BUG: unable to handle page fault for address: 0000000000006f7c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 800000001555f067 P4D 800000001555f067 PUD 11d751067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
RIP: 0010:detach_rules net/core/fib_rules.c:1235 [inline]
RIP: 0010:fib_rules_event+0xf7b/0x1430 net/core/fib_rules.c:1267
Code: fb 4c 89 b5 60 ff ff ff 4c 89 bd 48 ff ff ff 0f 84 c0 02 00 00 48 89 5d b8 48 83 c3 10 4c 89 65 c8 4d 85 e4 0f 85 e7 00 00 00 <8b> 03 89 45 d0 48 89 9d 78 ff ff ff 48 89 df e8 51 54 48 f5 44 8b
RSP: 0018:ffff8881033d7870 EFLAGS: 00010246
RAX: ffffffff8d2c6486 RBX: 0000000000006f7c RCX: ffff8881033c0000
RDX: 0000000000000000 RSI: ffff88813fffad10 RDI: 0000000000000000
RBP: ffff8881033d7930 R08: ffffea000000000f R09: ffffffff8d2c542b
R10: 0000000000000003 R11: ffff8881033c0000 R12: 0000000000000000
R13: 00000000ffff8881 R14: 0000000000000000 R15: ffff888128bd6438
FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000006f7c CR3: 00000000160f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
notifier_call_chain kernel/notifier.c:85 [inline]
raw_notifier_call_chain+0xe8/0x440 kernel/notifier.c:453
call_netdevice_notifiers_info+0x1be/0x2b0 net/core/dev.c:2141
call_netdevice_notifiers_extack net/core/dev.c:2179 [inline]
call_netdevice_notifiers net/core/dev.c:2193 [inline]
unregister_netdevice_many_notify+0x1fbf/0x3e30 net/core/dev.c:11809
unregister_netdevice_many+0x22/0x30 net/core/dev.c:11875
cleanup_net+0xf02/0x1d20 net/core/net_namespace.c:647
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3317
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3398
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
CR2: 0000000000006f7c
---[ end trace 0000000000000000 ]---
RIP: 0010:detach_rules net/core/fib_rules.c:1235 [inline]
RIP: 0010:fib_rules_event+0xf7b/0x1430 net/core/fib_rules.c:1267
Code: fb 4c 89 b5 60 ff ff ff 4c 89 bd 48 ff ff ff 0f 84 c0 02 00 00 48 89 5d b8 48 83 c3 10 4c 89 65 c8 4d 85 e4 0f 85 e7 00 00 00 <8b> 03 89 45 d0 48 89 9d 78 ff ff ff 48 89 df e8 51 54 48 f5 44 8b
RSP: 0018:ffff8881033d7870 EFLAGS: 00010246
RAX: ffffffff8d2c6486 RBX: 0000000000006f7c RCX: ffff8881033c0000
RDX: 0000000000000000 RSI: ffff88813fffad10 RDI: 0000000000000000
RBP: ffff8881033d7930 R08: ffffea000000000f R09: ffffffff8d2c542b
R10: 0000000000000003 R11: ffff8881033c0000 R12: 0000000000000000
R13: 00000000ffff8881 R14: 0000000000000000 R15: ffff888128bd6438
FS: 0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000006f7c CR3: 00000000160f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: fb sti
1: 4c 89 b5 60 ff ff ff mov %r14,-0xa0(%rbp)
8: 4c 89 bd 48 ff ff ff mov %r15,-0xb8(%rbp)
f: 0f 84 c0 02 00 00 je 0x2d5
15: 48 89 5d b8 mov %rbx,-0x48(%rbp)
19: 48 83 c3 10 add $0x10,%rbx
1d: 4c 89 65 c8 mov %r12,-0x38(%rbp)
21: 4d 85 e4 test %r12,%r12
24: 0f 85 e7 00 00 00 jne 0x111
* 2a: 8b 03 mov (%rbx),%eax <-- trapping instruction
2c: 89 45 d0 mov %eax,-0x30(%rbp)
2f: 48 89 9d 78 ff ff ff mov %rbx,-0x88(%rbp)
36: 48 89 df mov %rbx,%rdi
39: e8 51 54 48 f5 call 0xf548548f
3e: 44 rex.R
3f: 8b .byte 0x8b