8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000008 when read
[00000008] *pgd=84817003, *pmd=ed34e003
Internal error: Oops: 205 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 525 Comm: syz.0.14872 Not tainted 6.12.0-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at selinux_ip_output+0x54/0x80 security/selinux/hooks.c:5762
LR is at selinux_ip_output+0x18/0x80 security/selinux/hooks.c:5735
pc : [<8072a1d8>]    lr : [<8072a19c>]    psr: 40000113
sp : df8019f8  ip : df8019f8  fp : df801a0c
r10: 00007ab0  r9 : 85831788  r8 : df801a3c
r7 : 8993ecc0  r6 : 85831780  r5 : df801a3c  r4 : 8993ecc0
r3 : 00000000  r2 : 00000000  r1 : 00000040  r0 : 00000001
Flags: nZcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 84824a40  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: non-paged memory
Register r2 information: NULL pointer
Register r3 information: NULL pointer
Register r4 information: slab skbuff_head_cache start 8993ecc0 pointer offset 0 size 192
Register r5 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1005
Register r6 information: slab kmalloc-cg-128 start 85831780 pointer offset 0 size 128
Register r7 information: slab skbuff_head_cache start 8993ecc0 pointer offset 0 size 192
Register r8 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1005
Register r9 information: slab kmalloc-cg-128 start 85831780 pointer offset 8 size 128
Register r10 information: non-paged memory
Register r11 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1005
Register r12 information: 2-page vmalloc region starting at 0xdf800000 allocated at start_kernel+0x5d0/0x778 init/main.c:1005
Process syz.0.14872 (pid: 525, stack limit = 0xe8994000)
Stack: (0xdf8019f8 to 0xdf802000)
19e0:                                                       00000001 00000001
1a00: df801a34 df801a10 815dec9c 8072a190 8993ecc0 84484f80 8467e000 85bca800
1a20: 82e0c728 82e0c868 df801a74 df801a38 81676584 815dec68 00000000 00000203
1a40: 00000000 85bca800 8467e000 84484f80 81673184 32e6adce 82e0c600 8993ecc0
1a60: 8467e000 84484f80 df801a94 df801a78 816777b4 81676454 82e0c600 8993ecc0
1a80: df801be8 00005be9 df801bb4 df801a98 81677d78 8167779c 82e0c740 816733a0
1aa0: df801c08 00000020 00000000 00000040 df801adc 00000936 55f26410 00000000
1ac0: 00000006 00000000 00000000 8467e000 df801b24 00000000 55f26410 00000936
1ae0: 00000000 00000000 00000000 00000000 0a1414ac 00000000 00000000 ffff0000
1b00: 00000000 00000000 00000001 00000001 00000000 00000000 00060000 00000000
1b20: 00000000 00000000 00000000 00000000 001414ac 0a1414ac 02007ab0 00000000
1b40: df801bac 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1b60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1b80: 00000000 32e6adce 8030b2e8 8467e000 8537ad00 82e0c600 00000000 21630bb4
1ba0: 84484f80 df801cc8 df801c74 df801bb8 816a7c20 816779f0 0a1414ac 001414ac
1bc0: df801be8 00000020 55f26410 00000936 943daa6b 32e6adce 2c992bba 85350e60
1be0: 00000000 079a47c1 df801c08 00000020 00000000 30282958 00000008 00000000
1c00: 00000000 00000000 7ab00200 21630bb4 c1479a07 00021080 00000000 0a080101
1c20: 231e6192 62e5425e 00000000 00000000 00000000 00000000 00000000 00000000
1c40: 00000000 32e6adce 8030b2e8 8467e000 df801cc8 5e42e562 8467e000 8537ad00
1c60: 00000200 00000000 df801d0c df801c78 816aaac8 816a79ac 00000200 92611e23
1c80: 5e42e562 00000000 df801cc8 00000000 00000000 943daa6b 00007ab0 82929400
1ca0: 00000001 8149cc30 00000020 84484f80 85350e4c 84853000 84484f80 079a47c1
1cc0: 00000002 00000000 00000000 00000000 00000000 00000000 00000000 32e6adce
1ce0: 00000001 8260606c 8537ad00 82617aec 84484f80 00000000 00000000 dddd0e88
1d00: df801d3c df801d10 8166fc40 816a9bd4 df801d34 df801d20 8537ad00 00000014
1d20: 84484f80 00000000 00000001 00000040 df801d5c df801d40 8166ff0c 8166fc14
1d40: 8537ad00 00000001 84484f80 00000000 df801d9c df801d60 81670058 8166fe80
1d60: 81712174 00000201 85bca800 00000000 00000000 84484f80 8166fe74 32e6adce
1d80: 84484f80 8537ad00 84484f80 85bca800 df801dbc df801da0 8166f224 8166ffe4
1da0: 00000001 8537ad00 84484f80 00000000 df801dfc df801dc0 816701bc 8166f198
1dc0: df801e24 00000200 85bca800 00000000 00000000 84484f80 8166f18c 32e6adce
1de0: 00000000 85bca800 816700e8 00000000 df801e24 df801e00 814cc17c 816700f4
1e00: 824bc798 8537ad00 82617fc4 32e6adce 8537ad00 dddd0f70 df801e3c df801e28
1e20: 814cc1e8 814cc12c 8537ad00 dddd0f70 df801e74 df801e40 814cc4f0 814cc1dc
1e40: 819e365c dddd0f5c df801f24 00000001 dddd0f70 00000040 df801ecb df801ed0
1e60: dddd10c0 dddd0e80 df801ea4 df801e78 814cd3f0 814cc45c 824bde80 82606040
1e80: 00000000 dddd0f70 000eff73 0000012c df801ed0 dddd10c0 df801f64 df801ea8
1ea0: 814cdc64 814cd3c8 84853000 819d7f54 df801ee0 000eff73 00011f20 5b913000
1ec0: 824bde80 82604d40 009d76f4 819d75e4 df801ed0 df801ed0 df801ed8 df801ed8
1ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
1f20: 00000000 00000000 00000000 00000000 8029f31c 32e6adce 8260408c 8260408c
1f40: 00000004 00000003 00400040 00000101 84853000 00000008 df801fdc df801f68
1f60: 8024ba68 814cd918 dddcd6c4 824ba6cc 824ba6d4 00400040 82604d40 000eff72
1f80: 82223e4c 00000000 824bca80 0000000a 827ff928 8260c610 822111b8 824b2210
1fa0: df801f68 82604080 df801fc4 df801fb8 819d75d4 60000113 00000001 824bdecc
1fc0: 85bca800 e8995ad8 84bd7800 84484f80 df801fec df801fe0 802012d0 8024b91c
1fe0: df801ffc df801ff0 80208824 802012c8 e8995a94 df802000 8198744c 80208820
Call trace: frame pointer underflow
[<8072a184>] (selinux_ip_output) from [<815dec9c>] (nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline])
[<8072a184>] (selinux_ip_output) from [<815dec9c>] (nf_hook_slow+0x40/0x104 net/netfilter/core.c:626)
 r5:00000001 r4:00000001
[<815dec5c>] (nf_hook_slow) from [<81676584>] (nf_hook include/linux/netfilter.h:269 [inline])
[<815dec5c>] (nf_hook_slow) from [<81676584>] (__ip_local_out+0x13c/0x1a4 net/ipv4/ip_output.c:119)
 r9:82e0c868 r8:82e0c728 r7:85bca800 r6:8467e000 r5:84484f80 r4:8993ecc0
[<81676448>] (__ip_local_out) from [<816777b4>] (ip_local_out net/ipv4/ip_output.c:128 [inline])
[<81676448>] (__ip_local_out) from [<816777b4>] (ip_send_skb+0x24/0xd0 net/ipv4/ip_output.c:1505)
 r7:84484f80 r6:8467e000 r5:8993ecc0 r4:82e0c600
[<81677790>] (ip_send_skb) from [<81677d78>] (ip_push_pending_frames net/ipv4/ip_output.c:1525 [inline])
[<81677790>] (ip_send_skb) from [<81677d78>] (ip_send_unicast_reply+0x394/0x5a4 net/ipv4/ip_output.c:1672)
 r7:00005be9 r6:df801be8 r5:8993ecc0 r4:82e0c600
[<816779e4>] (ip_send_unicast_reply) from [<816a7c20>] (tcp_v4_send_ack+0x280/0x3cc net/ipv4/tcp_ipv4.c:1024)
 r10:df801cc8 r9:84484f80 r8:21630bb4 r7:00000000 r6:82e0c600 r5:8537ad00
 r4:8467e000
[<816a79a0>] (tcp_v4_send_ack) from [<816aaac8>] (tcp_v4_timewait_ack net/ipv4/tcp_ipv4.c:1077 [inline])
[<816a79a0>] (tcp_v4_send_ack) from [<816aaac8>] (tcp_v4_rcv+0xf00/0x1170 net/ipv4/tcp_ipv4.c:2428)
 r10:00000000 r9:00000200 r8:8537ad00 r7:8467e000 r6:5e42e562 r5:df801cc8
 r4:8467e000
[<816a9bc8>] (tcp_v4_rcv) from [<8166fc40>] (ip_protocol_deliver_rcu+0x38/0x26c net/ipv4/ip_input.c:205)
 r10:dddd0e88 r9:00000000 r8:00000000 r7:84484f80 r6:82617aec r5:8537ad00
 r4:8260606c
[<8166fc08>] (ip_protocol_deliver_rcu) from [<8166ff0c>] (ip_local_deliver_finish+0x98/0x164 net/ipv4/ip_input.c:233)
 r9:00000040 r8:00000001 r7:00000000 r6:84484f80 r5:00000014 r4:8537ad00
[<8166fe74>] (ip_local_deliver_finish) from [<81670058>] (NF_HOOK include/linux/netfilter.h:314 [inline])
[<8166fe74>] (ip_local_deliver_finish) from [<81670058>] (NF_HOOK include/linux/netfilter.h:308 [inline])
[<8166fe74>] (ip_local_deliver_finish) from [<81670058>] (ip_local_deliver+0x80/0x110 net/ipv4/ip_input.c:254)
 r7:00000000 r6:84484f80 r5:00000001 r4:8537ad00
[<8166ffd8>] (ip_local_deliver) from [<8166f224>] (dst_input include/net/dst.h:460 [inline])
[<8166ffd8>] (ip_local_deliver) from [<8166f224>] (ip_rcv_finish+0x98/0xb0 net/ipv4/ip_input.c:447)
 r6:85bca800 r5:84484f80 r4:8537ad00
[<8166f18c>] (ip_rcv_finish) from [<816701bc>] (NF_HOOK include/linux/netfilter.h:314 [inline])
[<8166f18c>] (ip_rcv_finish) from [<816701bc>] (NF_HOOK include/linux/netfilter.h:308 [inline])
[<8166f18c>] (ip_rcv_finish) from [<816701bc>] (ip_rcv+0xd4/0xe0 net/ipv4/ip_input.c:567)
 r7:00000000 r6:84484f80 r5:8537ad00 r4:00000001
[<816700e8>] (ip_rcv) from [<814cc17c>] (__netif_receive_skb_one_core+0x5c/0x80 net/core/dev.c:5672)
 r6:00000000 r5:816700e8 r4:85bca800
[<814cc120>] (__netif_receive_skb_one_core) from [<814cc1e8>] (__netif_receive_skb+0x18/0x5c net/core/dev.c:5785)
 r5:dddd0f70 r4:8537ad00
[<814cc1d0>] (__netif_receive_skb) from [<814cc4f0>] (process_backlog+0xa0/0x17c net/core/dev.c:6117)
 r5:dddd0f70 r4:8537ad00
[<814cc450>] (process_backlog) from [<814cd3f0>] (__napi_poll+0x34/0x240 net/core/dev.c:6877)
 r10:dddd0e80 r9:dddd10c0 r8:df801ed0 r7:df801ecb r6:00000040 r5:dddd0f70
 r4:00000001
[<814cd3bc>] (__napi_poll) from [<814cdc64>] (napi_poll net/core/dev.c:6946 [inline])
[<814cd3bc>] (__napi_poll) from [<814cdc64>] (net_rx_action+0x358/0x440 net/core/dev.c:7068)
 r9:dddd10c0 r8:df801ed0 r7:0000012c r6:000eff73 r5:dddd0f70 r4:00000000
[<814cd90c>] (net_rx_action) from [<8024ba68>] (handle_softirqs+0x158/0x464 kernel/softirq.c:554)
 r10:00000008 r9:84853000 r8:00000101 r7:00400040 r6:00000003 r5:00000004
 r4:8260408c
[<8024b910>] (handle_softirqs) from [<802012d0>] (__do_softirq+0x14/0x18 kernel/softirq.c:588)
 r10:84484f80 r9:84bd7800 r8:e8995ad8 r7:85bca800 r6:824bdecc r5:00000001
 r4:60000113
[<802012bc>] (__do_softirq) from [<80208824>] (____do_softirq+0x10/0x14 arch/arm/kernel/irq.c:77)
[<80208814>] (____do_softirq) from [<8198744c>] (call_with_stack+0x1c/0x20 arch/arm/lib/call_with_stack.S:40)
[<81987430>] (call_with_stack) from [<80208860>] (do_softirq_own_stack+0x38/0x3c arch/arm/kernel/irq.c:82)
[<80208828>] (do_softirq_own_stack) from [<8024c064>] (do_softirq kernel/softirq.c:455 [inline])
[<80208828>] (do_softirq_own_stack) from [<8024c064>] (do_softirq+0x5c/0x64 kernel/softirq.c:442)
[<8024c008>] (do_softirq) from [<8024c138>] (__local_bh_enable_ip+0xcc/0xd0 kernel/softirq.c:382)
 r5:00000001 r4:84853000
[<8024c06c>] (__local_bh_enable_ip) from [<814c943c>] (local_bh_enable include/linux/bottom_half.h:33 [inline])
[<8024c06c>] (__local_bh_enable_ip) from [<814c943c>] (rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline])
[<8024c06c>] (__local_bh_enable_ip) from [<814c943c>] (__dev_queue_xmit+0x394/0xfa4 net/core/dev.c:4461)
 r5:85a3a000 r4:00000000
[<814c90a8>] (__dev_queue_xmit) from [<81673d30>] (dev_queue_xmit include/linux/netdevice.h:3168 [inline])
[<814c90a8>] (__dev_queue_xmit) from [<81673d30>] (neigh_hh_output include/net/neighbour.h:523 [inline])
[<814c90a8>] (__dev_queue_xmit) from [<81673d30>] (neigh_output include/net/neighbour.h:537 [inline])
[<814c90a8>] (__dev_queue_xmit) from [<81673d30>] (ip_finish_output2+0x360/0x6d8 net/ipv4/ip_output.c:236)
 r10:84484f80 r9:00000000 r8:00000010 r7:0000000e r6:00000000 r5:8537ad00
 r4:847c4e00
[<816739d0>] (ip_finish_output2) from [<81674f84>] (__ip_finish_output net/ipv4/ip_output.c:314 [inline])
[<816739d0>] (ip_finish_output2) from [<81674f84>] (__ip_finish_output+0x9c/0x188 net/ipv4/ip_output.c:296)
 r9:00000000 r8:00000000 r7:0000ffff r6:84894d80 r5:84484f80 r4:8537ad00
[<81674ee8>] (__ip_finish_output) from [<8167509c>] (ip_finish_output+0x2c/0x118 net/ipv4/ip_output.c:324)
 r9:00000000 r8:00000000 r7:84484f80 r6:84894d80 r5:8537ad00 r4:84894d80
[<81675070>] (ip_finish_output) from [<816751ec>] (NF_HOOK_COND include/linux/netfilter.h:303 [inline])
[<81675070>] (ip_finish_output) from [<816751ec>] (ip_output+0x64/0xf8 net/ipv4/ip_output.c:434)
 r7:85bca800 r6:84894d80 r5:84484f80 r4:8537ad00
[<81675188>] (ip_output) from [<81676a30>] (dst_output include/net/dst.h:450 [inline])
[<81675188>] (ip_output) from [<81676a30>] (ip_local_out net/ipv4/ip_output.c:130 [inline])
[<81675188>] (ip_output) from [<81676a30>] (__ip_queue_xmit+0x1b4/0x4ec net/ipv4/ip_output.c:536)
 r8:84895020 r7:84bd7800 r6:00000001 r5:84894d80 r4:8537ad00
[<8167687c>] (__ip_queue_xmit) from [<81676d7c>] (ip_queue_xmit+0x14/0x18 net/ipv4/ip_output.c:550)
 r10:00010000 r9:00000936 r8:8537ad18 r7:00000020 r6:00000000 r5:8537ad00
 r4:84894d80
[<81676d68>] (ip_queue_xmit) from [<8169c984>] (__tcp_transmit_skb+0x56c/0xd5c net/ipv4/tcp_output.c:1466)
[<8169c418>] (__tcp_transmit_skb) from [<8169eec0>] (tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline])
[<8169c418>] (__tcp_transmit_skb) from [<8169eec0>] (tcp_write_xmit+0x388/0x1848 net/ipv4/tcp_output.c:2827)
 r10:00008000 r9:00008000 r8:079a47c0 r7:84894ea8 r6:00000000 r5:84894d80
 r4:8537ac40
[<8169eb38>] (tcp_write_xmit) from [<816a03b8>] (__tcp_push_pending_frames+0x38/0x10c net/ipv4/tcp_output.c:3010)
 r10:000001b4 r9:00000000 r8:00000000 r7:00000000 r6:84894ea8 r5:8537ac40
 r4:84894d80
[<816a0380>] (__tcp_push_pending_frames) from [<816a1204>] (tcp_send_fin+0x64/0x248 net/ipv4/tcp_output.c:3616)
 r5:8537ac40 r4:84894d80
[<816a11a0>] (tcp_send_fin) from [<816896f8>] (__tcp_close+0x2c4/0x424 net/ipv4/tcp.c:3130)
 r6:00000000 r5:00000089 r4:84894d80
[<81689434>] (__tcp_close) from [<81689880>] (tcp_close+0x28/0x94 net/ipv4/tcp.c:3221)
 r9:84853000 r8:82e9d310 r7:00000000 r6:81c67214 r5:00000000 r4:84894d80
[<81689858>] (tcp_close) from [<816cbb98>] (inet_release+0x54/0x8c net/ipv4/af_inet.c:435)
 r5:84c01400 r4:84894d80
[<816cbb44>] (inet_release) from [<81493fdc>] (__sock_release+0x44/0xbc net/socket.c:640)
 r5:84c01500 r4:84c01400
[<81493f98>] (__sock_release) from [<8149406c>] (sock_close+0x18/0x20 net/socket.c:1408)
 r7:84c01480 r6:8319d440 r5:082e0003 r4:8993f480
[<81494054>] (sock_close) from [<8051f748>] (__fput+0xdc/0x2f0 fs/file_table.c:450)
[<8051f66c>] (__fput) from [<8051f9e4>] (____fput+0x14/0x18 fs/file_table.c:478)
 r9:84853000 r8:82875694 r7:84853000 r6:84853884 r5:84853854 r4:8993fba8
[<8051f9d0>] (____fput) from [<8026d41c>] (task_work_run+0x90/0xb8 kernel/task_work.c:239)
[<8026d38c>] (task_work_run) from [<8020be00>] (resume_user_mode_work include/linux/resume_user_mode.h:50 [inline])
[<8026d38c>] (task_work_run) from [<8020be00>] (do_work_pending+0x448/0x4f8 arch/arm/kernel/signal.c:631)
 r9:84853000 r8:8020029c r7:000001b4 r6:8020029c r5:e8995fb0 r4:84853000
[<8020b9b8>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x24)
Exception stack(0xe8995fb0 to 0xe8995ff8)
5fa0:                                     00000000 0000001e 00000000 7ec9f938
5fc0: 00000000 00000000 00000000 000001b4 00000000 002862c4 00000000 ffffffff
5fe0: 7ec9f838 7ec9f828 0002422c 00133450 20000010 00000003
 r10:000001b4 r9:84853000 r8:8020029c r7:000001b4 r6:00000000 r5:00000000
 r4:00000000
Code: e3482224 e59331ec e5922010 e0833002 (e5932008) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e3482224 	movt	r2, #33316	@ 0x8224
   4:	e59331ec 	ldr	r3, [r3, #492]	@ 0x1ec
   8:	e5922010 	ldr	r2, [r2, #16]
   c:	e0833002 	add	r3, r3, r2
* 10:	e5932008 	ldr	r2, [r3, #8] <-- trapping instruction