8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000038 when read
[00000038] *pgd=86027003, *pmd=df198003
Internal error: Oops: 205 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 10875 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: ARM-Versatile Express
PC is at rb_first include/linux/rbtree.h:54 [inline]
PC is at simple_xattrs_free+0x1c/0x8c fs/xattr.c:1564
LR is at __kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684
pc : [<805a5784>]    lr : [<806360e8>]    psr: 60010113
sp : dfa6dd70  ip : dfa6dd90  fp : dfa6dd8c
r10: 8309f49c  r9 : 852a0000  r8 : 82498a44
r7 : 00000038  r6 : 00000000  r5 : 8309f480  r4 : 863f3370
r3 : 852a0000  r2 : 00000000  r1 : 00000000  r0 : 00000038
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85391500  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: NULL pointer
Register r2 information: NULL pointer
Register r3 information: slab task_struct start 852a0000 pointer offset 0 size 3072
Register r4 information: slab kernfs_node_cache start 863f3370 pointer offset 0 size 88
Register r5 information: slab kmalloc-192 start 8309f480 pointer offset 0 size 192
Register r6 information: NULL pointer
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: slab task_struct start 852a0000 pointer offset 0 size 3072
Register r10 information: slab kmalloc-192 start 8309f480 pointer offset 28 size 192
Register r11 information: 2-page vmalloc region starting at 0xdfa6c000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Register r12 information: 2-page vmalloc region starting at 0xdfa6c000 allocated at kernel_clone+0xac/0x3ec kernel/fork.c:2651
Process syz-executor (pid: 10875, stack limit = 0xdfa6c000)
Stack: (0xdfa6dd70 to 0xdfa6e000)
dd60:                                     863f3370 8309f480 85a791c0 830a31b8
dd80: dfa6de2c dfa6dd90 806360e8 805a5774 00000820 dfa6dda0 8309f488 00000001
dda0: 000000a6 000041c0 00000000 ffffffff 60010113 85c39cc0 824986c8 deffc548
ddc0: 85c39cc0 a40819b4 000059b4 00000008 dfa6de6c dfa6dde0 804b74a0 804b5ed8
dde0: 807ae0a4 83001240 85e7e408 00000dc0 00000000 0000001c dfa6de14 083ecaf6
de00: 8053a368 830a31b8 000041c0 00000000 00000001 00000000 8541e8ac 8309f480
de20: dfa6de6c dfa6de30 80637bbc 80635f34 00000000 00000000 00000001 083ecaf6
de40: 00000000 828fa180 830a31b8 830a31b8 8541e8ac 000001c0 00000000 85e7e408
de60: dfa6de8c dfa6de70 80638104 80637b48 00000000 00000001 828fa180 85e7e400
de80: dfa6dedc dfa6de90 803613c4 806380e4 00000000 85e7e400 00000000 083ecaf6
dea0: 00000002 837df860 828fa140 00000000 8291fa94 830a31b8 828fa090 8541e880
dec0: 000001c0 852a0000 00000000 000001c0 dfa6defc dfa6dee0 80637adc 803612ac
dee0: 837df860 80637a70 8541e880 8291fa94 dfa6df44 dfa6df00 8057b868 80637a7c
df00: ffffff9c 85ca1910 8541e880 083ecaf6 00000000 00000000 dfa6df44 8541e880
df20: 00000000 83ecb000 000001ff ffffff9c 852a0000 00000002 dfa6df8c dfa6df48
df40: 8058222c 8057b658 dfa6df50 8099f810 00000000 85ca1910 837ec220 083ecaf6
df60: 8020029c 000001ff 00000001 7ea8aa98 00000027 8020029c 852a0000 00000027
df80: dfa6dfa4 dfa6df90 805822e8 805820b4 00300000 00000001 00000000 dfa6dfa8
dfa0: 80200060 805822cc 00300000 00000001 7ea8aa98 000001ff 00000000 00000000
dfc0: 00300000 00000001 7ea8aa98 00000027 7ea8ac80 002e8000 7ea8ac84 00000008
dfe0: 00000003 7ea8aa4c 000287a8 0012feac 60000010 7ea8aa98 00000000 00000000
Call trace: 
[<805a5768>] (simple_xattrs_free) from [<806360e8>] (__kernfs_new_node+0x1c0/0x228 fs/kernfs/dir.c:684)
 r7:830a31b8 r6:85a791c0 r5:8309f480 r4:863f3370
[<80635f28>] (__kernfs_new_node) from [<80637bbc>] (kernfs_new_node+0x80/0xa4 fs/kernfs/dir.c:716)
 r10:8309f480 r9:8541e8ac r8:00000000 r7:00000001 r6:00000000 r5:000041c0
 r4:830a31b8
[<80637b3c>] (kernfs_new_node) from [<80638104>] (kernfs_create_dir_ns+0x2c/0x80 fs/kernfs/dir.c:1086)
 r10:85e7e408 r9:00000000 r8:000001c0 r7:8541e8ac r6:830a31b8 r5:830a31b8
 r4:828fa180
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_create kernel/cgroup/cgroup.c:5859 [inline])
[<806380d8>] (kernfs_create_dir_ns) from [<803613c4>] (cgroup_mkdir+0x124/0x52c kernel/cgroup/cgroup.c:6007)
 r5:85e7e400 r4:828fa180
[<803612a0>] (cgroup_mkdir) from [<80637adc>] (kernfs_iop_mkdir+0x6c/0x90 fs/kernfs/dir.c:1271)
 r10:000001c0 r9:00000000 r8:852a0000 r7:000001c0 r6:8541e880 r5:828fa090
 r4:830a31b8
[<80637a70>] (kernfs_iop_mkdir) from [<8057b868>] (vfs_mkdir+0x21c/0x2fc fs/namei.c:5130)
 r7:8291fa94 r6:8541e880 r5:80637a70 r4:837df860
[<8057b64c>] (vfs_mkdir) from [<8058222c>] (do_mkdirat+0x184/0x1e0 fs/namei.c:5164)
 r10:00000002 r9:852a0000 r8:ffffff9c r7:000001ff r6:83ecb000 r5:00000000
 r4:8541e880
[<805820a8>] (do_mkdirat) from [<805822e8>] (__do_sys_mkdir fs/namei.c:5191 [inline])
[<805820a8>] (do_mkdirat) from [<805822e8>] (sys_mkdir+0x28/0x2c fs/namei.c:5189)
 r10:00000027 r9:852a0000 r8:8020029c r7:00000027 r6:7ea8aa98 r5:00000001
 r4:000001ff
[<805822c0>] (sys_mkdir) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67)
Exception stack(0xdfa6dfa8 to 0xdfa6dff0)
dfa0:                   00300000 00000001 7ea8aa98 000001ff 00000000 00000000
dfc0: 00300000 00000001 7ea8aa98 00000027 7ea8ac80 002e8000 7ea8ac84 00000008
dfe0: 00000003 7ea8aa4c 000287a8 0012feac
 r5:00000001 r4:00300000
Code: e2516000 e1a07000 13a03000 15863000 (e5903000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e2516000 	subs	r6, r1, #0
   4:	e1a07000 	mov	r7, r0
   8:	13a03000 	movne	r3, #0
   c:	15863000 	strne	r3, [r6]
* 10:	e5903000 	ldr	r3, [r0] <-- trapping instruction