ba500 830a31b8
dd80: dfc8de2c dfc8dd90 806360e8 805a5774 00000820 dfc8dda0 8309f488 00000001
dda0: 00000079 00004000 00000000 ffffffff 60000013 83fee480 824986c8 deffc538
ddc0: 83fee480 a40d96c4 0000d6c4 00000008 dfc8de6c dfc8dde0 804b74a0 804b5ed8
dde0: 807ae09c 83001240 84c89408 00000dc0 00000000 0000001c dfc8de14 351512e5
de00: 8053a368 830a31b8 00004000 00000000 00000001 00000000 8363913c 8309f480
de20: dfc8de6c dfc8de30 80637bbc 80635f34 00000000 00000000 00000001 351512e5
de40: 00000000 828fa180 830a31b8 830a31b8 8363913c 00000000 00000000 84c89408
de60: dfc8de8c dfc8de70 80638104 80637b48 00000000 00000001 828fa180 84c89400
de80: dfc8dedc dfc8de90 803613c4 806380e4 00000000 84c89400 00000000 351512e5
dea0: 00000002 855856c0 828fa140 00000000 8291fa94 830a31b8 828fa090 83639110
dec0: 00000000 85221800 00000000 00000000 dfc8defc dfc8dee0 80637adc 803612ac
dee0: 855856c0 80637a70 83639110 8291fa94 dfc8df44 dfc8df00 8057b868 80637a7c
df00: ffffff9c 85a05790 83639110 351512e5 00000000 00000000 dfc8df44 83639110
df20: 00000000 83220000 00000000 ffffff9c 85221800 00000002 dfc8df8c dfc8df48
df40: 8058222c 8057b658 dfc8df50 8099f7d0 00000000 85a05790 85709aa0 351512e5
df60: 8020029c 00000000 00000000 0031630c 00000027 8020029c 85221800 00000027
df80: dfc8dfa4 dfc8df90 805822e8 805820b4 00000000 00000000 00000000 dfc8dfa8
dfa0: 80200060 805822cc 00000000 00000000 20000000 00000000 00000000 00000000
dfc0: 00000000 00000000 0031630c 00000027 00300000 00000000 00006364 76f990bc
dfe0: 76f98ec0 76f98eb0 0001929c 00132320 60000010 20000000 00000000 00000000
Call trace: 
[<805a5768>] (simple_xattrs_free) from [<806360e8>] (__kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684)
 r7:830a31b8 r6:852ba500 r5:8309f480 r4:85a8a268
[<80635f28>] (__kernfs_new_node) from [<80637bbc>] (kernfs_new_node+0x80/0xa4 fs/kernfs/dir.c:716)
 r10:8309f480 r9:8363913c r8:00000000 r7:00000001 r6:00000000 r5:00004000
 r4:830a31b8
[<80637b3c>] (kernfs_new_node) from [<80638104>] (kernfs_create_dir_ns+0x2c/0x80 fs/kernfs/dir.c:1086)
 r10:84c89408 r9:00000000 r8:00000000 r7:8363913c r6:830a31b8 r5:830a31b8
 r4:828fa180
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_create kernel/cgroup/cgroup.c:5859 [inline])
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_mkdir+0x124/0x52c kernel/cgroup/cgroup.c:6007)
 r5:84c89400 r4:828fa180
[<803612a0>] (cgroup_mkdir) from [<80637adc>] (kernfs_iop_mkdir+0x6c/0x90 fs/kernfs/dir.c:1271)
 r10:00000000 r9:00000000 r8:85221800 r7:00000000 r6:83639110 r5:828fa090
 r4:830a31b8
[<80637a70>] (kernfs_iop_mkdir) from [<8057b868>] (vfs_mkdir+0x21c/0x2fc fs/namei.c:5130)
 r7:8291fa94 r6:83639110 r5:80637a70 r4:855856c0
[<8057b64c>] (vfs_mkdir) from [<8058222c>] (do_mkdirat+0x184/0x1e0 fs/namei.c:5164)
 r10:00000002 r9:85221800 r8:ffffff9c r7:00000000 r6:83220000 r5:00000000
 r4:83639110
[<805820a8>] (do_mkdirat) from [<805822e8>] (__do_sys_mkdir fs/namei.c:5191 [inline])
[<805820a8>] (do_mkdirat) from [<805822e8>] (sys_mkdir+0x28/0x2c fs/namei.c:5189)
 r10:00000027 r9:85221800 r8:8020029c r7:00000027 r6:0031630c r5:00000000
 r4:00000000
[<805822c0>] (sys_mkdir) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdfc8dfa8 to 0xdfc8dff0)
dfa0:                   00000000 00000000 20000000 00000000 00000000 00000000
dfc0: 00000000 00000000 0031630c 00000027 00300000 00000000 00006364 76f990bc
dfe0: 76f98ec0 76f98eb0 0001929c 00132320
 r5:00000000 r4:00000000
Code: e2516000 e1a07000 13a03000 15863000 (e5903000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e2516000 	subs	r6, r1, #0
   4:	e1a07000 	mov	r7, r0
   8:	13a03000 	movne	r3, #0
   c:	15863000 	strne	r3, [r6]
* 10:	e5903000 	ldr	r3, [r0] <-- trapping instruction