8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000 when write
[00000000] *pgd=84d67003, *pmd=efc81003
Internal error: Oops: a05 [#1] SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 25296 Comm: syz.3.5809 Not tainted syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
PC is at hlist_add_before_rcu include/linux/rculist.h:705 [inline]
PC is at xfrm_state_find+0x19bc/0x1ad8 net/xfrm/xfrm_state.c:1574
LR is at xfrm_spi_hash net/xfrm/xfrm_state.c:88 [inline]
LR is at xfrm_state_find+0x1954/0x1ad8 net/xfrm/xfrm_state.c:1573
pc : [<81800370>]    lr : [<81800308>]    psr: 80000013
sp : dfa0d8b0  ip : 84e314cc  fp : dfa0d95c
r10: 00000002  r9 : 855049c0  r8 : 857e3928
r7 : 00000007  r6 : 85505500  r5 : 83b66500  r4 : 83b665a4
r3 : 83b66500  r2 : 83b66514  r1 : 00000000  r0 : 00000000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84a8f500  DAC: fffffffd
Register r0 information: NULL pointer
Register r1 information: NULL pointer
Register r2 information: slab request_queue start 83b66500 pointer offset 20 size 640
Register r3 information: slab request_queue start 83b66500 pointer offset 0 size 640
Register r4 information: slab request_queue start 83b66500 pointer offset 164 size 640
Register r5 information: slab request_queue start 83b66500 pointer offset 0 size 640
Register r6 information: slab net_namespace start 855049c0 pointer offset 2880 size 3776
Register r7 information: non-paged memory
Register r8 information: slab kmalloc-1k start 857e3800 pointer offset 296 size 1024
Register r9 information: slab net_namespace start 855049c0 pointer offset 0 size 3776
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdfa0c000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2605
Register r12 information: slab kmalloc-64 start 84e314c0 pointer offset 12 size 64
Process syz.3.5809 (pid: 25296, stack limit = 0xdfa0c000)
Stack: (0xdfa0d8b0 to 0xdfa0e000)
d8a0:                                     00000007 00000000 00000000 00000000
d8c0: 00000000 00000000 00000000 00000002 84e314c0 dfa0dba0 00000000 dfa0dbc8
d8e0: 85505280 83b66540 dfa0d9c0 dfa0dbcc 00000000 85505500 00000000 00000000
d900: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
d920: 00000000 00000000 855049c0 15269695 dfa0d97c dfa0dbc8 857e3800 00000000
d940: 00000002 dfa0dbcc dfa0dba0 857e3928 dfa0da6c dfa0d960 817ef684 817fe9c0
d960: 857e3800 dfa0d9c0 00000002 00000000 dfa0d9a4 dfa0d980 802914e4 802cff00
d980: 8579434c dfa0da9c 855049c0 833c9e00 dfa0dbcc 00000001 dfa0d9f4 dfa0da9c
d9a0: 00000000 00000000 82818f54 dfa0d9f4 855049c0 00000000 dfa0dbc8 dfa0dbcc
d9c0: 00000000 833c9e48 dfa0da14 dfa0d9d8 8022ceec 8022be54 00000020 00000000
d9e0: 8172590c 00000000 00000000 00000000 00000000 00000000 00000000 00000000
da00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
da20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 15269695
da40: 00000002 00000000 833c9e00 dfa0dba0 855049c0 00000002 00000000 00000001
da60: dfa0dadc dfa0da70 817f485c 817ef48c 833c9e00 dfa0da80 81725b1c 817258e8
da80: 00000000 00000001 00000001 85794000 dfa0db14 00000000 8ba9bc00 857e3800
daa0: 00000000 dfa0dab0 81727b80 15269695 00000000 dfa0dba0 855049c0 833c9e00
dac0: 857ce680 020000e0 855049c0 00000000 dfa0db04 dfa0dae0 817f5744 817f4780
dae0: 00000006 00000000 857ce680 dfa0dba0 833c9e00 855049c0 dfa0db54 dfa0db08
db00: 81728d5c 817f5720 00000000 83202080 dfa0db2c 00000000 00000000 00000000
db20: 00000000 00000000 00000000 00000000 00000000 15269695 857ce680 dfa0de90
db40: 00000000 00000000 dfa0dcbc dfa0db58 81774f60 81728c98 84db3900 dfa0dca8
db60: dfa0dc1c dfa0db70 804c6cd0 80306c44 deff975f 05200000 020000e0 00000000
db80: 00000000 8172e738 00000011 00000000 00000000 00000000 dfa0dbe4 00000000
dba0: 0000000b 00000001 00000000 00000000 00110000 0000005f 00000000 00000000
dbc0: 00000000 00000000 aa1414ac 020000e0 4ae10000 00000000 00000000 00000000
dbe0: 00000000 00000000 00000000 00000000 00000000 00000000 020000e0 00000000
dc00: 00000000 0000004a 00000000 00000000 00000000 857ce680 00000004 84db1c40
dc20: 8404bc00 dfa0dd1c dfa0dcac dfa0dc38 80794aa4 8078e5c0 dfa0dc44 00000000
dc40: 00000000 00000002 dfa0dc54 00000000 00000000 00000000 00000000 00000000
dc60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dc80: 00000000 00000000 00000000 15269695 dfa0de90 dfa0de90 00000000 857ce680
dca0: 00000000 dfa0dd1c dfa0dd1c 00000000 dfa0dcdc dfa0dcc0 81787770 817747c8
dcc0: 00000000 dfa0de90 8370aa00 00000000 dfa0dcfc dfa0dce0 81543320 8178773c
dce0: dfa0de90 00040000 8370aa00 00000000 dfa0dd6c dfa0dd00 8154449c 815432e8
dd00: dfa0dd78 dfa0dea0 00000000 00000000 dfa0dd6c dfa0ded8 81546548 00000000
dd20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 15269695
dd40: 00000000 00000000 dfa0de90 8370aa00 dfa0ded8 00040000 20007fc0 dfa0dd7c
dd60: dfa0de6c dfa0dd70 8154663c 815443e8 00000080 8babb848 00000000 00000000
dd80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dda0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
ddc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dde0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
de00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
de20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 15269695
de40: dfa0de6c 20007fc0 00000000 00000400 00000000 dfa0ded8 00040000 b5403587
de60: dfa0df8c dfa0de70 81546c34 815465ac dfa0ded8 00000080 00000001 8bae50c1
de80: 8bae50c0 b5003500 000003ff 8370aa00 00000000 00000000 00000000 00000000
dea0: 00010001 00000000 dfa0dd7c 00000000 00000000 00000000 00000000 00000001
dec0: 00040000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
df00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
df20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
df40: 00000000 00000000 00000000 00000000 00000000 00000000 ffffffff 15269695
df60: dfa0dfb0 00000000 00000000 002f63ac 00000176 8020029c 8404bc00 00000176
df80: dfa0dfa4 dfa0df90 81546d28 81546b4c 00000001 8404bc00 00000000 dfa0dfa8
dfa0: 80200060 81546d18 00000000 00000000 00000005 20007fc0 0800001d 00000000
dfc0: 00000000 00000000 002f63ac 00000176 002e0000 00000000 00006364 76f520bc
dfe0: 76f51ec0 76f51eb0 0001948c 001322c0 60000010 00000005 00000000 00000000
Call trace: 
[<817fe9b4>] (xfrm_state_find) from [<817ef684>] (xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2522 [inline])
[<817fe9b4>] (xfrm_state_find) from [<817ef684>] (xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2573 [inline])
[<817fe9b4>] (xfrm_state_find) from [<817ef684>] (xfrm_resolve_and_create_bundle+0x204/0x1014 net/xfrm/xfrm_policy.c:2871)
 r10:857e3928 r9:dfa0dba0 r8:dfa0dbcc r7:00000002 r6:00000000 r5:857e3800
 r4:dfa0dbc8
[<817ef480>] (xfrm_resolve_and_create_bundle) from [<817f485c>] (xfrm_lookup_with_ifid+0xe8/0xa10 net/xfrm/xfrm_policy.c:3205)
 r10:00000001 r9:00000000 r8:00000002 r7:855049c0 r6:dfa0dba0 r5:833c9e00
 r4:00000000
[<817f4774>] (xfrm_lookup_with_ifid) from [<817f5744>] (xfrm_lookup net/xfrm/xfrm_policy.c:3336 [inline])
[<817f4774>] (xfrm_lookup_with_ifid) from [<817f5744>] (xfrm_lookup_route+0x30/0xb8 net/xfrm/xfrm_policy.c:3347)
 r10:00000000 r9:855049c0 r8:020000e0 r7:857ce680 r6:833c9e00 r5:855049c0
 r4:dfa0dba0
[<817f5714>] (xfrm_lookup_route) from [<81728d5c>] (ip_route_output_flow+0xd0/0xdc net/ipv4/route.c:2930)
 r6:855049c0 r5:833c9e00 r4:dfa0dba0
[<81728c8c>] (ip_route_output_flow) from [<81774f60>] (udp_sendmsg+0x7a4/0xb38 net/ipv4/udp.c:1450)
 r7:00000000 r6:00000000 r5:dfa0de90 r4:857ce680
[<817747bc>] (udp_sendmsg) from [<81787770>] (inet_sendmsg+0x40/0x4c net/ipv4/af_inet.c:851)
 r10:00000000 r9:dfa0dd1c r8:dfa0dd1c r7:00000000 r6:857ce680 r5:00000000
 r4:dfa0de90
[<81787730>] (inet_sendmsg) from [<81543320>] (sock_sendmsg_nosec net/socket.c:714 [inline])
[<81787730>] (inet_sendmsg) from [<81543320>] (__sock_sendmsg+0x44/0x78 net/socket.c:729)
 r7:00000000 r6:8370aa00 r5:dfa0de90 r4:00000000
[<815432dc>] (__sock_sendmsg) from [<8154449c>] (____sys_sendmsg+0xc0/0x2cc net/socket.c:2614)
 r7:00000000 r6:8370aa00 r5:00040000 r4:dfa0de90
[<815443dc>] (____sys_sendmsg) from [<8154663c>] (___sys_sendmsg+0x9c/0xd0 net/socket.c:2668)
 r10:dfa0dd7c r9:20007fc0 r8:00040000 r7:dfa0ded8 r6:8370aa00 r5:dfa0de90
 r4:00000000
[<815465a0>] (___sys_sendmsg) from [<81546c34>] (__sys_sendmmsg+0xf4/0x1cc net/socket.c:2757)
 r10:b5403587 r9:00040000 r8:dfa0ded8 r7:00000000 r6:00000400 r5:00000000
 r4:20007fc0
[<81546b40>] (__sys_sendmmsg) from [<81546d28>] (__do_sys_sendmmsg net/socket.c:2784 [inline])
[<81546b40>] (__sys_sendmmsg) from [<81546d28>] (sys_sendmmsg+0x1c/0x24 net/socket.c:2781)
 r10:00000176 r9:8404bc00 r8:8020029c r7:00000176 r6:002f63ac r5:00000000
 r4:00000000
[<81546d0c>] (sys_sendmmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdfa0dfa8 to 0xdfa0dff0)
dfa0:                   00000000 00000000 00000005 20007fc0 0800001d 00000000
dfc0: 00000000 00000000 002f63ac 00000176 002e0000 00000000 00006364 76f520bc
dfe0: 76f51ec0 76f51eb0 0001948c 001322c0
Code: e5852014 e2852014 f57ff05b e5951018 (e5812000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e5852014 	str	r2, [r5, #20]
   4:	e2852014 	add	r2, r5, #20
   8:	f57ff05b 	dmb	ish
   c:	e5951018 	ldr	r1, [r5, #24]
* 10:	e5812000 	str	r2, [r1] <-- trapping instruction